Shortest Path Bridging (Extreme/Avaya Fabric Connect) Networking |
- Shortest Path Bridging (Extreme/Avaya Fabric Connect)
- Internet Service Providers - How do you handle "Internet Abuse" notifications?
- Anyone have any technical analysis on the DoD's massive BGP advertisement?
- What would cause Packets to be so huge and be tagged with "Do not fragment = 1" ?
- F5 Big-IP trial for lab
- LACP vs LAG vs PAgP
- Adtran NetVanta 1550-48 Stack command?
- Need help with Pexpect for device config
- Cisco SD-WAN desing questions
- DMVPN Question - Not Cisco?
- Trying to make a Network Tester for our Facility and as a training tool. Can you make a Network tester out of a PC?
- OSPF - network command in ‘router ospf’ vs redistribute connected
- Tagging interface causes latency on other interfaces
| Shortest Path Bridging (Extreme/Avaya Fabric Connect) Posted: 29 Apr 2021 10:03 AM PDT I just watched some deep dives into the protocol and how it works and it made me wonder the following. Has anyone seen it deployed in large infrastructures? Especially in a network that extends over a large geographical area (WANs)? How is it working out? Any pitfalls? I understand that it was designed for carriers, but it seems to be mostly used for campus networks. I wonder how it handles big latency for example. I have zero experience with it, but from the technical deep-dives I just watched, it looks to be a really good protocol. [link] [comments]  |
| Internet Service Providers - How do you handle "Internet Abuse" notifications? Posted: 29 Apr 2021 05:58 AM PDT Hi fellow ISP employees - How do you handle those "internet abuse" auto-generated emails you may get from time to time? For example, we'll get an e-mail to our registered abuse POC email address like this: " One of your clients using the IP: A.B.C.D, which is according to whois allocated to you, has abused/attacked one of our server: Service: "portscan" We're considering coming up with a policy that allows for "1 strike" for the customer that has the IP address at the time of the "abuse." We would simply contact the customer and share the information we received in the abuse e-mail "as-is" and tell them to knock it off and remind them of our terms and conditions. If it happens again, we'd consider suspension or cancelation of service. But the rabbit hole can go real deep real quick when we start looking too long at these issues, and we don't want to create more work for anybody so we'd like to keep the process simple. Just curious as to how others may handle these situations. TIA [link] [comments]  |
| Anyone have any technical analysis on the DoD's massive BGP advertisement? Posted: 28 Apr 2021 04:55 PM PDT Or should I say Global Resource Systems, LLC's massive BGP advertisement? https://www.washingtonpost.com/technology/2021/04/24/pentagon-internet-address-mystery/ I don't buy for a second they handed over control of all these IPs to a private company just to prevent BGP hijacks. It also doesn't make sense to say it's a DoD shell company doing this. Everyone knows it's the DoD, why bother with the flimsy disguise? Beyond the initial route announcements, has anyone seen traffic from/to these address blocks? Are there any other technical discussions out there analyzing this? Anyone have any decent theories as to what is going on? [link] [comments]  |
| What would cause Packets to be so huge and be tagged with "Do not fragment = 1" ? Posted: 29 Apr 2021 08:10 AM PDT Investigating speed problems here https://www.reddit.com/r/sophos/comments/mzwfu0/ipsec_vpn_slowness_in_one_direction_over_2x_sites/ and noticed something strange. Info: 300/300mbps Software Sophos XG firewall Vmware / Vcenter on a VXrail cluster Site B: 1/1gbps Software Sophos XG firewall Vmware / Vcenter on IBM blades IPSEC VPN to both sites Traffic flows fast from Site A to B but is dead slow from B to A What I noticed while looking at the capture in Wireshark with a sophos engineer is the packets from site B are trying to send at huge sizes way larger than our MTU and upwards of 22000 packet length and these large packets have the header DO NOT FRAGMENT = 1 What would cause the packets to be set to Do Not Fragment? where in the network could cause the size to be so large (or inject data into packets)? Thanks this is crazy. [link] [comments]  |
| Posted: 29 Apr 2021 05:24 AM PDT Hi there, I'm trying to set up a basic lab to get my feet wet with F5 (company is about to purchase one) as I haven't worked with it before. For labbing I use GNS3 on Ubuntu. F5 offers a 90 day trial for the Big-IP. So has anyone used those trial versions with the GNS3 appliance? I suppose I can run the F5 as a VM and connect that to an infrastructure in GNS3. Any recommendations? [link] [comments]  |
| Posted: 29 Apr 2021 02:47 PM PDT Hello guys! I'm studying for my CCNP and am doing a comparison of the three EtherChannel negotiation protocols. Cannot find any smart information in books regarding the following questions: - Does PAgP protect against misconfiguration like LACP? - Which is the most widely used? - Which one bundles the ports fastest by default? I know that LACP supports fast rate, but is LAG(static) the fastest based on the fact that it uses no negotiation? - Which provides the wides vendor interoperability? I've read that ESXi only support LAG. - Does PAgP provide fallback to individual link operation? TY [link] [comments]  |
| Adtran NetVanta 1550-48 Stack command? Posted: 29 Apr 2021 01:26 PM PDT I just moved to could VOIP services thru Frontier and we purchased six of the Adtran 1550-48 switches thru them as part of the upgrade. I'm having hard time finding the CLI commands for stacking them together, or the process required thru the GUI. This is the first time I have had to work with Adtran hardware some I'm a little unfamiliar with the product see and difference in language. I've already got the first switch 90% completed, I have all my VLANs configured, IP routes setup, VOIP configuration tested and completed, and most of the other required network information completed. before I go any further I'd like to connect my second switch, can anyone point me to a thread or instructions for this the commands I have found don't seem to work with my device. I'd like to start working on link aggregation but can't until this is solved. Thanks again. [link] [comments]  |
| Need help with Pexpect for device config Posted: 29 Apr 2021 12:43 PM PDT Hello, I am still learning Python for networking :) but can't figure this out. If someone can help would really be thankful. My goal is to pull the 'show run' from the list of devices and create the list of VLANs for every device. Script successfully running show run but not the VLAN configuration. Most certainly it's something wrong with for loop. Any ideas? Thank You [link] [comments]  |
| Posted: 29 Apr 2021 11:55 AM PDT I'm a newbie with Cisco's SD-WAN/SDA strugling with our companys new PoC.... I have a couple of questions somebody can hopefully answer: 1.) I want my guest VPN to have only internet access and no access to DC. I read that I create DIA with templates but how do I block access between the branches? Do I use a local data policy (ACL) to block them between sites, or do I configure a centralized VPN membership policy that blocks them from being advertised in OMP? I would also like to use the same subnet on all branches... 2.) I have a VPN segment for users that is full mesh between branches, I want to add a new VPN that for security reasons cannot communicate between branches but all communication has to go through firewalls in DC. So as far as I understand the concept I have to block the sites from learning each other TLOC and direct the TLOC's to the DC. But in which direction do I apply the policy? TY [link] [comments]  |
| Posted: 29 Apr 2021 09:12 AM PDT Other than Cisco, who is really good at DMVPN phase 3? Full IPSec tunnels, running at a Gig on each spoke. Say, 700 spokes. 4 Hubs, paired, using some specific routing to do load balancing between a couple of pairs? I'm thinking the hubs would be provisioned for 10Gb each initially.. with the ability to scale up to 40Gb. Some QoS capability would be good, but all the links would be private MPLS. SD-WAN type capabilities would be an bonus, but we're not there yet. [link] [comments]  |
| Posted: 29 Apr 2021 09:06 AM PDT Me and a Co-Worker (Friend) are talking to each other today in the Server Room at work and had to go test a Port and re-terminate it. Then when we got back top office and started to wonder if you could use your computer and a combination of hardware and/or software to use your computer to be a network tester. Something like the basic functionality of something like the Link Runner G2 or any other Basic network tester? Can you get the name of the switch your attached to? Its stack number or port number? VLAN? IP? Any way to get Twisted Pair info or even do a cable test to look for Opens/Shorts/Cross or even possibly length? Beyond using a computer could you create a purpose made one from PC or something else? What are the basic levels of functionality that allows a network tester to get this kind of information? What kind of Protocol or Packets is it sending/receiving? [link] [comments]  |
| OSPF - network command in ‘router ospf’ vs redistribute connected Posted: 28 Apr 2021 09:56 PM PDT For years we only had an area 0 and had "redistribute connected subnets" for the access layer and a mix of "network 172.... area 0" or "ip ospf area" interface commands for core links. I read this decade old article and wanted to share it: ospf and connected networks. The big take away for me: redistribute connected creates ex2 type routes and you can't summarize those on ABRs. Using the network command creates IA routes which you can summarize (Just started splitting out network into geographic areas.) We are cleaning up a decades work of "organically configured" OSPF and it has been fun. [link] [comments]  |
| Tagging interface causes latency on other interfaces Posted: 28 Apr 2021 05:13 PM PDT I have two switches that are connected and passing a tagged VLAN (75). If I configure the switches like I have them listed below everything works fine. SW1 Gi0/2 - Tagged 75 and connected to Gi0/1 on SW2 Gi0/3 - No VLANs and connected to Gi0/2 on SW2 Gi0/4 - Untagged 75 (as native VLAN) SW2 Gi0/1 - Tagged 75 and connected to 3 ESXi hosts Gi0/2 - Tagged 75 and connected to same 3 ESXi hosts However, if I then tag Gi0/3 on SW1 for 75 it actually breaks my connection to the ESXi hosts and introduces major instability in the network. I start to see huge latency and disconnects across the 75 VLAN. Including on Gi0/4 which isn't related to anything but just shares the VLAN and is connected to a desktop. I've verified it always happens when both ports Gi0/2 and 0/3 are tagged for 75. If only one is tagged it works great. Any thoughts? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment