Rant Wednesday! Networking |
- Rant Wednesday!
- Thank you, I'm shutting down
- In the absense of QoS policies, Will UDP traffic take priority over TCP traffic due to lack of congestion avoidance?
- Fanless 1G managed switch than can SPAN all day long?
- Recommendation for 10G SFP+ to 10GBASE-T transceiver for Mellanox switch
- Etherchannel Load Balancing advice
- IGMP/PIM - Multicast Configuration
- What Routing Engine for MX480 to choose
- CheckPoint TLS Enforcement verification
- Port Led Color Meaning (Switch)
- EAP-TLS For contractor laptops?
- Rancid doesn't create config/backup file
- Segmenting Printers off a Flat Network
- Looking to dispose Cisco Firepower 4110 firewalls
- MS Teams/Skype Call Quality in China
- Server guys bought a back up server without consulting me. Has a Rj45 Cat 6 10 GB port. Our Fexes are 1gb, which hook up to 9K's with only sfp slots. Will a 10GB sfp to RJ 45 connection in the 9k work?
- SIP issues through Cisco ASA 5540 Firewall
- Improve single stream connection between two site, TCP Window Sizing
- Need help with a routing issue for IPSec VPN tunneling
- How many lightning arrestors on outdoor AP?
- Do we need to be worried about concentration risk with CDN? eg: Cloudflare/Akamai
- Network Design - SVIs on Firewall or Core Switch?
- Century Link CBRAS
- Netgear S3300 Auto-Voip Tagged ports getting reset
- Beautiful labelling
| Posted: 28 Jul 2020 05:04 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments]  |
| Posted: 29 Jul 2020 04:54 AM PDT Hi guys, After almost 7 years of operations, I'm shutting down my ISP. the good folks here have always helped find a solution for me challenges and I'm grateful to have interacted with you all. Good luck to all of you [link] [comments]  |
| Posted: 29 Jul 2020 10:35 AM PDT Hello all! Been reading up a lot on TCP/IP and UDP recently, particularly in the realm of congestion control as it pertains to an issue I'm troubleshooting. So I read that TCP traffic will slow down if a packet is dropped or if an ECN bit is set. This effectively limits the transmission speed. UDP, on the other hand, I read, does not have congestion control. So wouldn't this mean that if network congestion is experienced, the hosts running UDP connections would keep transmitting at full speed, while the TCP connections slow down when they see ECN bits/dropped packets, ramping up via slow start, only to drop back down when congestion is reached again? [link] [comments]  |
| Fanless 1G managed switch than can SPAN all day long? Posted: 29 Jul 2020 10:11 AM PDT So, yeah, my job has changed a bit... Most of dev is working from home and we're building home labs. I used to just wait for folks to rack and stack and then I'd run many scripts and party on unless I had a ticket opened... Now I need a managed 1G switch like it's 1999. But it's going to be sitting on some poor soul's kitchen-office table in some cases. Anybody got a favorite fanless 1G switch? I could go with a 12 port FW, like those older NetScreen boxes. Main requirement is SPAN with no fan. I need a couple hundred of them... Any favs? [link] [comments]  |
| Recommendation for 10G SFP+ to 10GBASE-T transceiver for Mellanox switch Posted: 29 Jul 2020 05:55 AM PDT Howdy folks: I have a storage/compute cluster that is tied together with a Mellanox swith: Mellanox Model MSX1016X-2BFS 10 GbE SX1016 64-port SDN with SFP+ ports. I have an opportunity to add a NAS to this network, however the NAS only offers a 10GBASE-T port. After doing some research I have come across a transceiver that appears to adapt from SFP+ port to the 10GBASE-T: https://www.hpcoptics.com/Mellanox-MFM1T02A-TX I am wondering if anyone has used such a device in the past and if you found it works and indeed connects at 10 Gb/s. The NAS and the switch will be in adjacent server racks. Are there any specific cabling issues I should be aware of? Thanks in advance for any suggestions. [link] [comments]  |
| Etherchannel Load Balancing advice Posted: 29 Jul 2020 09:38 AM PDT I am new to networking & have been challenged to determine the best ether channel load balancing option for our network. I am told that We have primarily routed links, some virtual links operating at layer 2 with port load balancing, and a hint that IP src load balancing would likely not be ideal over port load balancing. We currently have default load balancing on the physical switches. Given the limited information can anyone point me to the best load balancing options and tell me why? [link] [comments]  |
| IGMP/PIM - Multicast Configuration Posted: 29 Jul 2020 01:19 PM PDT Good afternoon, I have two different VLAN's in the same VRF (Cisco 3750-X). VLAN 10 - 10.0.0.1/24 (Hosts-10.0.0.20) VLAN 20 - 192.168.0.2/30 (FW-192.168.0.1) I'm trying to get a IGMP join message (or any IGMP message for that matter) sourced from one of the hosts, to hit the firewall (so I can setup IGMP proxy). I've attempted to configure igmp helper address of 192.168.0.1 under vlan 10, which I figured would be the easiest way to do it, but when I run a packet capture I get the following: Source/Host - multiple igmp report requests being sent Firewall - none of those igmp report messages being received I attempted to configure PIM in dense mode on both vlans but still the same results from my packet capture. Happy to provide any/all configuration... been reading all afternoon and can't quite figure out what I'm missing. [link] [comments]  |
| What Routing Engine for MX480 to choose Posted: 29 Jul 2020 01:17 PM PDT Hello, I'm researching what RE i need for an MX480 but I'm not able to know what direct impact it has on throughput. You can see that they are in different in CPU cores and RAM and storage but I'm not able to know how does it affect the sizing. Does anyone know the impact of RE on throughput? Thanks [link] [comments]  |
| CheckPoint TLS Enforcement verification Posted: 29 Jul 2020 12:54 PM PDT I'm trying to connect to a secure website over a site-to-site VPN going through our CheckPoint firewall (r80.20). With wireshark, I can see the TCP handshake complete and then see my client send a TLS 1.2 client hello packet. However, no TLS 1.2 Server Hello or Handshake Failure Alert is received in response on my client. Since there is bidirectional connectivity (TCP handshake completes), I'm left to believe there has to be some sort of TLS issue pertaining to our firewall. We do enforce TLS 1.2, but seeing as the website in question supports TLS 1.2 I'm unsure what's going on. The logs on the firewall don't/can't show any type of TLS related enforcement that I'm aware of. Does anyone have any suggestions for how I can verify what's going on?
[link] [comments]  |
| Port Led Color Meaning (Switch) Posted: 29 Jul 2020 12:32 PM PDT Hi Guys, I know it can be different from one switch to an other, but I would like to understand if there is a rule of thumb when it comes to to the port led color on switch(green,orange,blinking/steady and so on) .. Thanks! [link] [comments]  |
| EAP-TLS For contractor laptops? Posted: 29 Jul 2020 12:32 PM PDT Contractor laptops are already managed via their company's own MDM, so it's not possible for us to use an MDM solution to push WiFi profiles and certificates. Without depending on MDM, what are the most user friendly and secure methods to get EAP-TLS user certificates installed on laptops? Using our internal CA web enrollment page is very clunky. It requires the user to use IE and add the site to Trusted Sites. Some users can't change Trusted Sites and some users don't even have IE in their laptop (MacBooks etc.). What better solutions exist when you don't have the option to enroll the laptops into MDM? [link] [comments]  |
| Rancid doesn't create config/backup file Posted: 29 Jul 2020 12:12 PM PDT Hi guys, I installed Rancid with ViewVC using the following manual: https://geekdudes.wordpress.com/2020/01/16/installing-and-configuring-rancid-on-centos-8/ Everything is configured and seems to be operational. I've added a test switch device and able to connect to it using: However, when I run "rancid-run" nothing happens, it doesn't create a configuration/backup file. When I check at ViewVC I don't see any files created, same when I check In the log: I see either : or starting: Wed Jul 29 10:26:47 PDT 2020 Any ideas? Thank you [link] [comments]  |
| Segmenting Printers off a Flat Network Posted: 29 Jul 2020 12:03 PM PDT I'm jack-of-all-trades Windows network admin for a small business and I'm looking to segment off the printers on their own VLAN. This is the start of my first "big" network project since getting my CCNA and I want to verify that what I'm doing is best practice for the equipment we have. Currently we have PCs/servers/phones all on one network across a few switches at the main building. I'm starting with creating new networks with 3 separate /26 subnets and putting the printers there. One switch on each floor would house a VLAN and the printers for the floor. Access to the printers will be set by an ACL to basically limit access to printers to just the print server and maybe a few management ips. Is this the correct way to set this up? From the CCNA it seems that the old way would be to setup a router on a stick and trunk vlans to it but it seems like a step back from the routed access the everyone does now. Below is my rough layout. Any help would be greatly appreciated. [link] [comments]  |
| Looking to dispose Cisco Firepower 4110 firewalls Posted: 29 Jul 2020 11:54 AM PDT Hi guys, tried to go through the sub's rules to see if I'll br violating any, but so far I haven't seen any, though I'd totally understand if it gets flagged. However, I'd still appreciate the help and feedback I'll manage to receive on this post. To cut the long story short we (our company) bought a bunch (4) of Cisco's Firepower 4110 NGFWs to serve a very specific usecase (https inspection on http2) that they've really fallen short of and we ended up with a bunch of very expensive paperweights on the network that we no longer use and got unracked almost as soon as they settled on the DC racks. They have full licences, support and all that premium crap that Cisco packages for their top end services, and by this point a refund from them may be next to impossible should we even consider asking for it, and I doubt there's anything else from them that they can offer as a replacement to serve this specific purpose. Make no mistake the firewalls are good, but their square boxes just couldn't fit our round holes (pardon the simplification) So now I'm trying to find the best way to get them off our hands, but not exactly sure the best, or pretty much any marketplace I can put them up in. I thought I'd start with getting some pointers here on where I may try, since I'm sure some of you know where to look for equipment sales at a bargain to send me there. Maybe I may even get lucky if someone here is looking for some to try out. Any and all help will be appreciated. Thanks [link] [comments]  |
| MS Teams/Skype Call Quality in China Posted: 29 Jul 2020 11:44 AM PDT Our Chinese users at some of our branch locations have call quality problems with Skype and Teams. I ran the Skype for Business Assessment Tool and found that we are getting 0.36% packet loss. I'm showing 0% loss between China offices so I can conclude the loss is due to the Great Firewall of China. 0.10% packet loss is the threshold for users noticing call quality problems. Calling the ISP has been entirely unhelpful. MS recommends sending Teams traffic via proxy, through a private link and out a non-China internet connection. We do have private MPLS circuits connecting our sites so this is possible. I have never set up a proxy server before so I'm looking for advice on possible options. Would a Squid Proxy Server running on a vmware Ubuntu box be good enough? Or should I be looking for physical appliances or paid virtual machines? Is a proxy an all around dumb idea? We have plans to deploy SD-WAN enabled firewalls but with the pandemic, I'm not sure when that is going to happen. [link] [comments]  |
| Posted: 29 Jul 2020 07:55 AM PDT So believe or not. Cisco doesn't make this part anymore according to this community thread. https://community.cisco.com/t5/optical-networking/does-cisco-have-any-10g-copper-sfp/td-p/3807140 But there are aftermarket parts that seem to do the trick. I've never been one to do this considering you can just go twinax with a hba/fiber card, but do you think this aftermarket part will work [link] [comments]  |
| SIP issues through Cisco ASA 5540 Firewall Posted: 29 Jul 2020 11:32 AM PDT Hello, I am having a new issue on my (oldish) Cisco ASA 5540. I have an Asterisk SIP server behind it for a long time now ... public ip 1-to-1 NAT to the Asterisk server, with acl allowing UDP/5060 only to the Asterisk server. Since we have everyone working remotely since April, everything has worked great. The phones were picked up right off the desk and brought home. The registration server was simply changed to the public IP rather than the private ip in the handsets. It has started happening that connecting clients are being actively blocked after a call is placed. initial SIP registration to 5060 happens fine Upon call setup, there is no-way audio either coming or going Reviewing Cisco debug logs, as soon as the call is initiated, I see active blocks happening on the default outside-in ACL for high UDP ports from the client's connecting public IP address. What I would expect is that the call setup would get the firewall to reserve a high-port for the clients public IP. This is confirmed as the issue as if I whitelist the client's ip (allow all ports) everything works fine. YES, I have inspect SIP enabled I did a show connections and I only have about 2500 connections, so it's not like I'm out of ports I only have about 300 handsets connecting What can I do to figure out why this is happening? I think that if I disable INSPECT SIP it will interrupt all live traffic so I'm not going to do that yet, but it's an option. One more thing: We are using a public SIP provider, so the internal server uses a public SIP server out of the same firewall to connect to the PSTN. This has never been an issue before. Also, we are not using an SBC. Thanks! [link] [comments]  |
| Improve single stream connection between two site, TCP Window Sizing Posted: 29 Jul 2020 12:14 AM PDT Hello, I have two sites each running pfSense and an ArchLinux server behind the router. Ping from site A to B shows an RTT of about 46ms (0.046s). The theoretical line speed is about 150mbps. If you consider some losses than we can take this to 140mbps. If i run 20 parallel iperf session betwen the two sites i get line speed. A single stream can only get me 14 mbps I was hoping to increase the single connection speed between the two sites by adjusting the TCP window size. The ideal TCP windows size = 150E6*0.046/(8*1024)=786KB. However I am not able to set it and the maximum i can go is 416KB, With a window size of 416KB, i still get poor speed, I checked the default window size in Arch Linux The default size is 208KB = (212992/8) which is lower than my ideal window size of 786KB. Is there anything i can do to improve the single connection speed? [link] [comments]  |
| Need help with a routing issue for IPSec VPN tunneling Posted: 29 Jul 2020 10:39 AM PDT Hi all! I'm not sure if this is the right place to ask this, but I have a question that I'm pretty sure is a basic routing question and I feel almost silly asking it. I think part of the problem is my own lack of familiarity with Sonicwall products, so it might just be something I missed in the GUI. There are two Sonicwall appliances: TZ300 and TZ500. They have a successful site-to-site VPN connection using IKE+PS. However, even though the connection is good, some of the subnets aren't able to talk to each other. TZ500 has two subnets: 10.170.0.0/24 and 192.168.111.0/24 TZ300 has a few subnets: 10.1.130.0/24 10.57.1.0/24 10.3.5.0/24 and 10.190.1.0/24 The access rules on both appliances allow all traffic between all subnets from each appliance. However, when I look at the route policies, I do not see anything specifically allowing traffic between the two. After running a few tests, devices from the 10.170.0.0/24 network can reach devices on the subnets of the TZ300, but devices on the 192.168.111.0/24 network are not able to reach anything on the TZ300. I've been trying to diagnose the issue and i'm sure it's a simple fix, but after hours of turning over every rock, I am just about at my wit's end. Any help would be greatly appreciated! P.S. if there is a different subreddit where this is more appropriate, please let me know and I can move this post. Thank you for taking the time to read through this! [link] [comments]  |
| How many lightning arrestors on outdoor AP? Posted: 29 Jul 2020 10:13 AM PDT This kind of seems like a dumb question but it needs to be asked. For example a Cisco 1562e has 4 type N connectors. Is it advisable to install a lightning arrestor on each connector? [link] [comments]  |
| Do we need to be worried about concentration risk with CDN? eg: Cloudflare/Akamai Posted: 29 Jul 2020 12:07 AM PDT As the title says, Do we need to worry about the concentration risk towards CDN? Of course, internally there will be replications and redundancies to handle the failures but the recent outages are examples of concentration risks. A company "X" which lost millions within the outage duration it makes sense to invest N+1 redundancy across all single points of failures. If we can summarize the entities which are keeping the internet infra running, What are the top companies "running" the internet? What are my options to keep N+1 redundancy with vendors? Thoughts? Edit: let me rephrase the question, How will you design your data center if you are given with a virtually unlimited budget? I'm not looking for architecture details but the vendors you would choose for networking gears, storage, and servers, etc. [link] [comments]  |
| Network Design - SVIs on Firewall or Core Switch? Posted: 29 Jul 2020 01:42 AM PDT I've seen this: https://www.reddit.com/r/networking/comments/f80v5r/gateways_on_core_switch_vs_firewall/ Where one person says make them on switches for speed, and firewalls for security (assuming you VLAN an interface off) But another person says "It depends on what your firewall can handle" On Spiceworks, people are equally split on this: What would you recommend? For Scalability too [link] [comments]  |
| Posted: 29 Jul 2020 07:37 AM PDT I have what is described here: I'm not sure where this post should go so I'll start here. Physical: Fiber > ONT > Ethernet > pfsense WAN I have a fiber connection that uses CenturyLink CBRAS aka BRAS. I have been using DHCP and Eero but want to change things up a bit. I got a static IP and attempted to use it. The tech says I am required to use the CL "modem" and configure "LAN Subnetting" on it. I want to do this without the CL HW if possible. I have already configured pfsense to get the DHCP address from CL and that works as I am online, but where do I configure the static IP? Here are the details I was given for ref. Static IP Network Address 71.33.xxx.72/30 Router/Client 71.33.xxx.73 Gateway 71.33.xxx.74 Broadcast 71.33.xxx.75 DNS 1 205.171.3.26 DNS 2 205.171.2.26 Wildcard 0.0.0.3 [link] [comments]  |
| Netgear S3300 Auto-Voip Tagged ports getting reset Posted: 29 Jul 2020 06:49 AM PDT Sorry reddit foo is failing me this morning I'm trying to cross post since I didn't get any response in the r/NETGEAR channel. Hey everyone I'm looking for some help on a Auto-Voip on some Netgear S3300 switches. I have several S3300 switches (not stacked) throughout my facility linked together with "trunked" vlans. The problem I'm having is that previously with Netgear switches I've set up my tagged ports to link switches together, then enabled OUI based Auto-Voip on the ports where I expect to have phones and everything just works. On these switches that does work, however if you try to update tagged ports after enabling Auto-Voip it throws an error. And if the switch reboots or you backup and re-load your config the switch no longer has the port(s) marked as tagged that we use for the trunk between switches. My first thought was that I must not be following the way this stuff is supposed to work, however I cannot find any documentation on how the "Right" way is to set up auto-voip with multiple vlans tagged over a backhaul link to core infrastructure. Can anyone explain how this is supposed to work or link me to Netgear docs on the topic? thank you in advanced [link] [comments]  |
| Posted: 29 Jul 2020 06:25 AM PDT Hi, I've always liked "beautiful labels" created by software where you can see a shit tonne of detail on a relatively small label whilst still being legible. The label also has been designed so that there is some white space where you can flip the label over, and make it a lot stronger ie: where you can see the detail on one side and the length on the other side I've created the following labels for people to use as a design template. I created this using Brother's P-touch Editor Software but it may well work for other vendors like Dymo too I've got a couple of example labels there too. If there's anything I've taken from the first company I've ever worked for it's damn good labelling. I personally have a Brother PT 750W label printer using 12mm Tze231 compatible label tapes. This again is not a plug for Brother and may well work for other brands but I made this using a Brother printer years and years ago The link where you can download this is at: https://www.dropbox.com/sh/jckkscf15di3dji/AACFQTBoHbmFSeXguT6hYHLCa?dl=0 [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment