Blogpost Friday! Networking |
- Blogpost Friday!
- Extending SD-WAN Fabric into Multi Cloud - Design and Throughput Limitation Concern.
- Line protocol down on port connected to fiber. Does light color need to show on the fiber itself?
- Cisco AireOS controllers EOL
- Port light now turning on
- accessing devices via a jumpbox
- DPI with mTLS
- BGP route "aggregator" on public internet is.... RFC1918?
- Does VMware VeloCloud offer DDoS protection? What are our options?
- Are DMZs becoming a thing of the past as it becomes more common for the firewall to act as the gateway?
- Trying to identify the source of a bandwidth restriction
- AnyConnect SBL
- Ping monitor with logs
- Legacy to SD WAN Planning Refs
- VRRP issue between HP 5406zl and Comware
- iperf multiple simultaneous port testing, with server with 4x1gb LACP ports.
- Clearpass MacAuth Aruba Switches Issues
- Network Monitor:PRTG Limit
- Meraki WiFi 6 issue
- Can the TCP window size and window scaling affect windows performance?
- Finding accesspoints that are offline
- Port mirroring and ntop - what packets get dropped?
- Ethernet Standards: Stranded Cable ? >10m
- Want to upgrade the average internet plan from 100 Mbps to 1 Gbps for my broadband users.
- GRE Tunnel and OSPF between Cisco and HP Aruba L3 2930F Switches
| Posted: 28 Jan 2021 04:00 PM PST It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments]  |
| Extending SD-WAN Fabric into Multi Cloud - Design and Throughput Limitation Concern. Posted: 29 Jan 2021 08:11 AM PST Just curious if anyone here has yet extended their SD-WAN fabric into the clouds? I am looking at doing this with Cisco Viptela, the company I work for is a large international org with locations across the globe. All of our locations will soon be on Viptela. We do not do much in terms of workloads in the cloud yet but we do have devs chomping at the bit to start moving some workloads into both AWS and Azure. The idea of putting some virtual v-edge's in a central "hub" network account and then using native cloud networking to connect to a multi account (VPC/VNET) infrastructure is appealing to me to help minimize the overhead of manually managing IPsec tunnels and BGP but I am very concerned about throughput limitations, from what I have seen so far of the licensing limitations of virtual v-edge's the max throughput of one of these devices is 100Mbps. I can put several v-edge's in this "hub" account and distribute load across them but even then to get a full 1Gbps throughput I am going to need 10 if the max throughput is 100Mbps which will dramatically impact the cost factor. Anyone doing this yet? [link] [comments]  |
| Line protocol down on port connected to fiber. Does light color need to show on the fiber itself? Posted: 29 Jan 2021 01:30 PM PST Hi there, I can't seem to get line protocol up on a fiber connection on a new switch I'm setting up. I don't think it's the switch though. I see that there's light from the port on the existing switch it's connecting to, there's light on the fiber in the closet by the existing switch, there's light on the fiber in the closet by the new switch, and there's light on one of the sides of the port on the new switch, there is no light however on the fiber patch cable (from the closet going to the switch). Am I correct to assume that the fiber patch cable is faulty? I'm not sure if I should be seeing light on all ends that are Tx. Sorry for the completely noob question it's my first time working with fiber! [link] [comments]  |
| Posted: 29 Jan 2021 01:18 PM PST EOLs have been announced for the last AireOS controllers, the 5520 and 8540: [link] [comments]  |
| Posted: 29 Jan 2021 11:57 AM PST We got a new switch, honestly probably refurbished. Baselined it, switch wasnt seeing the router. Called it a day after some troubleshooting. Came back the next day and it sees it and we can ping. We are trying to plug in an encryption device and it's having the same problem. No port light, tried different ports and nothing. No shut and shut the ports multiple times, power cycled etc. What could be the issue? Nexus 3172 btw. [link] [comments]  |
| accessing devices via a jumpbox Posted: 29 Jan 2021 11:41 AM PST Hello Fellow networkers, We have close to 100 routers and switches on our network that I access through a protected jumpbox. Every single time I want to access anything, I login to the jumpbox, fire up putty and access the device. I'm not permitted to access the device from my office vlan as it's blocked. I was wondering if there is maybe a shortcut to this process: Is their any way that I can configure the jumpbox to forward my ssh on behalf of the jumpbox from my computer? so essentially, my computer would somehow act like the jumpbox, that way I if I want to access multiple devices, I don't have to keep logging into the jumpbox to do this. This kind of sounds like a hack, but was wondering if there is any way.. [link] [comments]  |
| Posted: 29 Jan 2021 10:18 AM PST Greetings and happy Friday, fellow nerds! I have somewhat of an interesting question for the GRC Junkies in the room... I have a customer who has a requirement for:
For the life of me I can't find any vendors that support this... But there has to be someone doing this somewhere if they have the requirement. HALP [link] [comments]  |
| BGP route "aggregator" on public internet is.... RFC1918? Posted: 28 Jan 2021 10:14 PM PST Hey All - see image - https://imgur.com/a/k2seNgJ This is one of my public IPv4 routes on Telia looking glass. It's showing my router's private loopback IP as route aggregator... I think this is set in the atomic aggregator attribute on BGP route advertisement. But surely private IP shouldn't ever be seen in someone elses router? For confirmation, the BGP session is established with public v4 address provided by transit provider. Everything working fine. This doesn't seem right though - is anything wrong here? This is configured on a Juniper router. Perhaps this is expected 🤷♂️ [link] [comments]  |
| Does VMware VeloCloud offer DDoS protection? What are our options? Posted: 29 Jan 2021 11:16 AM PST Just curious if anyone knows whether VMware's SD-WAN solution offers DDoS protection or if their protection is as simple as configuring firewall rules for stateful traffic. Do they perform stateless inspection as well? Just looking for some options here from a security perspective! If they do not offer DDoS protection, what are our options here to protect our network? Would we need to purchase edge devices such as Corero or does Cloudflare offer network-based DDoS protection? I'm mostly only familiar with their application/web-based services. [link] [comments]  |
| Posted: 29 Jan 2021 08:43 AM PST Say you have a network like Internet > Firewall > 3 VLANs > L3 SW > . One of those VLANS is for servers - including a web server. You have a firewall rule that says webserver 192.168.10.10 can only access DB server 192.168.10.251 on port 1234. What added protection would a DMZ really give you in that scenario? Other than "segregation" and being able to quickly cut off all access and isolate easily? [link] [comments]  |
| Trying to identify the source of a bandwidth restriction Posted: 29 Jan 2021 11:20 AM PST I've been looking at this for a while now, ruling out different possibilities, but I'm afraid I might have gone too far down the rabbit hole and missed something obvious. What appears to be happening, is somewhere after the cable modem, only packets that originated on the other side of a wireless link are experiencing packet loss and lower bandwidth. We have a 1000/40mbps cable connection feeding one of the tower sites for our WISP, but have been unable to get anywhere near that speed from anything connected to the tower. The network layout is as follows: Cable modem/router <-> Ubiquiti EdgeSwitch-12 <-> Ubiquiti AirFiber-5X ~ AF-5X <-> Netonix Switch <-> Ubiquiti EdgeRouter-12. The AF-5X is weighted to provide about 360mbps download, 120mbps upload (and the direction is correct, I watched the throughput while running iPerf). Each iPerf test was set to run 20 parallel streams, with everything else left default. I also have an PC attached to the ES-12 at the same site as the cable modem.
I have also noticed that the first iPerf3 test is substantially faster than all of the subsequent tests: [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 4.87 MBytes 40.8 Mbits/sec 0 436 KBytes [ 6] 0.00-1.00 sec 4.97 MBytes 41.6 Mbits/sec 0 436 KBytes [ 8] 0.00-1.00 sec 4.74 MBytes 39.8 Mbits/sec 0 436 KBytes [ 10] 0.00-1.00 sec 4.74 MBytes 39.8 Mbits/sec 0 436 KBytes [ 12] 0.00-1.00 sec 4.93 MBytes 41.3 Mbits/sec 0 436 KBytes [ 14] 0.00-1.00 sec 4.96 MBytes 41.6 Mbits/sec 0 436 KBytes [ 16] 0.00-1.00 sec 4.74 MBytes 39.8 Mbits/sec 0 422 KBytes [ 18] 0.00-1.00 sec 4.80 MBytes 40.3 Mbits/sec 0 436 KBytes [ 20] 0.00-1.00 sec 4.86 MBytes 40.8 Mbits/sec 0 436 KBytes [ 22] 0.00-1.00 sec 4.80 MBytes 40.3 Mbits/sec 0 436 KBytes [SUM] 0.00-1.00 sec 48.4 MBytes 406 Mbits/sec 0 - - - - - - - - - - - - - - - - - - - - - - - - - [ 4] 1.00-2.00 sec 3.25 MBytes 27.2 Mbits/sec 0 436 KBytes [ 6] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 436 KBytes [ 8] 1.00-2.00 sec 3.25 MBytes 27.2 Mbits/sec 0 436 KBytes [ 10] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 436 KBytes [ 12] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 436 KBytes [ 14] 1.00-2.00 sec 3.55 MBytes 29.8 Mbits/sec 0 436 KBytes [ 16] 1.00-2.00 sec 3.31 MBytes 27.8 Mbits/sec 0 422 KBytes [ 18] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 436 KBytes [ 20] 1.00-2.00 sec 3.43 MBytes 28.8 Mbits/sec 0 436 KBytes [ 22] 1.00-2.00 sec 3.25 MBytes 27.2 Mbits/sec 0 436 KBytes [SUM] 1.00-2.00 sec 33.8 MBytes 283 Mbits/sec 0 Am I missing a flag that I should be using for the iPerf3 tests to rule out caching or could it be an issue with a buffer filling up somewhere on our network? Thats where i'm at. I'm looking for any and all ideas as to what could be causing this or how to improve my testing. It almost seems like an MTU issue, its just odd that it doesn't affect anything that doesn't go over the AirFiber link. UPDATE: I looked a little closer at the ES-12XP Switch. Initially I saw the error counters at 0 and didn't look any closer, but I decided to check the port status with the CLI and noticed this: GigabitEthernet1 is up Hardware is Gigabit Ethernet Auto-duplex, Auto-speed, media type is Copper flow-control is off back-pressure is enabled 60242052 packets input, 20450035001 bytes, 0 throttles Received 18555276 broadcasts (3222677 multicasts) 0 runts, 20 giants, 0 throttles 22 input errors, 2 CRC, 0 frame 3222677 multicast, 12 pause input 34695841 input packets with dribble condition detected 56203640 packets output, 52253365186 bytes, 0 underrun 17 output errors, 0 collisions 17 babbles, 0 late collision, 0 deferred 0 PAUSE output I hadn't actually heard of a "Dribble condition" before, but it seems to be an issue where the packet is too large, but can still be sent along? [link] [comments]  |
| Posted: 29 Jan 2021 09:25 AM PST Is there a way to make AnyConnect SBL Mandatory? I have it so that it shows up in the lower right hand corner before Windows Logon but the end user can still just log into windows without signing into AnyConnect. I unchecked "User Controllable" in the profile but this doesn't see to do the trick. Any Ideas? [link] [comments]  |
| Posted: 29 Jan 2021 04:19 AM PST Hi All I'm looking for a lightweight ping monitor tool / app which is also able to log statistics for a few days. This tool would run on a Windows Server and would ping external IP Addresses. So I'm not looking for a complete software suite like prtg or solarwinds. Thank you! [link] [comments]  |
| Legacy to SD WAN Planning Refs Posted: 29 Jan 2021 12:24 PM PST Hi, looking to obtain any good suggested primer and/or refs to develop a plan for migrating core, wireless and overall SD WAN from legacy core and FW equipment. My networking level is basic and trying to help team. 100+ locations with a couple dozen folks per location are involved. Hopefully, sufficient level of info. Thanks in advance. [link] [comments]  |
| VRRP issue between HP 5406zl and Comware Posted: 28 Jan 2021 11:57 PM PST Intro: We have 4 switches setup with VRRP on 4 subnets, if we change master on one subnet all hosts on the other subnets try to use the new masters IP for next-hop instead of their default gateway. The setup: 2x HP 5406zl (Switch A and B) 2x HPE FF 5940 in IRF (Switch C) Switch-A Switch-B Switch-C Virtual IP = 172.16.x.1/24 Example vlan config from 5406zl: Example vlan config from FF 5940: All vlans have vrid 10 setup with all switches configured as backup, switch-A has priority. The problem: If we change the master on vlan 113 to Switch-C, then hosts on vlan 110 through 112 decide to use 172.16.x.4 as their next-hop, ignoring their default gateway of 172.16.x.1, the second we move vlan 113 master back to Switch-A the hosts revert to using their default gateway. Have anyone seen this before? [link] [comments]  |
| iperf multiple simultaneous port testing, with server with 4x1gb LACP ports. Posted: 28 Jan 2021 05:44 PM PST I have a server with 4x1GB LACP ports bonded. The switch ports are set correctly. When I test multiple simultaneous iperf tests to this server, some of the results allow the full lane of 1GB simultaneously, but some workstations do not. For the case of this example if I have 2 workstations testing, I expect full 1GB each. What would cause it to drop the transfer 50% on some workstations but not others even though the workstations I am testing are on the same switch. Thank you for any suggestions. [link] [comments]  |
| Clearpass MacAuth Aruba Switches Issues Posted: 28 Jan 2021 04:15 PM PST Anyone here seeing non intelligent devices falling off the network when connected to Aruba legacy and CX switches? We are seeing more and more devices like printers and dvr fall of the network and rebooting them seems to fix the issues. [link] [comments]  |
| Posted: 29 Jan 2021 07:51 AM PST As we are near 10,000 sensor limit with prtg. Is there a way to increase the sensor limit without installing other server. And what are the other best options available ? [link] [comments]  |
| Posted: 29 Jan 2021 07:48 AM PST We are deploying MR 36 and 46 and for outdoor using MR 74 and 76 with Ant-20 omnidirectional antennas. When I move between APs even the strength of signal is -50db it shows few bars or disappearing for few seconds and getting back. Roaming doesn't look like seamless any idea on that ? And same setup with MR33 is great for indoors no issues at all. With outdoor deployment it's the same issue. [link] [comments]  |
| Can the TCP window size and window scaling affect windows performance? Posted: 29 Jan 2021 07:13 AM PST Hi guys, I've been looking at some data and trying to make sense of it. My company has a server that runs Windows Server 2012 R2 and it's used as a gateway to process a bunch of tcp messages and forward to other stuff. I'm trying to understand some of the latency behavior and I noticed that packets with different window sizes/scale have different treatments. I know that on Linux the memory is only allocated when used, but on windows OS I'm not sure how the memory and NUMA nodes work. Could it be possible to send a big window size and because the OS has to manage more memory it takes longer to process and it could also impact other incoming packets by "stilling " thread process time? [link] [comments]  |
| Finding accesspoints that are offline Posted: 29 Jan 2021 12:52 AM PST Hey guys. I just got responsibility for one of our network controllers with about 370 APs connected. There is also 20 APs that are offline and where I cant find the mac-address on any switch port. We use HP procurve/Arube switches and Fortinet APs. I have tried to get local IT helpdesk to look for the ones that are down but it seems many are moved from the room they were in to new rooms without updating the name (we name them based on room to find them easy). Is there any way to find logs on mac-adresse that has been on a port but is not there anymore? Is there any other trick to finding APs that are down that I might not have thought about? Thanks guys and gals, I always learn something new rom this sub and it has helped me a lot [link] [comments]  |
| Port mirroring and ntop - what packets get dropped? Posted: 28 Jan 2021 10:58 PM PST So I've got a 24 port gig switch with mirroring enabled, driving an ntop instance. All good, but it occured to me that the mirror port is only a gig, so if I have two simulataneous high speed transfers on my LAN going on at the same time a whole bunch of packets are going to get dropped. Am I right? I would guess the packets that get dropped would be random based simply on when they arrived at the mirror port? Am I on the right track here? [link] [comments]  |
| Ethernet Standards: Stranded Cable ? >10m Posted: 29 Jan 2021 03:48 AM PST Hi All, I was wondering if any could help me find the formal standard (e.g. IEEE) which provides the calculations for running stranded cable >10m, e.g. 15m. The website below provides the calculation but no reference from where it's been taken from, I've looked a few other sites which have the same calculations but no formal reference. If someone could point in the right direction it'd be appreciated. Thanks Swain90 [link] [comments]  |
| Want to upgrade the average internet plan from 100 Mbps to 1 Gbps for my broadband users. Posted: 29 Jan 2021 12:41 AM PST What should I do to start providing 1 Gbps internet speed to home users? Currently, I have approx 500 customers and I am using 4 EPON OLTs which only have 1 Gbps downstream speed on the PON port so they max out at 1 Gbps. Currently, the average plan per user is 100Mbps. So I don't think these OLTs are suitable for providing 1 Gbps speed to the home users. Currently, I am using xPON ONTs at the customer end which work both on EPON and GPON OLTs. Can someone help me? [link] [comments]  |
| GRE Tunnel and OSPF between Cisco and HP Aruba L3 2930F Switches Posted: 28 Jan 2021 11:48 PM PST Has anyone configured GRE tunnels between Cisco devices and HP Aruba L3 2930F switches? Our site to site links are configured to use GRE tunnels through IPSec tunnels, allowing us to run OSPF and dynamically route traffic between sites. Currently, there is a mixture of Cisco routers and L3 switches doing the GRE tunnelling and running the OSPF routing. We are looking at using HP Aruba L3 2930F switches at a new site. These switches support OSPF, but I haven't been able to confirm if they support GRE tunnels. Anybody know? If they do support GRE, has anybody configured them to work with Cisco at the other end of the GRE tunnel? Thanks. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment