What is preventing us from having quality video conferencing? Networking |
- What is preventing us from having quality video conferencing?
- Linux DIY inline network tap?
- RPKI and Route Origin Attestations
- BGP Hijack Monitoring Services?
- Powerconnect 6248 Pause frames
- GNS3 and Cisco Packet tracer labs
- Juniper dot1x and printers
- Aruba NetEdit - does anyone here use it?
- Academic question regarding public multicast.
- Permit ip any any on ASA firewalls
- ASA 5505 logging
- Segregating unsecure devices
- RSTP Question Unifi/UBNT Network
- Networking for Church, options.
- Opinions on Orhan Ergun CCDE Training
- OM1 SFP for switch
- FastNetMon DDoS detection tool has got binary packages for all top Linux distributions
- Downgrade IOS on Cisci 4500x
- 10G router replacement for the EdgeRouter Infinity?
- Cloud wireless alternatives
- Monitoring, Alerting, Config backup, and IPAM all in one programs?
- Zoom protocols
| What is preventing us from having quality video conferencing? Posted: 23 Jun 2020 12:06 PM PDT So I'm watching testimony in the House of Representatives and many representatives are participating in the discussion through WebEx. Many TV shows and other media also have their TV hosts and guests appear via an online web conference (Skype and WebEx). And it seems like this is how it's mostly done due to the pandemic. The video quality is typically reminiscent of RealPlayer video, and the audio is no better than a telephone on speakerphone. Typically the audio (which should be higher priority than video) will also drop out much more often than the video. Sometimes the audio will be out of sync as well. And yeah, most people have crappy home internet with even crappier WiFi. I know that's a huge factor. I guess it also comes down to how each individual platform handles the audio and video streams and how it's compressed and transported. But we can't reliably transport a 3 - 5 Mbps stream to get quality video and audio? I mean this is 2020, not 2010. Just wondering what everyone's opinions on this are. [link] [comments]  |
| Posted: 23 Jun 2020 01:37 AM PDT I'm looking for a DIY alternative to an IOTA 1G which I evaluated for work, but it's been floating around in waiting-for-PO-approval hell.
Usage for this would be to ship to branch offices, plug and play install for non-technical person.
Honestly the IOTA does more than I would want, better than I'll be able to copy, and cheaper that it will cost me to develop. I'd prefer it if I could just get my PO signed. But in the mean time, actual work is mostly dead, and I enjoy tinkering with stuff like this, especially when it comes to networking specific stuff. I think I have everything mostly figured out, but I'm not sure how to setup the tap ports. On the logging, charts, and graphs side of things; I think I'll be able to generate syslog data from the inbound tap port, and then forward that into ELK or Graylog (on the same box) and work on charts and graphs from there. I'm probably also going to enable Netflow and SNMP. I'm not sure if it's possible to easily generate the log/chart data from pcaps, but if so I'd prefer it, and I'd probably scrap the syslog/snmp/netflow data. On the hardware side of things I'm looking at building something like this, at least as a POC. I may beef up the specs a bit if the POC works out, and I see a potential for benefit. On the capture side, I'm planning on a rolling capture. Initially I was thinking hourly, but I think I may need to do a short time frame like 5-15 minutes to allow data analysis as close to real time as possible. Maybe small duration for the rolling capture, and then merge them into hourly pcaps every hour. I'm only going to be capturing on the primary tap port. I'm not going to bother trying to integrate the log/chart webGUI filter into the pcap filter directly, but I think I'll be able to setup a script to generate a temp pcap by combining the archive pcaps based on timestamp constraints, and then apply filters against the temp pcap to generate the desired filtered pcap result. The part I'm really not sure about is how to setup the two tap interfaces. I don't want either interface to do anything to the traffic. I just want it to flow in one port and out the other and vise versa. The terms I've been googling haven't been leading me to any good results. [link] [comments]  |
| RPKI and Route Origin Attestations Posted: 23 Jun 2020 04:48 AM PDT I am trying to understand why RPKI is insufficient to secure BGP. The second paragraph below doesn't make sense to me. Why aren't the BGP UPDATE messages ignored if they are not signed? From https://www.scion-architecture.net/newsletter/RPKI.pdf " By itself, RPKI provides keys to ASes and certificates for the IP addresses they own and are therefore allowed to announce through BGP, so-called route origin attestations (ROAs). This process is done through multiple steps following the delegation of IP addresses starting from the Internet Corporation for Assigned Names and Numbers (ICANN) and regional Internet registries down to individual ASes. When an AS announces that it owns a particular IP prefix through BGP, other ASes can check if it has a valid ROA; if not, the recipient of this announcement can conclude that it is fraudulent and reject it. Unfortunately, ROAs only prevent the simplest form of BGP hijacks. A malicious AS trying to hijack a particular IP prefix can still send a BGP UPDATE message claiming that it is directly connected to its legitimate owner. Recipients of such an announcement would accept it as the legitimate owner of the addresses is noted as the last AS in the BGP message and would then start sending traffic to those IP addresses to the attacker, who can then inspect, reroute, or drop it." [link] [comments]  |
| BGP Hijack Monitoring Services? Posted: 23 Jun 2020 10:03 AM PDT Howdy, /r/networking, So am a cryptography/IT researcher at a university in the US. Our research group has developed a protocol that, unfortunately, because of implementation details, cannot rely on the TLS PKI to prevent MitM attacks and so we are concerned we might be vulnerable to BGP hijacking attacks. We are trying to identify right now whether what we have is dead in the water or if it has legs for a research paper. Now, my understanding is that somebody out there must be monitoring BGP route announcements or something, because every once in a while you hear a news article about someone hijacking BGP routes and running them through Russia, or some Pakistani ISP taking down Youtube for the global Internet, and someone had to reach out to the journalists to write that article. Now if I was an enterprise corporation with significant IT assets, I would expect Cloudflare or F5 Networks or one of these anti-DDoS solution providers to be running some kind of BGP monitoring service to either tell me post-facto or during an attack that my BGP routes to other critical services are being hijacked. But despite my googling I have yet to see anyone offering such a service. Does anyone know of companies that are selling such a service to the general public today? I have a separate question, which is how would would such a service work? I did find a Master's thesis out of Technion that appears to do such monitoring using TTLs, I assume their technique is to just constantly be running a traceroute and if the ping time goes above some statistical threshold you flag that you might be under a BGP attack, though that seems highly problematic for a variety of reasons, if I am a sophisticated attacker I can just fly to wherever I want to geographically hijack the route, place my own router physically near-ish to the victim, and then hijack the route. Someone from somewhere else in the world then looks at the difference in ping times and it looks like it's under the threshold. The other way I can think of is if you are constantly monitoring for route announcements at all times, and you stuff all of the announcements in a DB then you can look back at a later date at the history of announcements once you identify a route as malicious. I guess the bottom line is, I'm not even sure how one identifies BGP attacks after the fact unless it's a blatantly obvious attack like the case with the Pakistani ISP that took down YouTube. Are we as Internet users just constantly under attack and nobody realizes it? [link] [comments]  |
| Powerconnect 6248 Pause frames Posted: 23 Jun 2020 08:25 AM PDT I have stack of 4 Powerconnect 6248s on floor 1 and stack of 3 Powerconnect 6248s on floor 2. Periodically the link between the floors will go down due to STP. I did a port mirror today and ran Wireshark and can see the uplink port on floor one has a ton of Pause frames with a time of 65535 and source mac address of VLAN 1 CPU from floor 2. If I move the port on floor 2 the link between floors comes back up, but I'm just trying to understand why/how I can correct the Pause frames caused by VLAN 1. This is a single ethernet cable between floors, previously we had a fiber run and lag of 2 ethernet cables and experienced the same issues. [link] [comments]  |
| GNS3 and Cisco Packet tracer labs Posted: 23 Jun 2020 12:22 PM PDT Hello, Has anyone have any gns3 or cisco packet tracer labs to share? :) Want to practice dynamic routing and stuff. [link] [comments]  |
| Posted: 23 Jun 2020 01:53 PM PDT Anyone experience a problem with juniper dot1x and printers. Using an ex3400 with the 18.4R2s1 code on it. Can't deviate from code cause of rules so I gotta stick with it. The issue I'm seeing is with the printer the mac drops every 8 minutes or so from the Mac table. The next time the printer reauthenticates and the mac address isn't in the table the printer stops working. We're moving the customer from a cisco to juniper and everything is working perfectly fine on cisco. No special timers or anything. Not sure why it's not working on the juniper. Any ideas?? [link] [comments]  |
| Aruba NetEdit - does anyone here use it? Posted: 23 Jun 2020 05:27 AM PDT Hi all - recently had a meeting with an Aruba rep, about replacing my Catalyst 2960s with something like Aruba 2540s, and he was really pushing the CX 6200 series. The analytics and automation of configuration does sound appealing, but I wanted to search for a little Real World feedback before going down that wormhole. Many thanks in advance for any feedback :-) [link] [comments]  |
| Academic question regarding public multicast. Posted: 23 Jun 2020 02:14 AM PDT Hi all, I have had this question for a while now and I cannot seem to get it out of my head. Why has multicast failed on the Internet? Why isn't a service like a TV channel where you can join their public IP address/FQDN and watch live streaming? I mean with all the public videos going on in youtube/facebook/instagram, you would have thought that this would be the norm by now, but its not. Wouldn't multicast be cheaper and more efficient than unicast in that situation? And if ISPs could configure multicast addressing, wouldn't it make it easier to watch IPTV everywhere? Why isn't this a thing yet? [link] [comments]  |
| Permit ip any any on ASA firewalls Posted: 23 Jun 2020 06:49 AM PDT I'm not sure how common this is, but I have the fortune of working for a place that has Is there a methodical way to see what traffic is hitting the explicit permit on an inbound ACL so we can slowly create explicit rules and eliminate the explicit permit? [link] [comments]  |
| Posted: 23 Jun 2020 03:32 PM PDT We got a couple of ASA 5505s still kicking around our network. They're used to for NATing and aren't doing much more than that. I've been asked to configure logging for them to track who's logging in and out of them. I know that the 5506 has an option to hide usernames in the logging. My question is will a 5505 show usernames in the log by default or at all? Logs are being sent to Splunk. [link] [comments]  |
| Posted: 23 Jun 2020 03:52 AM PDT We have a number of devices on unsupported/unsecure OS that we are being told won't be updated and we need to continue to be allowed on the network. We are trying to come up with a solution to segregate these devices and was wondering what people think (we have already said they should just update them but you know how it is). We have layer 3 access switches and separate VLANs for all different types of devices but we don't really make use of ACLs other than some basic ones on the access switches currently as we have a large estate and it would be a lot to manage for our team. The requirement should really just be internet access but they already talking about loads of internal servers and services the machines will still need to communicate with. Management just say 'put them on another VLAN' but that doesn't actually solve the security issue, just like putting the problem in the room next door to you but leaving the door open. We have looked at trunking the VLAN back to our firewalls and handling access from there but it occurs to me that negates any benefit of having IP routing up to our access layer and depending on how many areas these devices cover will mean we are connecting a large area together which is the opposite of our current design which tries to avoid large L2 failure domains. I was thinking VRF as we do currently make use of VRFs on our network but 90% of our access devices don't support VRF and only core of our network does so that isn't an option. Am I missing an obvious solution to this? I don't have huge amount of experiencing designing. Cheers. [link] [comments]  |
| RSTP Question Unifi/UBNT Network Posted: 23 Jun 2020 12:32 AM PDT Hi All, I'm a bit of a noob with networking and am setting up a network for a small business for the first time. My configuration so far is as follows: Unifi Security Gateway --> Unifi 48P Switch --> UBNT 16 Port XG Edge Switch I have connected an SFP+ port on the Unifi 48P Switch to the 16 Port XG switch. In the future I will also connect another 48P switch to the 48P switch. The XG switch will have connections with different servers aside from the uplink. My question: For RSTP, does it make sense to set the root bridge on the 48P switch? Additionally, does it then also make sense when I add the 2nd 48P switch to set the 2nd 48P switch and the 16 port XG switch as the same priorities? Also, is there a typical standard to follow for the root bridge priority (4096?). Sorry if these are quite basic questions. My previous experience was that we had the root bridge on two Cisco 10G switches using HSRP, so I just am not sure if I should be using the 10G switch as root. [link] [comments]  |
| Networking for Church, options. Posted: 23 Jun 2020 02:50 PM PDT I am currently using Meraki mX64, and 2 MR32. And the license is coming up for renewal, and I want to explore what are the other options. Any recommendations, 100+ users on weekends, traffic is 300 Gigs per month. No traffic shaping or fancy firewall requirements. Thanks. [link] [comments]  |
| Opinions on Orhan Ergun CCDE Training Posted: 22 Jun 2020 09:53 PM PDT Hi I am thinking about gettind CCDE cert, apparently Orhan is one of the few content creators for CCDE cert. Has anyone taken one of his trainings or bootcamps? I have been looking for reviews all over the web with no luck. [link] [comments]  |
| Posted: 23 Jun 2020 11:49 AM PDT Hi all, A client has OM1 fiber that I need to use temporarily (unless we pull SMF). Will these SFPs work for newer Netgear switches (M4300)? I know OM1 is 850nm and the length is under 1000ft, but they lost me at the 1.25G. Is that just what they can do these days with newer transceiver tech? https://www.sfpcables.com/1000base-sfp-transceiver-asf85-24-x2-d-1897 [link] [comments]  |
| FastNetMon DDoS detection tool has got binary packages for all top Linux distributions Posted: 22 Jun 2020 05:01 PM PDT Hello! I'm Pavel from FastNetMon and I'm happy to announce that we've finished CircleCI integration for FastNetMon Community and prepared binary packages for following distributions:
We've selected these distributions according to installation statistics for last 6 months. These binary packages are based on upcoming FastNetMon Community 1.1.6 and they include number of nice features such as bundled BGP support (based on our favourite daemon GoBGP) and management command line interface. To install FastNetMon you can use following steps (don't be scared, this scrip just detects your distribution and installs proper package):
In addition to these steps I would recommend checking our official install guide. If you are not familiar with our project let me introduce it in few sentences. FastNetMon is a open source threshold based DDoS detector with support for Netflow, IPFIX, sFlow and SPAN capture. It can detect your own host which is target our source of attack and trigger some action (typically, RTBH). I'll be happy to answer any your questions! [link] [comments]  |
| Posted: 23 Jun 2020 09:50 AM PDT I was wondering if you can downgrade a Cisco WS-C4500X-32SFP+ to IP Base IOS form Enterprise Services IOS. Im assuming its possible but wasnt sure if we needed to sell the customer a license. I only see a license to upgrade a switch not downgrade. Any help is appreciated...Thank you! [link] [comments]  |
| 10G router replacement for the EdgeRouter Infinity? Posted: 23 Jun 2020 08:29 AM PDT So it seems like all the EdgeRouter Infinities in America have just disappeared, I haven't been able to get a hold of one in over a month. All of my normal vendors are out, and so I'm wondering if there's another 10G router that would work as a decent replacement. Hopefully one under 2k. [link] [comments]  |
| Posted: 23 Jun 2020 07:03 AM PDT Hello, I am planning to build a proposal to replace our current WiFi system used as a remote access VPN. We currently have 2 solutions; a Cisco enterprise AP solution for the office and a cheaper, non-Cisco lightweight AP solution for remote workers. The remote worker solution is supposed to be cheap, support maybe 2 SSIDs, have a zero-touch or almost zero touch provisioning capabilities, and be used as a VPN client replacement. I am proposing to replace that with Meraki, but it would be nice to compare it with other brands as well. I have just stumbled across Ubiquiti, but it does more of a SoHo solution than an enterprise one. I probably need to study the product more. Has anyone worked with Ubiquiti or other Meraki alternative brands? [link] [comments]  |
| Monitoring, Alerting, Config backup, and IPAM all in one programs? Posted: 23 Jun 2020 06:42 AM PDT Hello folks, Recently I've been asked to find something that can manage all of our Cisco equipment. We currently use PRTG to monitor MIB libraries and switch up/down states and were looking for something with a little more. In the past I've used solarwinds NPM to backup configs, push minor config changes, monitor links for bandwidth contention, and send alerts for up/down states. I don't remember their MIB library or whether or not it was able to alert on bad power supplies or switches in a stack going down. Solarwinds would have the added benefit of also being able to monitor our checkpoint firewalls. I've also used Prime, but I've never used Prime for alerting or bandwidth. Only for backup, config automation, and maintaining WLC/APs. What I'm wondering is, if either of these solutions could provide for my needs and if so, how are your experiences with them? [link] [comments]  |
| Posted: 23 Jun 2020 08:20 AM PDT Does anyone know what protocols Zoom uses in various circumstances? In particular, are the audio and video streams (sometimes) separate? Specifically, there are not thousands of people all over the world doing international folk dances on Zoom. I'm guessing that when someone has music going in their laptop microphone and dancing going into their camera Zoom creates a single video stream with embedded audio, so the footwork and music are synchronized (but may stutter). Can anyone confirm? Some people are "sharing computer sound" on Zoom, which gives higher quality audio, but I'm guessing that the audio stream and the video stream are being send in parallel, and while ideally would be synched, might not be (especially if TCP causes a retransmit). Can anyone confirm? This matches what I have seen in hundreds of hours - people who do not share computer sound remain synchronized, and people who share computer sound are usually synchronized, but resource issues with the sender can affect synchronization for all recipients and resource issues with the recipient can affect synchronization in their viewing (on my machine pausing Carbonite is a big win). [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment