Blogpost Friday! Networking |
- Blogpost Friday!
- OVH released their bastion solution on GitHub
- Co-Channel Interference/Contention: Where do you draw the line?
- IPSEC Mikrotik integration with Cisco
- Microsoft Teams upload speed requirements question.
- BGP on Cisco
- Wire shark question
- Recommendation for switch replacement
- Testing/Comparing 2 Different ISP Circuits for Point to Point Streaming
- MSS and Wireshark
- Looking for a unicorn? Can anyone tell me if a half-height mini-pcie LTE module (preferably supporting bands 4, 7, and 28) exists?
- Creating a strange NAT...
- Using 44.0/9 (AMPRNet) as private network space.
- Takeaways From Cisco Catalyst 8k Launch?
- Cisco FEX
- How can I make my APs communicate with a Cloud API?
- Fibre Channel and FCoE question?
- Firewall Rule Requests
- HP 1810 J9803a load balancing algorithms
| Posted: 29 Oct 2020 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments]  |
| OVH released their bastion solution on GitHub Posted: 30 Oct 2020 08:48 AM PDT https://github.com/ovh/the-bastion Looks interesting, considering it's what they are using internally. [link] [comments]  |
| Co-Channel Interference/Contention: Where do you draw the line? Posted: 30 Oct 2020 07:01 AM PDT We have some buildings with ~7 APs per floor. The 2.4Ghz signal is so strong that an AP on floor 3 can see APs from floors 1-6 all on the same channel, with the weakest signal being -70db. For example, AP on floor 3 (ch11) sees the following APs on ch11: Floor 5 (-43db) Floor 3 (-52) Floor 2 (-59) Floor 5 (-66) Floor 6 (-70) Naturally, we have a controller that manages the radios. It is configured to avoid interference. The controller also claims the co-channel interference is eating up 80-90% of the channel's capacity. I want to turn the radios down, but don't know where I should draw the line. Our customers are complaining about slow speeds and losing connections intermittently. That makes sense to me because if so many APs are fighting for air time with each other, the speeds are going to drop significantly. I'd love to just get rid of 2.4Ghz but that's not possible right now, nor is band steering. I've adjusted the Cisco controller's power threshold to -65 from -55. The min power level assignment is at 17 (-10 to 30 dBm scale). This is what I will lower next after I figure out how much co-channel contention is too much.
Sorry, can't. Our budget was wrecked by covid. I've inherited this problem from a recent retiree and am not an expert. I also have no money to spend on it. I have a decent grasp on the basics of wifi, but I'd love some direction before I start making bigger changes in production. [link] [comments]  |
| IPSEC Mikrotik integration with Cisco Posted: 30 Oct 2020 07:25 AM PDT I spent a good portion of this week working on an IPSEC/GRE BGP connection to a 3rd party vendor. They are using Cisco and we are using Mikrotik. For those who encounter this combination, perhaps I can save you the time and headache of searching through Cisco and Mikrotik documentation and troubleshooting. This may be common knowledge, but if the Cisco router is using "route" based IPSEC, it will send over a traffic selector of 0.0.0.0/0. If this is the only way the vendor is willing to configure the tunnel, you can create a few IPSEC policies to exclude non-interesting traffic from the tunnel and then a policy for 0.0.0.0/0. Noninteresting traffic should include your management network and any networks traversing the GRE tunnel. The downfall of this method is that you will now need to create exceptions for each network you want to route over. Alternatively, just get the vendor use ACL based IPSEC. [link] [comments]  |
| Microsoft Teams upload speed requirements question. Posted: 30 Oct 2020 08:03 AM PDT So if I do a video conference from home, it is saying the bandwidth requirements are 500k - 1.2 Mbps upstream depending on quality of the video. If 10 people are in the group conference, it is still only sending upstream to the Teams server, then it is dispersing to the individual participants..correct? I mean i wouldn't need 500k upstream X number of participants if i'm understanding correctly? [link] [comments]  |
| Posted: 30 Oct 2020 09:26 AM PDT At my previous workplace I've done BGP on Fortigate (2 fortigates running in HA). This Fortigate used to peer with 2 separate ISP thus achieving multi home. This worked perfect for us At my new workplace its a Cisco only (firewalls, routers, switches etc) shop (I haven't touched Cisco in about 5 years or so. The requirement is basically the same thing - peer with 2 ISPs and advertise it based on our needs. To achieve the true redundancy does Cisco offer a way to cluster the devices into 1 similar to fortigate? Is this the solution to this problem? Do we run 2 separate routers and then do iBGP then do some kind of HSRP or VRRP? [link] [comments]  |
| Posted: 29 Oct 2020 05:07 PM PDT Hey y'all, finally got my first real network job back in May—I LOVE IT! I manage a ton of end devices at different stores, and I am always in our router and switches, the tickets don't stop. Some of my tickets involves latency issues and dropped packets from our store out to the internet. I was wondering if I could SSH into a remote router/switch and use wireshark to figure out where the packets are dropping or where our latency issue is occurring, if that's even possible. I read about SPAN on interfaces but that's a no go for sure, I'm just a lowly admin trying to figure out what's the I.P. Thanks in advance! P.S if you're a network engineer/admin and have used Wireshark to troubleshoot, what are some cool things you can do with it!? [link] [comments]  |
| Recommendation for switch replacement Posted: 30 Oct 2020 02:49 AM PDT Hi, I currently have a stack of 6 Avaya/Nortel 5520-48T-PWR switches. Have loved them due to the stacking feature, and the WebUI. The switches being the age they are, are starting to give me troubles, with failing POE boards and other small issues. I know I can still get them from eBay for around AU$150 etc but am now looking at upgrading. The above switches really don't have much of an upgrade path (that's affordable) as only the 5500 and 5600 switches can stack together, and the 5600 series only has 10Gb in XFP x 2. Anything up from that is a no go. So, I am now starting the search for the next replacements. I am wanting something similar to the Avaya Switches, but something where I can pay a little more and get 1 of the switches in the stack to have 10GBase-T. EOL is ok obviously. For what these are used for the Avaya/Nortel switches have been awesome (although a little noisy, but are in a separate room). Have been looking at Juniper, but not sure about the specific models etc. One I did find was the EX4300 series, but they seem a little expensive still, I don't think they are EOL yet, so not a huge amount being dumped in the second-hand market. Basically, a switch that is stackable, has 48 Port with PoE, a WebUI, and at least a model with 10GBase-T that can be stacked with 1Gb Switches. Any help/recommendations etc would be much appreciated. [link] [comments]  |
| Testing/Comparing 2 Different ISP Circuits for Point to Point Streaming Posted: 30 Oct 2020 10:21 AM PDT Our team in Washington DC has access to 2 different ISP circuits, each 1GB - Comcast and Verizon. I'm looking to find out the best way to run a "long term" (a few days or even hours) test to compare the reliability of Comcast vs Verizon. Whichever ISP circuit we select in DC will be used transport two 7Mbps video streams to and from our main office in NY. (using SRT Video Streaming Protocol). I'm looking to detect latency spikes or any packet loss along the route from DC to NY and then select a circuit in DC accordingly. Thus far, RTT times back to NY are lower on Verizon, but with this streaming protocol spikes in latency or packet loss is more of a consideration and would lean us toward one circuit or another. Is iperf maybe able to be ran over a long duration and possibly be graphed visually somehow? Thanks all so much! [link] [comments]  |
| Posted: 30 Oct 2020 01:14 AM PDT Hi, Doing a great course on Pluralsight right now about Wireshark while troubleshooting a real world issue. I have a question about wireshark and the way the length and tcp segment is displayed. Let's imagine I have SDWAN to a Hub location, and behind that Hub is Azure. We are doing a SQL Query from Azure to the SDWAN site. The 3 Way Handshake then completes and a few options are negotiated. The MSS from Azure is 8960, the SDWAN site is 1318. So, 1318 wins. The lowest MTU across the link is possibly 1405. Now once data flows, am I right in expecting all packets to have a maximum of TCP Segment length of 1360 and a maximum packet length of 1414 to account for overhead? The reason I ask is after a few Sql batches, a packet is sent from server to destination with TCP length 4096 and length is 4150. I am not sure if I have studied too much and gone deep into the matrix. My other thought was maybe this packet is fragmented later on, as I have only captured from machine itself. Thanks for reading and any info. [link] [comments]  |
| Posted: 30 Oct 2020 06:44 AM PDT |
| Posted: 30 Oct 2020 06:07 AM PDT Having trouble locating answers in whitepapers for this scenario. Basically I need a NAT to translate traffic from my internal subnet of 10.0.0.0/16 to the subnet of 10.243.X.X/27 only when traffic is destined for a specific group of public IPs. The reason for this is the other end of the VPN tunnel needs to see the traffic being sourced from the 10.243.X.X subnet, not our 10.0.0.0/16 subnet. I was trying something like: nat (Inside,Outside) source dynamic 10.0.0.0/16 10.243.X.X/27 destination static PubPool PubPool I get the error that the source cannot be a subnet. Any ideas? [link] [comments]  |
| Using 44.0/9 (AMPRNet) as private network space. Posted: 30 Oct 2020 05:16 AM PDT Disclaimer, I'm not the network guy, I'm the linux guy getting frustrated. My company has done a ton of acquisitions over the years and because of some choices made up the food chain those companies come into our WAN without being readdressed. Our WAN routing space has stuff all over 10.0.0.0, but also has things in 172.16 and 192.168. When we went into the cloud we had issues allocating large enough blocks as the network team were unwilling to give me enough in fear that a future acquisition would clash. Working with AWS we followed their recommendation and dedicated the entire 100.64 space from cgNAT to cloud only. I've got a project I'd classify as "devprod" in that it's a dev environment that when it has outages causes headaches as if it were prod. It needs some network space across at minimum a handful of /24. I've "lost" to the network team several times and had to readdress because management determined it was better to have me address my stuff than to try and readdress an entire business unit during the onboarding process. I've gone from 10.10/16 to 10.11/16 to 10.21/16 and now am about to booted again, with no guarantee it won't happen again in the future. You can argue all you want that this is unreasonable and I should be given some leeway, I certainly have, but this is my reality. Is there any reason that I couldn't use the 44.0.0.0/9 allocated to AMPRnet for packet/ham radio? It would be internal and run just as if it were an RFC1918 network. I can't imagine that any host on our WAN would ever want to connect to packet radio. I can't see a downside to this but again, I'm a linux sysadmin, not a network guy. Is there anything I need to consider here? [link] [comments]  |
| Takeaways From Cisco Catalyst 8k Launch? Posted: 29 Oct 2020 08:03 PM PDT Below are mine. Interested to hear what others think!
[link] [comments]  |
| Posted: 29 Oct 2020 04:51 PM PDT Hi, the last week or so i have been watching INE's CCIE data centre videos regarding the Cisco Nexus series. All in all so far i have to say they are good. I have gotten to about a quarter of the way through now and arrived at FEX. There has never been a networking topic were i stopped and thought..."I don't need this" or "this seems like a really bad idea" but with FEX i got about 20 mins in and switched off and moved to the next segment in the series. I have to ask, has anyone else worked with them or thought this over time? Heavy North/South flows and traffic travelling to the EOR switches even for packets that could traverse the local FEX switch. I just sat there shaking my head thinking "surely this isn't implemented heavily today?" Anyone any thoughts or am I just totally way off here? [link] [comments]  |
| How can I make my APs communicate with a Cloud API? Posted: 30 Oct 2020 04:01 AM PDT Ok, so I have 4 different GrandStream Access Points, all provided by the employer. The exact models are GWN 7602, 7605, 7630 and 7630LR. My task is to build an API that receives a request whenever someone connects to the wireless network and collects as much data as it can to build up an analytics dashboard for the location owner. Of course the system would ask for permission and logging in with social accounts is optional. The idea is to have the end user be presented with a sign-in screen when they first connect to the network and when they select an option (Login with Google, Facebook, Apple ID etc.) or incognito, we need to collect as much data as we can (demographic and stuff like that) so the location owner can adjust their ad campaigns to match the most / least common type of visitor (whatever they want). I am used to building Laravel REST APIs on a LEMP stack with a Vue frontend so if the system is doable in that way it would be nice, but I am not completely married to this certain stack nor do I run away from other technologies. How do I configure the access point to communicate with my API and store the data I need? [link] [comments]  |
| Fibre Channel and FCoE question? Posted: 29 Oct 2020 05:00 PM PDT Hi, i have been studying the Nexus OS the past week or so, i come from a heavy IOS and ASA background so for the most part it has been pretty straightforward so far. Things like VDC's and the general management of the devices are pretty straight forward to, I picked up VDC's fairly easily having worked with ASA multi-contexts for a while now. Other areas like fabricpath seem like a good idea and pretty straight forward to depending what your knowledge of IS-IS is as well as VPC's. Now for fibre channel i remember studying this about 2 years ago but for the most part it has all left my brain even if i took notes on it (haven't reread them properly yet). But i wanted to ask, what is the more popular way of doing things as far as storage etc.. goes here with Fibre Channel and FCoE? FCoE seems like the simplified way of doing things (granted i have touched on that yet so i could be wrong there) and Fibre Channel on Nexus (or just in general) seems like a far more complex way. Which technology is more used these days or is there something else on the horizon that will take over both? [link] [comments]  |
| Posted: 29 Oct 2020 06:20 PM PDT Just curious how everyone intakes firewall rule requests? Specifically if there are templated forms or information specific information required to be supplied. Curious on how others have streamlined these requests. [link] [comments]  |
| HP 1810 J9803a load balancing algorithms Posted: 30 Oct 2020 05:43 AM PDT Hi, Could you help me to know which lacp/static load balancing algorithms this model support and how can i change it in webui ? I need to connect this switch (hp j9803a) to cisco SG300-28 and i want to be sure that the hp support src-dst-mac algorithm or src-dst-mac-ip too.. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment