Flow Monitoring Software Networking |
- Flow Monitoring Software
- Maintaining STP in a large network environment
- CenturyLink (national?) outages
- Why is a static to null route with a higher AD still preferred over the same length prefix from eBGP peer?
- Is anyone else experiencing issues with Palo Alto’s Prisma Access Cloud VPN?
- Route AWS EC2 private instances to a public OpenVPN
- Where do your security teams sit in the organisation?
- Using public DNS for large public wifi - will I hit rate limit issues?
- What is it like to work for a law firm?
- Tool to summarise gaps in large IP blocks?
- Static and dynamic interface templates
- Opinions regarding subnet sizes
- Overloading/Reusing public CIDR via multiple B2B IPSec partnerships
- Cisco ASA subscription EOL announcement
- Telegraf not putting storage data into Influx?
- Monitoring question - routing table snapshots
- Issue with AIR-AP1562E-B-K9 staying joined
- Is there a networking specific vendor I can reach out to for consulting?
- need help making a specific routing path for multi area ospf
- How would I find out if I’m hitting an artificial limit?
- Multiples VPNs from same Site
- Recommended cat6 terminator?
- AT&T ADI - Is it VLAN Tagged or does it have the option to be VLAN Tagged?
| Posted: 06 May 2020 05:39 AM PDT What is your favorite flow analyzer software and why? Looking to configure Juniper MX series routers to export IPFIX flows. Additional bonus points if the software can do automated BGP blackhole or BGP flow spec to protect against DDoS. Kentik and FastNetMon are two I have found, but are there any others? [link] [comments]  |
| Maintaining STP in a large network environment Posted: 06 May 2020 09:13 AM PDT I just want to know how do some of you maintain STP in a large layer 2 network environment? Basically i have a collapsed core network. I have 19 stacked 3850's acting as our "core/distribution switches" with 2 of those switches hosting about 75% of the vlans and about some 350 2960s as our access layer. Also I have about 100 vlans in this network and some of them span across the network. I'm just curious to know what some of you are doing and hopefully it can help me manage this monstrosity. [link] [comments]  |
| CenturyLink (national?) outages Posted: 06 May 2020 12:30 PM PDT We have a 10G wave down in the DFW market as well as no access to https://controlcenter.centurylink.com (that site will load but not the login portion, business-signin.centurylink.com (155.70.44.20)). Site doesn't work from ATT,CenturyLink,Comcast,etc. Our Centurylink DIA that's part of our BGP mix is perfectly fine even upstream and we are at normal traffic levels. Response from account team varied from non-existent to "have you put in a control center ticket". We are at half redundancy on DCI so just curious if anyone else is experiencing CenturyLink issues and if they have any updates. [link] [comments]  |
| Posted: 06 May 2020 01:55 PM PDT So I always questioned this as this is the third time i'm now seeing this. And for what it's worth, i'm using the IOS-XR O/S. We have our aggregate routers in our core in which we have all of our static to null's for our larger prefixes. Not to get into too many of the technicalities of the physical topology, because it's def not ideal and we're in the midst of changing it, but for discussion's sake, say Site B hangs off of Site A, which in turn is connected to the "internet". Site B advertises a /22 to Site A. Site A has a static to Null for that /22 with an AD of 250 set. When you do a route lookup on Site A to this /22, it shows as an eBGP peer. This link went down between the two Agg routers in both sites and thus, the static to null for this /22 took precedence. When the link came back up, the static to null was still there, and the lower AD /22 route did not take precedence. Is this because they're the same length even though the static to null has a higher AD? I would think the eBGP AD of 20 would trump the 250 we have configured even with the same prefix length. [link] [comments]  |
| Is anyone else experiencing issues with Palo Alto’s Prisma Access Cloud VPN? Posted: 06 May 2020 09:26 AM PDT We've had nothing but terrible performance out of our Prisma VPN for the last two weeks is anyone else seeing similar issues or is it just us? [link] [comments]  |
| Route AWS EC2 private instances to a public OpenVPN Posted: 06 May 2020 07:54 AM PDT Hi! First of all, I apologies if it's not the good place for posting. But, while I'm not sure it's an AWS or OpenVPN issue, I'm positive it's a networking one. Also, I'm new to all this, from AWS to VPN and networking in general. Don't hesitate to tell me if I need to give more detail of any sort. Despite the fact I'm new to it, it's for my work place, not home networking at all. Feel free to remove this post if I'm definitively lost. If you keep it, I'll be able to cross post on r/aws and r/openvpn. So, here is the thing : https://gitlab.com/pcoves/vpn_test This is a small network (single VPC) hosted on AWS composed of : 1. One OpenVPN server with a public IPv4 address on a public subnet (10.0.0.0/24), 2. Two Debian instances in a private subnet (10.0.1.0/24) that can be joined from within the VPC. Note that the VPN server does I can Now, I'd like to access my private subnet from my local box through the VPN. As far as I understand, when I do So, my question really is : what does one has to do in order to route the packets from the private subnet to the local machine through the VPN? Many thanks in advance for your patience! PS : many pages on the net advise to disable the source/dest check on the VPN server instance. This is done and does not change anything. [link] [comments]  |
| Where do your security teams sit in the organisation? Posted: 06 May 2020 06:24 AM PDT There are multiple ways to slice and dice where functional teams sit, but I currently work in a large enterprise where all Information Security sit in one large org, Plan, Build, and Run based on technology platform. Looking for examples of where possibly firewall policy management sits in Information Security, but the RUN of the appliances sits in network. [link] [comments]  |
| Using public DNS for large public wifi - will I hit rate limit issues? Posted: 06 May 2020 07:34 AM PDT Has anyone had experience with a very-large public wifi using free DNS as a resolver? Specifically Cloudflare, Google, and Quad9. Historically I have been pointing our guest traffic at Google 8.8.8.8 and 8.8.4.4 and haven't had issues but we are going to install some larger venues soon and I worry about potential rate limit issues when I do NAT overload. Some of our large locations can hold well over 100,000 people - if we get a large uptake on wifi usage it could be interpreted as a denial of service attack. Has anyone dealt with this issue or is this not a problem? I've read that Google limits to 1000 queries per second, I can't really find info on Cloudflare or Quad9. Do I need to just build my own resolvers and use root hints? Should I just make a large NAT pool to spread the queries over a bunch of IP addresses? EDIT: Cloudflare has contacted me and confirmed they will never rate limit legitimate DNS traffic and that even our largest install shouldn't be a problem. I'm also planning to have IPv6 implemented for this project which will help bypass NAT overload issues. [link] [comments]  |
| What is it like to work for a law firm? Posted: 05 May 2020 08:22 PM PDT As the title suggests, are there any lurkers out there that either worked or are working for a large(er) law firm in IT? More specifically a network engineer type of a role? Just curious what a "typical" day might look like, some projects you've worked/are working on, how is working with the other staff, and is there actual room to grow your career at a law firm? Do you regret taking that job or what is your overall opinion on being in IT for a firm? [link] [comments]  |
| Tool to summarise gaps in large IP blocks? Posted: 06 May 2020 12:51 PM PDT I know this has probably been covered or asked before in some form or another but it has been a long day so please forgive me. I am looking at a /16 range which is mostly unused. Anything that is configured on the network or actually in use is as /24 subnets and I have a list of those subnets. I was wondering if there was a tool that can summarise the gaps between these in use /24 subnets? I have done it already using a quick Excel sheet to visualise it but summarising the spare subnets is still a manual process with room for error. This isn't for long term record keeping or anything as we have an IPAM system but it isn't fully up to date so can't be used as a source of info for what I need this for. Thanks. [link] [comments]  |
| Static and dynamic interface templates Posted: 06 May 2020 12:50 PM PDT Good evening fellow network engineers , i'm having an issue with interface templates on a 9300 CAT switch . When i apply a dynamic interface template to an interface then it gets applied with no issue .Meanwhile, if i have both static interface template and dynamic on the same interface then the static is applied even though in Cisco's documentation it is mentioned that dynamic templates have a higher priority. Does anyone has any idea about this matter ? [link] [comments]  |
| Opinions regarding subnet sizes Posted: 06 May 2020 04:19 PM PDT Hey all. I'd like to solicit opinions regarding using /24 subnets vs using /23 subnets for end users, specifically in making it easier/harder to manage tagging end user access ports in switch stacks. Is it easier because you can tag more ports with the same vlan for that subet? Is it harder to deal with that size subnet because of broadcast traffic, naming, etc? That kind of thing... Basically I'm trying to plan for growth why making things as simple and straightforward as I can. I'm using Juniper switches in a virtual chassis, but I think it would apply to any manufacturer. Any other thoughts regarding subnet size design welcome too. Thanks in advance. [link] [comments]  |
| Overloading/Reusing public CIDR via multiple B2B IPSec partnerships Posted: 06 May 2020 04:03 AM PDT My company is currently working to provide a large enterprise customer with a private AWS web application accessed via IPSec tunnels. We are in initial discussion with the customer's various IT/Networking teams but are working out possible architectures before the full design coordination meeting.
Key components of our current VPC design:
Anticipated Customer Constraints
We are looking at ways to solve this and came across what is probably a bad idea, but we can't see why.
What if our company purchased and registered a public /24 but did not advertise routes on the public internet. Instead we add our new public range to the VPC as usable IPs (again not publicly routable or registered with AWS for public advertisement). We then configure the load balancer to use IPs from this CIDR as it's endpoint addresses.
To the customer, we provide this new privately-owned "public" range which they route across our B2B IPSec tunnel. Conceivably this guarantees no conflicts on their end and makes it easy for us to dynamically use IPs from a given subnet (rather than randomly assigned non-contiguous AWS EIPs).
Here's the crazy idea: What if we reused this architecture and "public" CIDR with multiple customers (lets say 25 unique large enterprises)?
Pros:
Cons:
What are we missing? [link] [comments]  |
| Cisco ASA subscription EOL announcement Posted: 06 May 2020 03:36 PM PDT I'm not sure how to interpret this one. It says the last day to order a 5-year subscription is September 30th 2018. [link] [comments]  |
| Telegraf not putting storage data into Influx? Posted: 06 May 2020 03:06 PM PDT Finally getting around to labbing up some telegraf/influx/grafana and banging my head against the wall trying to figure out why in the world Telegraf can't seem to parse disk data out of the SNMP... network data is coming across just fine. Source machine for the data is another linux box. config is :
Output (truncated) from SNMPWalk is :
So what am I missing here? MIB documentation says the table and fields are named as described in my telegraf configuration. [link] [comments]  |
| Monitoring question - routing table snapshots Posted: 06 May 2020 03:03 PM PDT I don't have much in the place in regards to network monitoring. I send logs to our ELK stack, so I capture BGP events, and I'm monitoring system resources and interface stats with our infrastructure monitoring tools. I'd like to get something like smokeping in place to keep an eye on things from a general reachability perspective, and have some history of that info. But another thing I think would be really useful is route snapshots. Something that grabs the routing table every minute or so, diffs it and notes when there are changes. Is there a tool that can do this, or is this something that's typically available via SNMP and maybe my current tools just don't support it? We've had some incidents where there was an outage during the night, and while troubleshooting the next day, it's pretty difficult to tell what actually happened. And I'm thinking if I could see the routing tables at the time where there were dips on the traffic graphs, it would cut the troubleshooting time way down. [link] [comments]  |
| Issue with AIR-AP1562E-B-K9 staying joined Posted: 06 May 2020 03:03 PM PDT We recently purchased a new AIR-AP1562E-B-K9 AP and it seems to only want to join one of our two controllers. The join request to our first controller fails and then connects to the back up controller. Controllers are on 8.3.150.0 (WLC-5508s) Clients are able to connect to the AP and then every couple minutes the AP shows DTLS failing and it reconnects to the controller again. Time is correct and I have disabled LSC and MIC expire checks. [link] [comments]  |
| Is there a networking specific vendor I can reach out to for consulting? Posted: 06 May 2020 01:39 PM PDT Hi all, I'm busy beating my head against the wall as we can not figure out an issue we're having with a Site-to-site VPN tunnel we are trying to setup. We use Cisco equipment, and recently purchased a Cradlepoint router to use as a failover. we configured the cradlepoint in IP Passthrough and purchased a static IP from Verizon. We are able to get out to the internet with this interface, but unable to bring up the VPN tunnel, as the peer does not respond. (MM_WAIT_MSG2) We have double checked, and triple checked to config. Our primary outside interface comes up fine and without issue, but we are pretty stumped on this one. Using nmap from a computer on the inside interface, the peer connection we are trying to connect to shows port 500 as open. Considered using CDW, but wanted to reach out to reddit first before our company spent any money. [link] [comments]  |
| need help making a specific routing path for multi area ospf Posted: 06 May 2020 06:02 AM PDT I have a multi area ospf network that looks like this: ALL CISCO (R1 Area1) ---(R2,R3 Area0)---(R4 Area2) I am looking for R2 and R3 also has interfaces connecting to both Area1 and Area2. I am looking for the following path for R1 to talk to R4: R1-->R2-->R3-->R4 and vice versa R4-->R3-->R2--->R1 But I need to make sure that R1 and R4 will connect to R2 for the R2 networks and R3 for the R3 networks. [link] [comments]  |
| How would I find out if I’m hitting an artificial limit? Posted: 06 May 2020 10:09 AM PDT We have supposedly 1Gbps circuits in Huntsville AL and the other in Seattle, Washington. They both supposedly have a 300Mbps billing rate with 1Gbps burstable. The RTT between the two sites is about 78ms. In iperf3 I can hit exactly 300Mbps on a single stream. Server1: iperf3 -s server2: iperf3 -c server1 -R -t 60 This results in exactly 300Mbps for the 60s test. It will fluctuate to like 298, 301, 300, 300, 296, 300, 306, 302, 301, 299, 300, 300 etc. Server1: iperf3 -s server2: iperf3 -c server1 -R -P 4 It will get a total of about 850-870Mbps or about 210-220 per stream. If I run 2 streams they will each be 300Mbps. This seems too much of a coincidence that a single stream will hit 300Mbps and our supposed provisioned in 300Mbps. Is there any way to validate that this isn't a tcp window size and stream size issue with a tcpdump? [link] [comments]  |
| Posted: 06 May 2020 05:40 AM PDT My company provides IT services for about 30 other companies. So, we have around 6/8 vpn clients(anyconnect,forti,globalprotect,windows). As you can imagine, is really complicated to connect and manage users with this. Our plan is to centralize this in some kind of solution in our office in order to connect only to our vpn and from there to anywhere else. No idea how to do this yet. My question are: - Anyone has a similar problem? - how would you solve this? - Is there any software/hardware that can help? Thanks!! [link] [comments]  |
| Posted: 06 May 2020 09:07 AM PDT Hey all, my team has to terminate a bunch (around 100) of cat 6 cables over the next couple months, and I'd like to buy them a really good crimper. Good ergo, good crimping ability. Anyone know what the preferred professional brand is? Apologies in advance if layer 1 stuff doesn't fit this subreddit. [link] [comments]  |
| AT&T ADI - Is it VLAN Tagged or does it have the option to be VLAN Tagged? Posted: 06 May 2020 09:04 AM PDT Hi there, I am looking through the publicly available docs on the internet, trying to understand if ADI can be delivered as a tagged service to a router. Does anyone have experience with ADI and the deployment options available? This would be for ADI service inside a carrier hotel where an AT&T Network Node already exists; single mode fiber hand-off. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment