ibgp next-hop-self vs. advertising external links Networking |
- ibgp next-hop-self vs. advertising external links
- Design question: Network Racks
- Wireless and Wired Users on Same Vlan
- How many VLANs make sense?
- Setting up a cisco router to a switch for small homelab, seller provided a rollover cable, what else do I need to setup this router?
- Ubiquiti AP- Unifi vs Airmax interesting stats
- Looking for advice on spanning tree configuration when connecting with someone else's network
- L2TPv3 not on Cisco 9300?
- EVE NG | failed to write configuration file
- Firewall Core
- Anyone use Packet Fence for NAC in an Enterprise environment?
- Moving routing to our core router
- Startup config
| ibgp next-hop-self vs. advertising external links Posted: 31 Oct 2020 09:56 AM PDT What are the pros and cons of using next-hop-self or advertising the external links: This is what comes tomy mind, but I'm curious what service provider guys think. Advertising the external link into the IGP: -feels a bit more natural. you just add one more route advertisement to the network, rather than altering the default behavior of bgp. -If the external link fails, the border router will withdraw the external routes in both cases. But if the external link is advertised (rather than the next-hop-self command being used), the failure of the link will cause the IGP to withdraw the external next hop, thus the other IBGP routers will also find out through the IGP that something is wrong, and stop using those routes. The IGP is likely to be faster than iBGP, especially when a route reflector is in use. The IGP also only has to withdraw one route versus the potentially hundreds of thousands that iBGP would have to , thus bringing everything down very quickly and allowing for a faster failover. Using next-hop-self command: - You don't advertise the external links, thus you don't expose that network to any external attacks. At an Internet Exchange, that might be a shared network, and you would not only expose yourself, but also others. It may be that in such a setup the IX would require that you use next-hop-self, but what do I know? -You get to choose the next hop addresses. Since these will be very important in your network design, you should take care when you design the network that these are easy to remember. This will make it much easier to read BGP tables, if you know the next hops, whereas if there are multiple peers, you are unlikely to remember the link addresses used to peer with them. Later edit: Ok, so the votes so far are for next-hop-self as being the better option. Why, I wonder is this not the default behavior then, and requires a switch to be flipped to enable it? Is this different in other OSes, from different vendors? Do they have this on by default? [link] [comments]  |
| Design question: Network Racks Posted: 31 Oct 2020 11:09 AM PDT Hello guys I have a chance to set up a new network room in new construction the way I want to. I want to get one of those "very wide" cabs with cable management facilities built into the sides. In this rack, I'm going to have about 4 1U servers, about 200 strands of fiber terminating into a few panels, and likely 2 QFX5100-48S Switches. I'd like to have the cable management on the sides as well as actually rack mounted ones between the QFX's. I picture the patch leads coming from patch panel to the left, into some kind of vertical cable managers, down to the U of the cable manager in between QFX, out into that, then up into the QFX in the right spot. What brands+models should I be looking at other than APC and TrippLite? Thanks [link] [comments]  |
| Wireless and Wired Users on Same Vlan Posted: 31 Oct 2020 10:06 AM PDT So whats the official verdict on this in 2020? I've seen it go either way depending on who you ask. Historically, best practice was separate vlans to prevent half-duplex wireless clients getting flooded by broadcast/multicast traffic. But now with BCMC suppression and other features on Wireless Controllers is that a factor any more?
[link] [comments]  |
| Posted: 30 Oct 2020 08:58 PM PDT Hi all. I've got a new manufacturing customer with approx 225 devices. Fortigate, 8 switches, a point to point connection to another building, maybe 10 servers, and 13 access points. In the past with other clients, VLANing has been set up and I haven't need to touch it. I'm thinking management, data, voice, guest, machinery. But, since I have a clean slate to work with, I was thinking about breaking off printers and servers to their own VLANs as well. How far do you guys generally go with it? How many is too many? I mean, I could get away with data, phone, and guest and be good with it as I'm not running out of addresses, but just curious as to how you guys think about what NEEDS a VLAN as I'm not extremely verses in best practices. Thanks for any input! [link] [comments]  |
| Posted: 31 Oct 2020 03:05 PM PDT Hey guys, I bought a cisco router and a cisco switch and when I plug the cable going from ISP router into the cisco router, no link lights show up. The seller provided a rollover cable, and I read somewhere that this is this way by default and you have to configure the router to work on your network. What do I need to go from ISP equipment -> Router -> Switch? Do I need a RS232 to usb cable so I can remote into the router to configure it? I'm super new to network equipment so go easy on me lol. Thanks! [link] [comments]  |
| Ubiquiti AP- Unifi vs Airmax interesting stats Posted: 31 Oct 2020 02:29 PM PDT Good Evening, I know there's a Ubiquiti page...but I figured this gave us a slightly larger forum discussion. So here: I find it very interesting and helpful that Unifi has their design page for rough, theoretical AP signal radiation circles. However, trying to design a deployment that's going to possibly use 80 wifi APs, and working off a very very limited budget that I'm already over, I had an interesting idea. My most important aspect in the design is range. I don't need any users getting any serious speed (10mb/s is plenty), but I need to hit a lot of clients. Rocket M5 radios are cheap right now...like $20 a radio. Look at these stats, and then maybe people can weigh in how far these are realistically going to shoot. I'm only comparing 5Ghz bands so I get apples for apples here.
8dBi antenna with 22dBm transmission power
5dBi antenna with 23dBm transmission power
27dBm (omni can't handle that, but still) with 10-13dBi antenna What makes the Unifi all that much better? Range is most important to me here...although obviously cell phones and laptops only fire so far. Wouldn't the unifi and aircube be pretty close in range here? The Rocket should have the largest range by far albeit a speed cap because of the 100mb/s port, agreed? Thanks [link] [comments]  |
| Looking for advice on spanning tree configuration when connecting with someone else's network Posted: 31 Oct 2020 04:49 AM PDT Hi all, We rent a rack in the datacenter and have a fairly simple setup with a pair of ToR switches connecting to the servers. We currently use RPVST+ as spanning-tree mode. Currently however, no settings are made with regards to the spanning tree priority. Everything runs on default. We get the occasional topology change message, but it hasn't given us any noticable issues. We are having some growth however and are now looking at renting a second rack. I've been reading up a lot on best practices since we have a "new chance" with the new rack and I would like to do it right. This post has been very informative on that: https://www.reddit.com/r/networking/comments/7rguqi/about_stp/ Since we are so small we do not have separate core/spine switches. It's just two racks with ToR switches and two cables in between the racks that we can configure with LACP for redundancy so we can do communication between the two racks. I realize this is not ideal but budget unfortunately at this point does not allow for setting up a network in a spine/leaf model. This is something I'm also still reading up on and I think if we grow further to a third/fourth/etc... rack we would need to build something like that since otherwise we cannot really scale well, but at the moment it is not possible. Above some context on what we are running now... Now my actual question is: I am unable to find what the best practices are when connecting to another network. I have two concrete examples:
Could anyone suggest what is the best practice for these type of connections? Thank you! [link] [comments]  |
| Posted: 31 Oct 2020 12:06 AM PDT Our network has grown and is a mess of vlans : ospf / dhcp relays / etc. I've been reading up on network overlays and was excited to try L2TPv3. Got ready to set it uo on a Cisco 9300, and it wasn't an option. 'MPLS' is the only encapsulation option on 'pseudo wire'. Was hoping to claw back up IPv4 pools for a bunch if vlans and make some bigger pools in the data center. Any suggestions? Goal: leave native IPv6 everywhere/distributes get IPv4 centralized. [link] [comments]  |
| EVE NG | failed to write configuration file Posted: 31 Oct 2020 04:24 AM PDT Couldn't find anything on Google about this so I thought i share: I wasn't able to save or erase config on the IOL routers in EVE: R1#wr R1#wr er I exported the config and cloned the lab. Then I was able to save again. Thank you, colleague! [link] [comments]  |
| Posted: 31 Oct 2020 03:54 AM PDT Hello!! Is it a good or bad idea to use firewalls as a core? I would plug 3 switch stacks to them. 4 VLANs, 300-400 users max. They already have 2x Meraki MX100 for SD-WAN. 750Mbps throughput and they have an MPLS circuit + 1Gbps Internet breakout circuit. Corporate VPN traffic flow on top of the MPLS and Internet traffic gets out locally on the 1Gbps circuit. All their services are in our DC so very low traffic between VLANs. I had the idea of buying a Core but our company is Cisco only and these 9400-9500 core switches are just too expensive. I'm not sure it's worth the price for them. MX100 only supports SFP, no 10G. They don't support port channels as well so we're looking at 1G connections from the switch stack. Let me know your thoughts! [link] [comments]  |
| Anyone use Packet Fence for NAC in an Enterprise environment? Posted: 30 Oct 2020 04:52 PM PDT We have about 15 sites, 2200 clients, not including servers and such. Anyone have experience with Packet Fence for network access control? What are your thoughts on this product? [link] [comments]  |
| Moving routing to our core router Posted: 30 Oct 2020 05:48 PM PDT We have a core router, CR1, which is the gateway for our main subnet/vlan 1 and a separate physical router ,SR1 , which routes a secondary subnet. The secondary subnet was only added to extend available addresses. There is no need to separate them with a firewall. My goal is to remove SR1. CR1 address 192.168.1.1 routes 192.168.1.0/24 SR1 address 192.168.2.2 routes 192.168.2.0/24 From my research I believe all I need to do is to make sure vlan 1 on CR1 has a secondary address such as 192.168.2.1 and then update all the clients on that subnet to point to this address for gateway. I would say I have intermediate knowledge of networking. I get confused with routes/when a static route is needed. Is there a route I need to confirm as well? Does adding a secondary address cause any disruption for vlan1 traffic? [link] [comments]  |
| Posted: 30 Oct 2020 05:25 PM PDT Is it better to wipe startup config clean, load image, and load config or can you just copy over startup config with new config needed and avoid wiping the iOS on the switch? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment