Rant Wednesday! Networking |
- Rant Wednesday!
- How many of you actually code at work?
- Is OSPF adjacency through a VLAN with multiple subnets on an Aruba 3810M & 2930F possible?
- Why is Priority not 0-15?
- I'm a highschool sophomore. What's the benefits/uses of getting CCNA certified?
- Support experience
- Looking for the exact SFP compatibility for the 100G slots on Cisco C9500-48Y4C
- New ARIN Allocation. Multihoming Questions
- Ubiquiti Replacement Options?
- Looking for some advice on what I can practice to simulate what we do in the real world
- FCoE and FC Switch Options
- Meraki MX67 Is IDS and IPS enabled by default?
- FEC and SD-WAN in Reality
- Site-to-site very large file transfer speed erratic
- 5 story building - running all cable drops to 1 floor
- Layer 3 Access and IPv6
- Controlling / Verifying Azure Routing Tables to enforce traffic through Third-Party Firewalls?
- Encrypting traffic between datacenters?
- Most Efficient Way to cover 15,000 SQ FT?
- Is a Senetas CN6100 layer 2 encryptor from Ebay any good?
- QoS on VXLAN EVPN fabric with servers at 25Gbps nics
| Posted: It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments]  |
| How many of you actually code at work? Posted: Everyone is going crazy about coding nowadays, even in stuff that do not need coding. It's like a buzzword, a trend, a fad you name it. But every company I have worked with, I never had to code anything, not even a script. So my question for this subreddit is: how many of you who their primary job is network engineer write/wrote code for a specific task at work? And by code I do mean actual code and not Excel formulas. [link] [comments]  |
| Is OSPF adjacency through a VLAN with multiple subnets on an Aruba 3810M & 2930F possible? Posted: I'm building out a network at a new location and planning to do it fully routed from the access layer up via OSPF. I'm using /30's for the connections between switches and looking to avoid using a different VLAN for each connection, so I'm thinking about making all the P2P links one VLAN and having multiple IP addresses for different /30's assigned to the VLAN interface on each switch. As an example, one access switch will have a /30 connection to two other access switches and two distribution switches, making a total of four different /30 subnets assigned to one VLAN interface. Will the switches form an adjacency in this type of configuration? I thought I remember reading somewhere in Aruba docs that it won't, but I can't find that particular document anywhere and I may have just imagined it. The Aruba docs I can find aren't that great on this subject anyway, though, which is why I'm asking here. EDIT: Thanks guys. For anyone else thinking about implementing something similar, no, it won't work. Get to creating those VLANs. [link] [comments]  |
| Posted: From my understanding, "old" Bridge IDs used 2 bytes for the priority section, to get 65k+ potential values. Priorities for new Bridge IDs can still be in that same range, but must be within multiples of 4096. What I'm assuming is that since Priority now only takes up 4 bits instead of 2 bytes, that 4096 = 0, 8192 = 1, etc. Is it for backwards compatibility with older devices that still use older BIDs? Would older devices be able to read new BIDs? [link] [comments]  |
| I'm a highschool sophomore. What's the benefits/uses of getting CCNA certified? Posted: I've been interested in pentesting, networking engineering, etc. for a bit now and recently I've been learning a lot about the CCNA. I definitely feel like I can teach myself what I need to know and I'd like to learn it all anyways but I'm not sure if there's a point actually taking the CCNA. I'd assume I can't apply it (although I'd love to if I could) and I guess it'll look good for college but I'm not really sure what benefits I actually get at this age. [link] [comments]  |
| Posted: Hi all, Looking to find what everyone experience with support it with Network vendors, My company is currently a Cisco only shop I've inherited (2960s access, 4910 core, Asa's, merakis) With a move impending to a new office and colo we have opportunity to replace -some- items (not all...thanks covid) this summer. Vendors Include cisco, Aruba, extreme, Mellanox, juniper We have quotations from vendors regarding core switching (32x100GbE ports core) to start, wifi and firewalls to follow but I'm curious how others experience with the following companies are, from customer support, implementation, intercompatabily day to day running, gotchas etc My experience is limited Cisco only from here, but I'm curious if anything is better.. especially for an almost solo infrastructure admin We ran off our old core for since 2011 so the speeds are to future proof growth of our growing media company (200 employees, ~3 petabytes of data) Access switches will be staying our 2960s this year, with hopes of swapping next year to the same switch family (thanks to covid it not being the entire) Specif [link] [comments]  |
| Looking for the exact SFP compatibility for the 100G slots on Cisco C9500-48Y4C Posted: I have 2 of these switches that I am "port-channeling" together using stackwise commands. Currently I am doing this via 2-10G ports. I would like to use the 100G ports to connect both switches if possible. What are the specific SFP's that are compatible? I have checked online to no avail. Also when I configure the 100G ports, should I use the stackwise commands on 1 or 2 ports? I believe stackwise has to be configured using 2 ports on 1 switch and 2 ports on the 2nd switch. I do like the possibility of having both switches 'logically' connected together, but if trunking would be better because I could save money and just use 1 port that might be a better option. Thanks for your help! [link] [comments]  |
| New ARIN Allocation. Multihoming Questions Posted: I just received a /24 and ASN from ARIN. Currently I have site A and site B. A is connected to Lumen, B is connected to Comcast. A and B are connected via MPLS. Both sites are using a private AS. Moving forward this is what I'm thinking will happen: I change the AS at each site to the ARIN provided one. Advertise my /24 from each site to thier service provider. Then I can start transitioning my isp provided IPs to the ARIN block. I planned on splitting it into /26 so I can potentially have 4 sites. So each site would have a /26 to work with. I know I'll need to have NAT at each site for all the addresses used. What am I missing? Will the bgp advertisements into mpls get messed up because the same ASN on each internet connected site (there are 14 sites in the mpls all currently using private AS numbers)? This is the first time I've multihomed anything so a bit nervous. Thanks! [link] [comments]  |
| Posted: Let's say, hypothetically, you had a small business with two 48 port POE, 1 aggregation switch, a 5 AP WiFi network, and a couple other switches from Ubiquiti. Only thing remotely fancy is vLan for VOIP. The price point was good, easy to setup and manage, and so far zero outages. Which vendors would you suggest looking at for replacement equipment should things get to that point? Anything close in terms of cost and ease of use? I'd like to get out ahead on the research if things go from worse to worser. [link] [comments]  |
| Looking for some advice on what I can practice to simulate what we do in the real world Posted: So I work for a company with a pretty sizable lab and I even work in networking but there's a boatload of terrible politics here and a bunch of in fighting going on so I'm trying to utilize my position as best as possible to get into a better job. I'm trying to get a list things together aside from just getting a CCNP that I need to for sure know how to do to successfully be a mid level network engineer (I have a CCNA and extensive experience in other areas of IT). I'll start with a few items:
What other things can I add here that are normal job duties you guys expect from your mid / senior level guys? I know like, upgrading a device and change management and all that but I want to nail some more stuff down here before I start applying for a job to get the hell out of here. [link] [comments]  |
| Posted: Hello all, We've got a pending issue that we've got with our Cisco Nexus 5548UP's having gone end of life, we've recently got 2 from Cisco refurbished, but we've only just found out they can't sell us an FC license for it, as the license is end of life too. We're putting together a BoM for 8 x Nexus 9300's but in the meantime the FC eval license on the Nexus 5k's is due to run out shortly, so I'm after some advice for bridging the gap, so to speak. What options do we have? Can the 90 day eval license be reset? Is there a cheap-ish (new or used) switch that'll do FCoE and FC I can use whilst the new n9k's arrive? Best, CC [link] [comments]  |
| Meraki MX67 Is IDS and IPS enabled by default? Posted: As per the title, we are using Cisco Meraki MX67 with IDS enabled (which I can see in the 'Security & SD-WAN' section) under 'Intrusion detection and prevention' with the mode set to 'Detection' but I am not sure if that also includes IPS? Is there somewhere to determine that? [link] [comments]  |
| Posted: I would love some additional feedback on FEC. It appears to me that when evaluating FEC with test tools, generating random packet loss as a percentage of packets, FEC works as advertised. But in real life, packet loss often occurs in bunches due to WIFI handovers, route flaps, and temporal network congestion. In a previous post, there was a wise comment about how FEC can increase latency, and its a trade off between how much FEC is applied, verses the increased bandwidth and latency. I'm a believer that dynamic FEC may never be responsive enough, or be able to anticipate events that cause packet loss in real life. I think the ideal use case for FEC is microwave circuits. These tend to really simulate random packet loss that is consistent during a rain storm. I doubt there are any other uses cases where dynamic FEC will actually improve things much at all. [link] [comments]  |
| Site-to-site very large file transfer speed erratic Posted: Hello everyone! I'm having a problem that I'm sure others have had, but I'm struggling to figure out the easiest and most reliable solution. Small company who is growing and trying to use low cost solutions for the moment. It might be the classic "long fat pipe" situation, but I'm a bit surprised that there are no clean and easy OOTB solutions, at least not that I've directly found. We have two sites each with 1gbit fibre connections to the internet. Ping times are very low - Google is less than 1ms, to each other is less than 5ms. SpeedTest.net on both ends multi-connection show full gbit speed, single connections are over 600mbit each side easily. We have backups that are > 1TB in size, and want them sent from one site to the other. The backup software that we're using doesn't support splitting the file, and it's better to have it as a single file for instant recovery purposes. Herein lies the problem. I see several different solutions that handle multi-stream or segmented file transfers, but they ?all? seem to split into multiple files locally, then combine after. Considering both windows and linux support sparse files, I have no idea why this is the default behavior. Recombining a 1TB file in this manner is incredibly inefficient and slow, especially as we're leveraging external 2TB USB drives on the receiving end for the offsite copy of the backup (have them on hand and they work for redundant storage). Using standard SFTP, FTP+TLS, FTP, or SCP have varying levels of success, but all seem to be anywhere between 15 and 80MB/sec depending on which way the wind is blowing. I assume it's more a matter of what path happens to be found between the two sites through the internet. Ideally I'd want an automated solution, but I'm not against manual ones for now. I'm toying with the idea of download accelerators but those are manual and all the ones I've seen use separate files and recombine in the end. I need to wrap my head around FastDataTransfer (http://monalisa.cern.ch/FDT/download.html) to see if that'll cover it. I'm also trying to wrap my head around rclone to see if that will do it. TL;DR - in today's age of multi-gbit connections and multi-TB file transfers, I can't seem to find an easy and reliable method for gbit file transfer speed across the internet that just segments a single file transfer without splitting it into multiple files on one end. [link] [comments]  |
| 5 story building - running all cable drops to 1 floor Posted: We have a 5 story building that currently has an IDF closet on each floor which serves the devices on that individual floor. Each floor connects back to the building distribution/core switch on the 5th floor. The problem we're having is that these IDFs are absolutely horrible to work in. Most of the racks are 10ft in the air and you need a ladder just to patch in a cable. Patch panels literally hanging down from the ceiling by rope. They're poorly lit, each having just a single light bulb hanging from the ceiling. No climate control or air filtering so they're luke-warm and filthy. Unfortunately, there isn't room to expand the current IDFs and there is no room on any of the floors to make new IDFs except on the Basement floor or 5th floor, so my question is - is there any particular design reason why we couldn't just run all new drops for each of the floors to a single, large, purpose-build MDF either on the basement or 5th floors? Each floor has about 12ft high ceilings so I can't imagine cable length would be an issue, unless I'm overlooking something. [link] [comments]  |
| Posted: We are working on an IPv6 addressing scheme for our enterprise. We also use layer 3 access for IPv4 and have for 15+ years. Each switch stack has its own production, VoIP, and management subnets (and special networks as needed). The reasons for L3 access were to limit broadcast domain size and minimize the spanning tree. Now we're working on our IPv6 addressing. My organization is large enough that we have a /32. And we're trying to keep to the /64 subnet boundary so we can still use SLAAC if we choose to. But we're having a disagreement on whether to continue layer 3 access, especially in light of IP fabrics and CRB.
The objection to CRB is that we go back to having a building-wide broadcast domain and more difficulty identifying the switch stack. (Example: if a production subnet is 10.47.88.0/24 and we see an IP 10.47.88.36, DNS resolution on 10.47.88.1 will tell us the switch stack, as that's the gateway IP. We're still flailing in our automation chops. Acknowledged.) So I'm looking for input from people who have implemented IPv6 in a L3 access and want to know what you did. Is the broadcast domain size still a concern? Did you maintain individual subnets per stack? Are you switching to a fabric? Did you change to CRB (regardless of a fabric or not)? Any other input? Edit: Understood that IPv6 avoids broadcast by using multicast. Still, if FF02::1 is used frequently (I admit I don't know how often it is) -- or any other common host multicast addresses (mDNS, SSDP, etc.), having 100 hosts on a VLAN is still better than having 10K or 100K. [link] [comments]  |
| Controlling / Verifying Azure Routing Tables to enforce traffic through Third-Party Firewalls? Posted: I imagine this is a common problem, but my quick Google-fu has failed me. We're implementing third party NVA firewalls in Azure in the standard active-active load balancer sandwich, and want to make sure that all traffic from certain subnets has to go through them. The standard way of doing this is to override the default Azure subnet routing tables with routes pointing at the NVA load balancers. So far so good, everything works as expected. But as the number of networks grows, and Azure keeps tossing automatic routes into its routing tables because it likes to be helpful, it's a management nightmare to make sure all routing table routes are always overridden with user-defined routes. How are people managing this and are there any clever auditing tools or tricks to prevent Azure or an admin from just tossing in a route that completely bypasses the firewalls? [link] [comments]  |
| Encrypting traffic between datacenters? Posted: Hello, Currently due to the nature of the business we're in we require that traffic between our datacenters be encrypted(using IPsec VPNS as of now). Currently we are doing this by running interconnects between firewalls but this presents a problem because we have firewalls handling the routing at the edge...is there something big I'm missing here? I'm aware this is broad but im looking for any and all suggestions. [link] [comments]  |
| Most Efficient Way to cover 15,000 SQ FT? Posted: Hey all - my business is growing and we are moving from a 4400 sq ft warehouse to 15000 sq ft warehouse (expandable to 25k). I have been getting by using a home router and modem in our current warehouse but obviously, it won't cut it for the larger space. I wanted to know what the best setup was for this large of a space. We have 1000 sq ft of office space which should be no problem to cover, but we will be using WiFi enabled SKU scanning equipment throughout the warehouse. I'm a software engineer by trade so I know my way around technical things and can likely setup the network without issue. Thanks in advance [link] [comments]  |
| Is a Senetas CN6100 layer 2 encryptor from Ebay any good? Posted: Hello, We operate a small network and are adding our second location soon. It means we will get a metro wave (10gbps) between these two locations and I would like to encrypt the communication on that line. Unfortunately our switches do not support MACsec, So we have to put something in between to handle the encryption. I found some earlier posts (1) which both mention Senetas encryptors to do the job, which is a viable option for us. I do found a bunch of them on ebay for cheap, however, I can not find too much documentation online about them. Will this work? Do I need a separate license / or credentials to make any use of these boxes? As they are high security devices, I can imagine it is not trivial to reset the passwords/keys for example. Thank you! 1: https://www.reddit.com/r/networking/comments/7snrl7/encrypt_40g_cross_country_connection/ [link] [comments]  |
| QoS on VXLAN EVPN fabric with servers at 25Gbps nics Posted: Hi All Just curious to ask this question, running an evpn fabric with 2 spines and a couple of leaf switches.. leafs are cabled to spines with 100Gbps links.. do any of you running evpn also supplement your configuration with QoS? Or there's enough complexity as it is and if the fabric is running as normal there's no need to add yet another layer of complexity.. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment