Moronic Monday! Networking |
- Moronic Monday!
- Are bluecoat-like proxy devices becoming obsolete?
- Throughput vs Latency
- Telecom Broker Yes, No Maybe?
- Is there a place to download complete bgp peering data for ASNs?
- Workaround to CIDR overlap using site-vpn between AWS and Cisco Meraki on DX?
- I am a n00b will this OSPF design work in this network I'm building?
- MAC Authentication Roles in Aruba Controller
- Fibre Testers
- Firewall clustering across data center.
- Moving from Software Engineer back to my networking/IT roots?
- Configuring a firewall with two ISPs to determine which ISP to send information over/Diagram criticization
- How do you generally go about troubleshooting performance cases?
- Advice for replacing wiring that runs through PVC piping...
- Former Verizon engineers of /r/networking - is the grass ever greener, or are all telecom companies incompetent?
- Limited long distance throughput
- VIPTELA SD-WAN
- How do we properly perform CGNAT on a MikroTik Router for customers?
- What is this fibre cable? LC to SC?
- Which IPS/IDS has the best reporting UX?
- Frustration with PA firewall
- Need your opinion: is this a good time to be joining Aruba?
| Posted: 30 May 2021 05:00 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it. [link] [comments]  |
| Are bluecoat-like proxy devices becoming obsolete? Posted: 31 May 2021 06:39 AM PDT I work for an MSP, we do f5, palo alto, broadcom(symantec(bluecoat))) (lol) proxy stuff. I have it on my career path /review plan thing to get the bluecoat proxy certifications. So a conversation I once had came to my mind, about how most firewalls can URL filtering with just a simple license and how with unlimited bandwidth and cloud, proxy solutions are going to be history soon. It made sense to me but I'm not so sure about it! Do you guys still use proxy solutions at your work? Should I even get the cert or just go back to my boss and maybe talk about getting a Proofpoint email gateway cert or some cloud cert? [link] [comments]  |
| Posted: 30 May 2021 07:19 PM PDT Hi! Let's say we have 2 different paths for a S2S VPN connection from a remote site to a DC : 1- 10/10Mbps MPLS L3VPN with 50ms Latency 2- 500/500Mbps Broadband Internet with 75ms Latency Am I right to think that the MPLS path will give a better user experience for internal services if the remote site is only using an average of 4-5Mbps ? Thanks Edit: Thank you all for you help!! I will monitor the links closely for traffic bursts. [link] [comments]  |
| Posted: 30 May 2021 03:50 PM PDT First, the context: I've been doing networking for a long time... CCNP, operated a number of networks, etc. I've brokered some telecom services as well over the years but never made it my main thing, but have thought about it... More generally do you prefer to work direct with providers or with telecom brokers for WAN solutions, fiber, datacenter leases, SIP trunking, etc or do you prefer to leverage an agent to vet multiple solutions, negotiate pricing and so on? Anyone who has worked with a broker/ agent in the past what are some other things that really added value and made it worth wile? Thanks! [link] [comments]  |
| Is there a place to download complete bgp peering data for ASNs? Posted: 31 May 2021 09:22 AM PDT Is there a place to download complete bgp peering data for ASNs updated daily? [link] [comments]  |
| Workaround to CIDR overlap using site-vpn between AWS and Cisco Meraki on DX? Posted: 31 May 2021 07:36 AM PDT We are trying to setup a site-to-site VPN from AWS to customer Data center running Cisco Meraki Gateway. This shouldn't be much of hassle setting up and getting the tunnels up, however the issue is we are both on overlapping subnet CIDR. The problem is that AWS transit gateway/site-vpn setup doesn't allow SNAT/DNAT and in this case the customer gateway (Meraki) also doesn't support SNAT/DNAT as a workaround. I looked up setting up Openswan to SNAT/DNAT but the https://aws.amazon.com/articles/connecting-cisco-asa-to-vpc-ec2-instance-ipsec/ mentions setting up NAT on the destination side as well. What are the some of the workarounds I can do to get this tunnels up and running? [link] [comments]  |
| I am a n00b will this OSPF design work in this network I'm building? Posted: 30 May 2021 08:11 PM PDT In addition to the OSPF 100 areas you see here, each LAN will be running OSPF 1 area 0 locally. Will this work or are there issues with this? Topology ----> https://imgur.com/YHrGo2 [link] [comments]  |
| MAC Authentication Roles in Aruba Controller Posted: 31 May 2021 05:37 AM PDT Hello all, I am new here and don't know where should I post. I have Aruba controller 7210 and I want enable MAC Authentication on one SSID. I enabled it and created role named "Deny_MAC-Auth" that is deny all and selected it as default role. then I selected the "Services" role as MAC Authentication role. I added my clients to the internal database of the controller and selected "Services" as their roles. when I trying to connect from my client, it can't get IP address. Can anyone tell me what is the best roles should I choose to work well? [link] [comments]  |
| Posted: 30 May 2021 06:15 AM PDT Can someone recommend a fibre tester for verifying end to end connectivity and performance for a multi-campus network? I need to be able to check both single mode and multi mode fibre installations. Buildings are all within a 10 mile radius. It needs to support different connectors LC, SC and ST. I've been having a look at Flukes website but pretty confused by their product lines and data-sheets. They also ramp up their prices to ridiculous levels. Edit: There is so much fantastic information in these comments, thanks everyone. I'll have a good look at this tomorrow and speak to my boss about options. Really appreciated! [link] [comments]  |
| Firewall clustering across data center. Posted: 30 May 2021 10:58 PM PDT Hey, I'm currently reviewing a vendor's design which includes single Fortigate firewalls clustered across multiple datacenters. Experience has taught me that this is a bad idea. In my engineering days, I saw entire stacks break due to:
In my eyes, clustering of single firewalls no longer fulfils my requirement for redundancy since there is only 1 logical firewall across our data centers. I've always thought this to be against best practice and I know the vendor will be asking for evidence of this. Does anyone have references to any vendor best practice, handbooks, whitepapers etc that covers this topic? Googling has brought up many forum discussions around this but nothing "official". Thanks Edit: My job is to provide technical oversight over vendor technologies that are sold to critical organizations in my country. I am not a customer to these vendors but vendors do need my approval before they can sell their services to these organizations. Naturally, they will push back if I'm suggesting changes that has cost implications to them. [link] [comments]  |
| Moving from Software Engineer back to my networking/IT roots? Posted: 29 May 2021 07:56 PM PDT Hi! I got laid off from my software engineer job and took some time to re-evaluate things. I've been a Software Engineer for the last ~4-5 years, but I'm not sure if I'm cut out for it. I got my start in IT as a network tech and always enjoyed my Cisco networking academy classes which helped me earn an AAS degree about a decade ago. I stayed in IT ops for a while, but ended up going the sysadmin route and eventually wound up going back to school and getting a SWE internship (and worked for Cisco after graduating, funnily enough). But I'm just kind of burned out on SWE, I think. I don't really enjoy trying to keep up with the combinatorics of front-end/back-end languages, technologies, frameworks, testing libraries, dependencies, etc. I enjoy problem-solving and logic, but I really struggle with the abstract mathematical thinking required for data structures & algorithms, etc. I'm a reasonably talented programmer, but I'm best at scripting for performing/automating concrete tasks rather than designing/implementing new abstract features. I'm hoping to get some feedback about what my options are. I want to be able to WFH 100% (even post-covid), so I'm thinking something cloud-based is probably going to be best. I had a Network+ cert that expired years ago, but could probably pass the CCNA after a quick update/refresher. Cloud Network Engineer? DevOps? What's the reasonable play here? [link] [comments]  |
| Posted: 30 May 2021 02:14 PM PDT I'm pretty new to networking and have been given a school assignment to design a network. I don't exactly know what I'm doing but I'm working to the best of my abilities. Here is a diagram (I know it's hard to read draw.io made it look silly after PNG conversion). Anyways I'm trying to assess what exactly would need to be done so the firewall knows to send information to the ISP provider that has an MPLS connection to the offsite building. Would I configure the firewall to do something? Also do you guys approve of my diagram? I've never designed a network before. Any help would be greatly appreciated. [link] [comments]  |
| How do you generally go about troubleshooting performance cases? Posted: 29 May 2021 08:22 PM PDT Hello, I've recently moved into the world of IT in the Network sector. I'm really enjoying what I do so far and I feel like I'm able to resolve most issues within my Tier 1 means. The one thing I'm getting clogged up on, filling my bins are the dreaded "slowness" issues. I have the general questions down "when did it start, who's affected, is it consistent times, random, or all day etc" I'm feeling like I'd much rather answer the phone to a system down than just general slowness. What are some good troubleshooting techniques you use for performance cases? [link] [comments]  |
| Advice for replacing wiring that runs through PVC piping... Posted: 30 May 2021 04:21 AM PDT So here's the setup, this is a small office (<50 network drops in the whole building) that has a small computer lab with 12 connections. Way before my time, these connections were run through PVC pipe in the floor that continues up a wall into the drop ceiling. Originally, these then connected to a pair of daisy-chained 10BaseT hubs with a single line running back to the actual network stack (after I discovered this gem, I replaced the hubs with a single switch that was lying around). My goal is to get all of these connections directly wired back to the network and remove the middleman if possible. I'm currently running new cable and am wondering if anyone has tips for replacing that cable that's running through the PVC? I've tried just pulling it through from the end in the ceiling, but I think there are too many bends in the path so it won't budge. Opening up walls/floors is not an option, unfortunately. [link] [comments]  |
| Posted: 29 May 2021 09:16 PM PDT Soon-to-be-former Verizon SA here. In my time at Verizon, I have become worn down by our incompetence, inflexibility, half-baked "marketecture", and overall inability to build solutions that are actually good for the customer. I'm happy to be leaving the world of telecom to join a vendor, but as I walk away, I can't help but wonder if all of the major service providers are equally bad, or if Verizon is uniquely awful. So for those of you who've had a chance to work with other major telecoms (i.e. AT&T, Centurylink, BT, NTT, Orange), is the grass greener on the other side? [link] [comments]  |
| Limited long distance throughput Posted: 30 May 2021 04:01 AM PDT Hi all, We're stumped. We've got a new 1gig metro E circuit, our ISP is peering on all the local IXP's and we get good throughput to local servers. They have a diversified upstream network which includes HE and Cogent. However, we are unable to exceed 5% of the links capacity when reaching international servers, specifically on Windows PC's. The ISP has been doing some investigation but nothing has turned up. My suspicion is that it's MTU or TCP windowing related, but all testing checks out. We have a Sophos UTM as our gateway which never exceeds 10% CPU or link utilization. Any ideas how we can fault find this further? [link] [comments]  |
| Posted: 29 May 2021 09:19 AM PDT Hello all Update: I changed the dns to opendns and it worked Thank you all I have a weird issue and I'm literally losing my mind, I want to try clouldexpress (cloud on ramp for IaaS) in my eve-ng lab. all my vEdges can reach the internet also I have turned app-visibility on I did some applications policy and worked fine. but when I try to do the cloudexpress the application stays red even tho when I open the same application in the browser it shows in the DPI but not in the cloudexpress app. I did suspect that it's DNS issue so I found that the vEdge doesn't resolve names through vpn 0, but it does resolve them on vpn 1, I did check everything but no luck. noting that my vmanger doesn't access the internet idk if this relevant I hope anyone can help me with this because I'm losing my mind that's one of my vEdges configuration: bfd app-route poll-interval 10000 system host-name vEdge1 system-ip 2.1.1.1 site-id 1 admin-tech-on-failure no route-consistency-check organization-name network-lab vbond 10.10.100.2 aaa auth-order local radius tacacs usergroup basic task system read write task interface read write ! usergroup netadmin ! usergroup operator task system read task interface read task policy read task routing read task security read ! usergroup tenantadmin ! user admin password $6$EGF05c24x.zG7IwK$qzGxsZX5z1ADe9EtL3oLwfkqxjn5TfYmxbgkj75c1h6V7NwnLPl92eCHHF2LdmBNn/eXk1ANZQD2SrN0uaE2S0 ! ! logging disk enable ! ! ! bfd app-route poll-interval 10000 omp no shutdown graceful-restart advertise connected advertise static ! security ipsec authentication-type ah-sha1-hmac sha1-hmac ! ! vpn 0 dns 1.1.1.1 primary router bgp 65005 address-family ipv4-unicast network 172.16.2.0/30 ! neighbor 172.16.2.1 no shutdown remote-as 1 address-family ipv4-unicast ! ! ! ! interface ge0/0 ip address 192.1.1.1/24 nat ! tunnel-interface encapsulation ipsec color public-internet restrict allow-service all no allow-service bgp allow-service dhcp allow-service dns allow-service icmp no allow-service sshd no allow-service netconf no allow-service ntp no allow-service ospf no allow-service stun allow-service https ! no shutdown ! interface ge0/1 ip address 172.16.2.2/30 tunnel-interface encapsulation ipsec color mpls restrict allow-service all no allow-service bgp allow-service dhcp allow-service dns allow-service icmp no allow-service sshd no allow-service netconf no allow-service ntp no allow-service ospf no allow-service stun allow-service https ! no shutdown ! ip route 0.0.0.0/0 192.1.1.254 ! vpn 1 dns 1.1.1.1 primary cloudexpress node-type client allow-local-exit local-interface-list ge0/0 applications google_apps ! interface ge0/2 ip address 192.1.21.1/24 no shutdown policer 8K in vrrp 21 priority 150 track-omp ipv4 192.1.21.254 ! dhcp-server address-pool 192.1.21.0/24 offer-time 600 lease-time 86400 admin-state up options default-gateway 192.1.21.254 dns-servers 1.1.1.1 ! ! ! ip route 0.0.0.0/0 vpn 0 ! vpn 512 interface eth0 ip address 10.0.0.4/24 no shutdown ! ! policy app-visibility policer 8K rate 1024000 burst 15000 exceed drop ! lists data-prefix-list TELNET_BLOCK ip-prefix 16.16.16.16/32 ! ! access-list TELNET_BLOCK sequence 1 match destination-data-prefix-list TELNET_BLOCK destination-port 23 protocol 6 ! action drop count TELNET-COUNT ! ! default-action accept ! ! [link] [comments]  |
| How do we properly perform CGNAT on a MikroTik Router for customers? Posted: 29 May 2021 08:33 AM PDT MikroTik Subreddit thread of this: https://www.reddit.com/r/mikrotik/comments/nnne1e/how_do_we_properly_perform_cgnat_on_a_mikrotik/ So in the MikroTik wiki, they used action=src nat as an example, whereas, on various MUM presentations, they used action=netmap. Note: We are NOT doing or interested in deterministic NAT. So basically this what we want:
This is an imperfect solution compared to IPv6, but we would like to give customers at least a better if not perfect P2P networking experience while IPv6 is being rolled out. So this is what we've tried along with IPSec passthrough attribute: So the above rules, sort of works... On the customer end, we were able to seed torrent traffic without any issues but the ports are still "closed" for the public /25 mapped to the customer at the time of testing, which we checked with the port checker. Is there a proper way of doing CGNAT to allow this to work correctly? I feel something is wrong with the rules themselves. A different network operator was able to open up ports from the public for their CGNATted customers using MikroTik, we are not sure how they did it. [link] [comments]  |
| What is this fibre cable? LC to SC? Posted: 29 May 2021 03:07 AM PDT Can anyone tell me if this cable in the screenshots (Fibre 50/125 OM3 cable) is LC to SC please? I need to get a replacement today as emergency out of hours work for friend and don't have the cable handy to tell, only have these low quality mages. I havent done a lot with fibre cables before so wanting to check. It plugs form a Netgear Prosafe (1999Base SX/LC) connector to the patch panel so my guess is SC to LC like this link OM3 50/125 LC-SC Multimode Fibre Patch Lead Duplex 2m (7ft) - Aqua - FS United Kingdom [link] [comments]  |
| Which IPS/IDS has the best reporting UX? Posted: 28 May 2021 06:54 PM PDT What IDS/IPS either cloud or on-prem has a good user experience for admins to get insights from in terms of data coming out of reporting? Cisco? Palo Alto Networks? Fortinet? [link] [comments]  |
| Posted: 29 May 2021 01:06 AM PDT I am trying to configure a new PA firewall that will replace our ASA and I am running into problems just trying to get connectivity to the internet from our internal network. I feel like I am going crazy over not being able to make a simple configuration work on this firewall. So I have (2) zones (trust/untrust). trust is assigned to L3 internal interface, untrust assigned to L3 outside interface (facing the ISP's equipment). Both interfaces are using static routing and I can ping different internal subnets as long as I specify the source as the internal interface and vice versa with the external interface. I have a security policy to allow traffic from trust zone going outbound to untrust zone. My NAT policy has trust set to source and destination set to untrust. Source translation is set to dynamic ip and port, with the interface set to the external facing interface and IP address. Obviously I want to add more granular rules to filter traffic properly but if I can't even get a basic configuration going, I can't move onto more complex configurations. I come from an ASA background so there seems to be a bit of a learning curve here. [link] [comments]  |
| Need your opinion: is this a good time to be joining Aruba? Posted: 28 May 2021 11:02 PM PDT I've received an offer to work as an SE at Aruba. I'm super excited about this opportunity, as working in pre-sales at a large networking vendor has always been a major career goal of mine. Originally I had been set on joining Cisco, but after seeing the mess they've become over the past couple years, they're no longer on the top of my list. Meanwhile, it seems like Aruba is headed in the right direction, and there's room for actual growth as well. Since I'm assuming there are at least a few Aruba employees lurking around here, I thought I'd ask the question: do you think this is a good time for someone to join your company, especially in a pre-sales role? I've already heard the "pitch" from the hiring team, but I'd like to hear your unfiltered opinions. If you're not comfortable posting your opinions publically, please send me PM. Thanks! :) [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment