Rant Wednesday! Networking |
- Rant Wednesday!
- Working at ISP. Were you afraid at first?
- How did a DirecTV DECA Ethernet Adapter crash an entire network?
- Does TLS record size matter?
- Looking for input on a 10g Ceph storage network
- You ever been the ONLY network guy?
- SRX logs are not showing locally in the monitoring
- Looking for advice on how to get help from an ISP (Charetr Spectrum)
- Network Equipment and Cable Management for retail locations in very small shops
- Zscaler Private Access (Browser Access)
- Resetting the Access point embedded within an ISR829?
- Anyone here work for a hedge fund / trading company?
- Cisco ACI hardware woes
- Basic switch topology question best practices help.
- Route WAN Subnet Through Firewall
- City WiFi With Spectrum
- SOHO network dropping speeds by half from modem to switch
- Is it Normal for link-state changes on switchports connected to EXI hosts?
- Domain-based split tunnel on Palo Alto
- SDN: Industry standard opensource networking os for router/firewall/vpn
- Lightning damaged devices and switch - advice needed
- Question: I'm working with adtran's TA 5000 devices and I need to change the local admin password on all the units. Does anyone know how without manually logging into every unit?
- FIBER LAYOUT LOOP
- Cannot get my ipsec tunnels to go up on my Cisco 7200 routers in gns3, please help!
- A good place to learn about Ericsson Cloud Manager (Orchestration)?
| Posted: 23 Jun 2020 05:04 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments]  |
| Working at ISP. Were you afraid at first? Posted: 24 Jun 2020 12:51 PM PDT Hey redditors. I've been working till now for really big/important ISP (focused on B2B customers) at scene in my country for some years as field technician. I had also an opportunity to configure some of the CPE's that went to customer and learned a lot through these years because HW was literally laying next to me and sometimes I was forced to troubleshoot unavailable routers at sites. Got also experience and knowledge from university I finished. Recently, I started as network engineer in same company and I did learn that I have fear and big respect when im on the CLI on core HW and that this fear is slowing me down and making me uncomfortable. Im afraid that I would make our boxes go down/accidentaly make some outage. How was your first time when u got hands on important boxes in your country through CLI? Did you have same experience? Do you need only time and more experience to get through this fear and get comfortable? [link] [comments]  |
| How did a DirecTV DECA Ethernet Adapter crash an entire network? Posted: 24 Jun 2020 06:39 AM PDT Hi all, I'm a pro-AV integrator and one of my clients has a 3Com 2024 Baseline Switch. Yes, it's unmanaged and I didn't specify the model. Customer called and apparently some of the network was not functioning. My remote laptop on the switch had no Internet. A Crestron touchpanel was able to communicate with the Crestron processor. Once I got remote access from guest WiFi, I discovered that the laptop could not ping any devices on the network. So, right off the bat, laptop can't ping any Crestron equipment, but the Crestron equipment continued to work. When I got on-site, I systematically began troubleshooting. I fired up Wireshark and from my laptop on the switch did see some traffic incoming from the switch.. just some ARP packets and such. Then, I started a continuous ping to a device, and began unplugging network cables from the switch one at a time. When I got to the DirecTV DCAU1R0-01 and unplugged it, all traffic came back immediately. This DECA bridge puts all DirecTV boxes on your coax network on your Ethernet network with a single cable. I have never seen a problem with them. After this, I power cycled the DECA bridge, and plugged it back in and it functioned like it is supposed to. My questions to you all are:
I'm trying to learn more about what happened 1) so I can better explain the problem to clients besides "DirecTV adapter got dumb and locked up, crashing the network" and 2) so I can prevent the problem in the future or at least be able to troubleshoot. Thanks! [link] [comments]  |
| Posted: 24 Jun 2020 01:04 PM PDT A few years ago Cloudflare blogged about a patch to nginx that enabled dynamic TLS record sizes, as opposed to the default fixed 16 KB record size. But it was a strange post in that they presented no data or evidence that it improved anything, like latency, reliability, etc. I think the idea is that it helps to use smaller records that match TCP segment sizes during TCP slow start (1369 bytes to start instead of 16 KB). Has anyone tried changing or shrinking TLS record sizes? How did it turn out? Thanks. [link] [comments]  |
| Looking for input on a 10g Ceph storage network Posted: 24 Jun 2020 09:07 AM PDT Hello! Not a network admin or certified network guy in any way but I like to think I have a decent network understanding. I work at a smaller game dev studio and we are looking at upgrading from our current NAS to a Ceph cluster and as part of that replacing the networking in our rack. Most of our devs have 10g NICs in their workstations and we have a LAG connection coming from that 10g 48 port Netgear switch into the server rack. In the rack we aim to have:
Each of those hosts should have 4 10g ports. Probably in the form of 2 NICs with 2 ports each. That allows each host to have 2 bonds in mode 1 (active+backup) that has 1 port from both NICs giving each bond redundancy over not just 2 switches but 2 NICs. For the Ceph nodes 1 bond would be public traffic and 1 bond cluster traffic. For the hypervisors 1 bond for the Ceph public traffic and 1 bond for the VMs public traffic. With that in mind we then want 2 10g switches. With each host, Ceph or hypervisor, using 2 ports on each switch thats 14 ports on each switch just for the hosts. I assume we want a LAG connection from each of those switches to a switch above them and also a LAG connection between the switches. The switch at the top would be were the LAG connection from the Netgear comes from and where our pfsense box plugs in. I am less worried about the workstations or WAN going down or losing connection to the rack. The most important thing is the hypervisors connection to Ceph and Cephs internal cluster network. So thats the general idea in my head. I would love any thoughts people have on that along with any suggestions on specific switches to use. Most my experience is with Ubiquiti gear, either Unifi or Edgerouter. I love the idea of being able to centrally manage the devices but their biggest 10g switch is 16 ports only. :( Any thoughts or suggestions? Thanks in advance! [link] [comments]  |
| You ever been the ONLY network guy? Posted: 23 Jun 2020 07:19 PM PDT Hey all, I posted a while back about a couple of jobs I've been deciding on after realizing how much I don't enjoy my current role in a large NOC. One of the companies presented an offer to me. The company seems great. I'll have engineer and design input and be able to make most of the descisions I want. Nice pay bump and good benefits... However, The catch is I'd be the ONLY networking guy in the business! This seems weird to me, but wanted to know if maybe it's better than it might seem. For one, they've been working without anyone filling this role for 2-3 months. The sys admins have been handling the load on their own. This seems like a good sign because it shows their network is probably stable, just a bit of a mess... On top of that, they've said they really have only had 2-3 major outages in the past couple of years and they were due to ISP issues. Honestly guys, I'm just worried I'm a little underqualified and afraid I'll hit a point where something major happens and I won't know what to do. I have a CCNA (ENCOR exam booked in a couple of weeks) and 5 years of experience which include 3.5 of technician work and 1 year of junior engineer work in the NOC. The new role would have me designing and making business decisions for the company. They have 18 remote branches and about 3,000 employees. Tl;Dr Have you ever been the ONLY networking guy in a company? Did you love it? Hate it? I really want high level design and engineering experience, but nervous I'm underqualified .. at some point you just got to take a dive right? [link] [comments]  |
| SRX logs are not showing locally in the monitoring Posted: 24 Jun 2020 09:07 AM PDT Hello, I'm not able to see logs in my J-web even though I configured event mode and a file, I'm seeing in the J-Web the message: : "currently logging is not enabled , to view data configure stream mode". even though if you need to see logs locally you have to configure mode event !! root@SRX-1# show security log { mode event; } root# show system syslog archive size 100k files 3; user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } file traffic-log { any any; } Did anybody face this issue and resolved or I'm missing any configuration? thanks [link] [comments]  |
| Looking for advice on how to get help from an ISP (Charetr Spectrum) Posted: 24 Jun 2020 01:55 PM PDT The problem I am having comes down to this... We use an MDM agent on employee phones that allows then to access email. All of a sudden, of locations that use Charter Spectrum internet, specifically ones that used to be Time Warner, people cannot access email on our network. If they drop off to cell service it is fine. All our other locations are fine too. Even some Charter locations that did not used to be Time Warner they are also in a geographically different area. If we have the people use a VPN everything works fine. We have a feeling that somehow Charter is blocking or at least incorrectly routing our email traffic at these locations. We have tried talking to them and get no where. Anyone have any advice? [link] [comments]  |
| Network Equipment and Cable Management for retail locations in very small shops Posted: 24 Jun 2020 10:15 AM PDT I have multiple retail locations in small shops and some do not have any closets where i can keep the equipment, so I need to install it in the cash wraps. Does anyone have any suggestions as to how to organize the hardware (routers, dvr's, switches, battery backups ugh. etc.) along with cabling for these locations? Would setting up a wall mount keystone patch panel in the cash wrap where I can connect keystones for the dvr rca jacks and network equipment help me consolidate the cabling? I'm pulling my hair out with the cable management with these places. [link] [comments]  |
| Zscaler Private Access (Browser Access) Posted: 24 Jun 2020 04:04 PM PDT Has anybody successfully deployed Zscaler Private access here for Citrix ( with browser access though)? Not the Zscaler APP but browser access which can be leveraged for 3rd party vendors. I am trying to set up Citrix via browser Access but it looks like ZPA is not the same as a full proxy like for eg. F5 so the client still gets an ICA file with an ip address of the internal Citrix server. Just wanted to hear some thoughts. [link] [comments]  |
| Resetting the Access point embedded within an ISR829? Posted: 24 Jun 2020 11:58 AM PDT Anybody have any clue on how to accomplish this task? I am locked out of the AP portion of the 829 and when I issue the command "service-module wlan-ap0 reset default-config" the command takes the it doesn't actually reset to default. [link] [comments]  |
| Anyone here work for a hedge fund / trading company? Posted: 24 Jun 2020 03:42 PM PDT I might have opportunity to move into the world of "fin tech" soon. I work at the moment at a hosting provider and have been doing hosting / internet stuff for many year. Wondering if anyone has experience working as senior network engineer in financial world. The money is really amazing but I also like working on internet stuff which would not be opportunity at hedge fund So looking for experiences from ppl in finance from network perspective. Do you like it? Is it challenging? [link] [comments]  |
| Posted: 24 Jun 2020 03:45 AM PDT We installed an ACI network about 18 months ago. We've now, as of today, had 4 spine failures on an infrastructure of 4 spines. Has anyone else had similar experiences or are we just particularly unlucky? [link] [comments]  |
| Basic switch topology question best practices help. Posted: 24 Jun 2020 02:21 PM PDT Hi, I think this is a pretty newbie questions, and I wonder how to best approach it as the systems I work on gets larger. Not enterprise large, but SMB class. Lets assume 1 router with 1 spf+ and 8 gigabit ports, 2 - 48p switches in the MDF, and 1 - 48p switch in a remote IDF closet on floor 2. Data drops, VoIP phones, IP Cams, APs, and some IoT devices with respective VLANs. No AD, but perhaps a file server or NAS. Typical router with 1 SPF+ and 8 c copper ports. Typical switch with a couple sfp+ ports each. All the cable runs are within 100m copper limits. I could create 3 " trunk" copper ports on the router and star them out. Or should I daisy chain the switches? Are there any scenarios where one method is preferred over another? Is it simply a bandwidth advantage to use the SFP+ ports to connect the switches? With a system this small does it matter? I just want to make sure I am doing it the best way. Thanks for any help! [link] [comments]  |
| Route WAN Subnet Through Firewall Posted: 24 Jun 2020 02:12 PM PDT I recently bought a TP-Link TL-R600VPN to bridge two networks. My problem is that while I can ping the Network B gateway, I cannot ping any devices beyond that point. So I am pretty sure I configured my route on my SonicWall right. Network A: 192.168.0.0/16 (Gateway: 192.168.1.1) Network B: 10.10.1.0/24 (Gateway: 10.10.1.254) I need all traffic from Network A to be allowed through the firewall to Network B. Currently Network A is connected to the WAN1 port on the TL-R600VPN (192.168.1.30), and on the other end of that is a L2 switch that leads to a SonicWall (192.168.1.1). Network B is connected to the TL-R600VPN on the LAN Port5 (10.10.1.254) I created a firewall rule to allow basically everything through just to eliminate access control problems.-- Allow / Service: Any / Interface: Any / Source: Any / Destination: Any / Time: Any I tried to create a Static Route, but this did not help.-- Destination IP: 10.10.1.0-- Subnet: 255.255.255.0-- Next Hop: 10.10.1.254-- Interface: WAN1-- Metric: 0 Un-pingable EndPoint: 10.10.1.1 > TL-R600VPN Gateway: 10.10.1.254 > TL-R600VPN WAN1: 192.168.1.30 > HP L2 Switch > SonicWall SOHO: 192.168.1.1 > Internet TP-Link support was useless, they got confused when I used CIDR notation. I'll admit, I am not strong with networking but I feel like I have accomplished tasks such as this with SonicWall or Cisco in the past with a bit of struggling. This unit how ever has me perplexed. As a temporary work around I configured an IPSEC VPN between it and the SonicWall across Network A, but the TP-Link has pretty poor VPN performance. I thought maybe I need NAT rule or something too but I am not sure. I already locked myself out of the unit by creating a bad route once. So I am trying to be extra cautious as the unit is now in production. Any suggestions? [link] [comments]  |
| Posted: 24 Jun 2020 01:39 PM PDT Spectrum is apparently looking to offer WiFi in one of our clients cities. I have been asked to attend a meeting on the pros and cons of having access points put on one of our buildings. Here are some questions I had, if anyone has gone through this i'd really appreciate some feedback before I engage that crew. Having never gone through this one yet. 1) I haven't seen the proposal yet, but wouldn't they be required to run a cable to each AP? Or are they going to try to use extenders? 2) Has anyone had any issues with overlapping networks, especially on the 2.4Ghz band? I'm not sure what equipment they use, but I bet they use frequency hopping and i'm not sure how well that's going to play with other small businesses wireless networks. If anyone has been in an area that has done this, any recommendations on "gotcha's" from Spectrum? I assume they'll want something in return.... [link] [comments]  |
| SOHO network dropping speeds by half from modem to switch Posted: 24 Jun 2020 12:44 PM PDT Hardware: Static IP - 100/100 SonicWall tz300w Netgear JGS524 d-link DES-108 Leviton cat5e Gigamax
I am currently evaluating a small business's internet that seems to be dropping its speed heavily. When I run a speed test at the modem I am pulling 100mb(geographically seperate), and at the switch I am pulling 27mb. I believe the issue is stemming from the cat6 that travels across the building to the switch. I can't seem to find this cable to run a speed test and verify it. The ISP is trying to state that the issue is due to the sonicwall tz300W but none of the cables that are plugged in seem to be from the modem. Due to this I can't check or run diagnostics. I can't get into the sonic wall configuration to check how it is setup, but it gives a different set of ip addresses than the 24-port netgear switch. It seems as the sonicwall might only be used for the wifi in the building but again I am unsure since I can't gain access to the device. I know this isn't extremely detailed, but any advice or tips would be greatly appreciated. I can also give greater detail if someone has any suggestions. [link] [comments]  |
| Is it Normal for link-state changes on switchports connected to EXI hosts? Posted: 24 Jun 2020 12:55 AM PDT I've just enabled logging of interface state changes on one of my campus switches and noticed one in particular is making state changes frequently, at least once an hour and more frequently, like this: Jun 24 08:14:31: %LINK-SW1-3-UPDOWN: Interface GigabitEthernet1/8/21, changed state to downJun 24 08:14:32: %LINEPROTO-SW1-5-UPDOWN: Line protocol on Interface GigabitEthernet1/8/21, changed state to downJun 24 08:14:33: %LINK-SW1-3-UPDOWN: Interface GigabitEthernet1/8/21, changed state to upJun 24 08:14:34: %LINEPROTO-SW1-5-UPDOWN: Line protocol on Interface GigabitEthernet1/8/21, changed state to up I discovered it connects to an ESXI host but I know nothing about these. Is it normal for interfaces connected to ESXI hosts to change a lot? [link] [comments]  |
| Domain-based split tunnel on Palo Alto Posted: 24 Jun 2020 07:00 AM PDT How has everyone's experience been with domain based split tunneling on Palo Altos? I have been going nuts trying to understand why some workstations are able to do it, and some are not, on the same gateway configuration. On workstations where it doesn't work, I see the TCP SYN trying to leave my local NIC and PAN support verified the DNS query for said website is being intercepted by the gateway and sent back to the GP client as an IP exclusion, but the 3 way handshake never gets to the SYN ACK stage. As far as I can tell, there is something on non working workstations preventing the SYN from ever really leaving the local NIC as I captured upstream and never find it. PAN TAC noted that WFP (windows filtering platform) may be interfering but that is a rabbit hole I do not intend to go down. I'm ready to write it off due to inconsistent results. Thoughts? [link] [comments]  |
| SDN: Industry standard opensource networking os for router/firewall/vpn Posted: 23 Jun 2020 11:38 PM PDT Hello, Guys, I want to ask what are todays trends in networking os field. I am looking for some networking os for router/firewall/vpn. Of course I am aware of pfsense, etc, but I am looking for something that is "more enterprise ready" and modern. ( openmetrics, shippable logs, API for automation, etc ) I heard about: - DANOS ( vyatta fork probably ) - Cumulus ( too bad that netq is enterprise only product ) - vyOS Any ideas? Thanks [link] [comments]  |
| Lightning damaged devices and switch - advice needed Posted: 24 Jun 2020 07:43 AM PDT Hello, After a recent storm this happened:
After troubleshooting:
What I do not know is whether this was due to lightning or charge from lighting somewhere close (sorry i do not know the right terminologies and all possible modes of damage). How can I protect myself something like this happening in the future (or at least mitigate the risk)? I have been looking at something like this: https://www.ui.com/accessories/ethernet-surge-protector/ But I have several questions and would greatly appreciate some advice from the pros here. a) Do I need one or two for each line? The schematic in the link above appears to show two per line (to each device): one close to the device and the other close to the switch. Can I put just one in between the device and the switch? b) I am not an electrician. The switch is on a CyperPower SineWave UPS, which I assume provides grounding? I am lost on grounding the ethernet surge protector linked above. Can I use something like this: https://www.amazon.com/gp/product/B07CZY62DN/ ? c) Switch is close to the main electrical panel. There is a ground wire that is grounding my doorbell transformer. Can I pull that ground wire out of the panel and connect it to the ground junction box linked above and then connect the ground wires from the surge protector and doorbell transformer to the junction box? Any thoughts or advice would be much appreciated. Thanks for your time. [link] [comments]  |
| Posted: 24 Jun 2020 06:58 AM PDT I've got like 70+ nodes and need to update the local admin password on every unit. I have aoe and full access to everything but I don't really want to log into every unit manually, does anyone have a good way to do a mass update? [link] [comments]  |
| Posted: 24 Jun 2020 01:41 AM PDT Hi everyone, Ive seen on the design of our company that we have primary and backup fiber line from each racks going to datacenter rack. I believe this one is ok. But I noticed, there still fiber line coming from rack going to each rack (loop) until the other end reach the data center rack. Do you think do we need to terminate this 3rd backup line and I want to ask if this is the best practice and the setup will work? https://imgur.com/VYUBHkA <<<< IMAGE of the design [link] [comments]  |
| Cannot get my ipsec tunnels to go up on my Cisco 7200 routers in gns3, please help! Posted: 23 Jun 2020 06:42 PM PDT Running lan to lan ipsec VPN between 2 Cisco routers (7200) on gns3 2.2.8 running image C7200-ADVIPSERVICESK9-M, version 15.2(4)S5 Can someone tell me why I cannot get my packets encrypted for my lan to lan ipsec tunnel that I have setup between R1 and R2(look at the network diagram in pic attached), I have my running configs of R1 and R2 shown below as well. Network diagram- http://imgur.com/gallery/I9YFNZF On running "show crypto isakmp sa" no tunnel shows up and also on running "show crypto ipsec sa" shows zero packets encrypted, I tried pinging several times from both routers to both remote networks, pings were all successful but cannot understand why the packets do not get encrypted. Look at my comments for configs. Please do help! [link] [comments]  |
| A good place to learn about Ericsson Cloud Manager (Orchestration)? Posted: 23 Jun 2020 07:27 PM PDT Coming from a Cloud networking background but new to 3G/4G/5G — are there any good resources go lean about Ericsson Cloud Manager (now orchestration)? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment