Blogpost Friday! Networking |
- Blogpost Friday!
- Dev has moved their SQL databases to Azure and now "it's slow". How have you explained the impact of latency on hybrid solutions?
- Submarine Cable Maps 2013-2021
- Best way to expose SSH service behind CGNAT?
- ASA to ASA - Simultaneous VPN possible? PBR & VTI
- Aruba switch and vlan question
- Question regarding Cisco 9410R and Quad Supervisor Installations w/ Stackwise Virtual
- Unmanaged 8 or 16 port gigabit switch with full POE+ power budget
- cable spaghetti special
- Slow connection from home to work
- New Network Engineer troubleshooting laptop wireless connection
- Dell 5212 VLAN Confusion!
- Private VLANs and non-private VLANs over same trunk ports?
- ACL on SVI filtering traffic to the default gateway?
- Tool to Collect and visualize RADIUS Accounting Data?
- Beginner Firewall Question
- Trivial brain fart: unless I've gotten dumb over the years, is there any use case or scenario at all where if Computer A successfully releases UDP traffic into a network bound for Computer B, assuming that UDP traffic is correct, where Computer A has any responsibility for that traffic?
- Compact, Alternative Powered Serial Console Server
- Dumb question related to uplink
- Meraki VLAN -> UniFi Switch -> HyperV VM
- Network Device state management with puppet
- How to tunnel a nmap scan through node and ssh?
- SSL Decryption
| Posted: 15 Jul 2021 05:00 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts. Feel free to submit your blog post and as well a nice description to this thread. Note: This post is created at 00:00 UTC. It may not be Friday where you are in the world, no need to comment on it. [link] [comments]  | ||||||||
| Posted: 16 Jul 2021 07:43 AM PDT Specifically their apps are on prem and their SQL databases are now in Azure and now their work is 20-30x slower. I'm trying to explain, unfruitfully, that increased latency will directly affect their transaction times if you do 1000 transactions at 1ms that's 1 second but now it's 30ms so it's going to take 30 seconds. If you have a resource that explains this simply please share. I've already provided articles explaining how latency poorly impacts some hybrid cloud solutions. If you have something that can ELI5 this please for the love of god share it. Edit: I should mention we have 10Gbps Express Route over Megaport from our DC with no packet loss, congestion, etc. Even ran ping plotter, packet captures, etc. during their performance testing but they still want us to tell them why it's slow. I fucking can't. [link] [comments]  | ||||||||
| Submarine Cable Maps 2013-2021 Posted: 16 Jul 2021 11:30 AM PDT Hi, Each year Telegeography makes some awesome submarine cable maps. They've been doing this for some time now, and the versions for year 2013 through 2021 is available here; They used to be interactive (i.e. you could zoom/pan the entire map), but since 2020 that is no longer possible (as far as I know). They have JPEG-versions available for download in somewhat OK resolution. However, they still seem to use the same system to generate the spinning globe and some other aspects of the website, which makes us able to stitch together maps. Fortunately, the 16K version was available for both 2020 and 2021. During the last few years, I've stitched these together as high resolution pictures (.png). The initial method was provided by /u/mcgroarty (thanks!). They are listed below in cut versions (letterboxes in top and bottom removed), but uncut versions is also available at the bottom. My personal favourite is (still) the 2015-version, which I made a custom version of with some minor edits to be better suited for print; I removed the year ("2015") so that it won't be "obsolete", and also made the "sponsored by" logo less intrusive (made it greyscale + removed the ®). The 2020-version is a close call to the 2015, but I still think the 2015-version is cooler to have on the wall (more "old map"-feeling imho).
Uncut versions;
[link] [comments]  | ||||||||
| Best way to expose SSH service behind CGNAT? Posted: 16 Jul 2021 04:02 PM PDT I have a remote server running 24x7 which as a normal DSL connection over a router. As a backup, I plugged in a Huawei LTE stick. Of course, the LTE connection is CGNAT, so I cannot open any services. What is the best and most reliable way to access my server in case the DSL connection is down that, if possible, does not need another server under my control? The most basic options require another external server; then an SSH connection could be built to that server. Or an openvpn connection. Another thing I thought of is a tor hidden service. But I'm not sure if this isn't overkill. Any creative advice? [link] [comments]  | ||||||||
| ASA to ASA - Simultaneous VPN possible? PBR & VTI Posted: 16 Jul 2021 03:25 PM PDT Hey there... I have to move two ASA's with a policy based tunnel to a VTI VPN link. Can I stand up the VTI without breaking the PBR? It "seems" like it should work... different connection methods and keys... Traffic shouldn't move over until I add the routes. But before I break something I thought I would ask. [link] [comments]  | ||||||||
| Aruba switch and vlan question Posted: 16 Jul 2021 02:23 PM PDT I'm new the the Aruba switch world, and am having a bit of an issue. We've got a TP-Link switch that I can define port 1/1 for example, with something like: I've tried to find something similar in the Aruba world, but after pouring over a lot of documents/posts from people online, I haven't seen anyone trying to do something similar Does anyone know if its possible? And if so, how ?? :) Thanks [link] [comments]  | ||||||||
| Question regarding Cisco 9410R and Quad Supervisor Installations w/ Stackwise Virtual Posted: 16 Jul 2021 02:06 PM PDT
Wtf am I supposed to do with the completely powered-off supervisor modules? Have an identical backup config of the primary supervisor above it and have it cross-connected to the other supervisors? How would I even copy over a config to it? I have experience setting up quad supervisors on Cat 6800's but I have these two 9410R's in front of me and when they say the supervisors are powered off, they literally don't register as a line card on any show commands. These were purchased and I was asked to set these up in a stackwise virtual config, but it seems like two of these supervisors are about to be cold standbys in a box? [link] [comments]  | ||||||||
| Unmanaged 8 or 16 port gigabit switch with full POE+ power budget Posted: 16 Jul 2021 01:43 PM PDT Does anyone know of an unmanaged switch, 8 or 16 ports, that can do POE+ across all the ports? As in it has a power supply large enough to cover all the ports running POE+ simultaneously. Pretty much everything I find says POE+ on all ports, but only has a power supply that can fully power about half the ports in the switch. [link] [comments]  | ||||||||
| Posted: 16 Jul 2021 07:36 AM PDT this is not fun at all. we're upgrading switches, re-cabling a slew of IDFs and i'm dreading it. not only are the cables of different length, the some patch panels were put in as an afterthought (not uniform, etc) i need your help. what has worked for you in this scenario? right now i'm just trying to diagram the problem IDFs just so we have an idea of what we're up against. but that doesn't address the likelihood that once we get the cabling right, the vlans will be screwed. hoping to get dynamic segmentation running to mitigate this. but again a bit overwhelmed and needing some advice. [link] [comments]  | ||||||||
| Slow connection from home to work Posted: 16 Jul 2021 01:16 PM PDT Background: Some of my users are complaining that file transfer is slow when they transfer files from the work machine to the home machine via the VPN. I decided to test it out myself. I did a speed test with both Google and Speedtest.net and got a download/upload speed of roughly 500/42. So home internet is fast. I did an iperf test with the file server acting as the iperf server. The file server is behind the firewall. When I VPN into the network and do an iperf test with my home machine as the client, I get speed of 38mbps. So I am thinking, it could be the VPN. So I did the same test, except this time I configured the server so my home machine can connect to the file server without VPN but it still goes through the firewall. I get a speed of 41mbps. OK, I am wondering if it's the firewall that could be causing the problem, so I set up a Windows 10 machine acting as an iperf server outside of m y firewall (with a public IP address). Testing that against my home machine, I still only get speed of 41mbps. I have another coworker run the same test. The result of all the tests are below (initials are name of the users): MN: xFinity 800/25, Speedtest Results 532/42 MW test: xfinity. Speedtest results 250/15. EC test: ATT fiber. 800/800. Speedtest results 630/510 First: Why is the connection from the home machine to the (MN), why am I not getting closer to 250mpbs? For the EC test, the transferred speed slowed down considerably when connected via VPN. I am guess that's a VPN issue possible. I will work with the vendor on that. But I am still curious why I am not getting closer to 250mbps. [link] [comments]  | ||||||||
| New Network Engineer troubleshooting laptop wireless connection Posted: 16 Jul 2021 12:28 PM PDT I'm the new Network Engineer for my company and I've got some decent networking skills, but my skillset is on the AD/server/storage/virtual infrastructure side of things. We've got a specific Windows 10 laptop that has issues connecting to our wireless network, but eventually after enough attempts the laptop will connect (about 10 minutes). There may be a few laptops that have this issue, but for the huge majority no one has issues connecting. Here is our setup: WLC - Cisco 3504 NPS - Server 2008 R2 running RADIUS AP's - mix of Cisco AIR-AP2802I-B-K9 and AIR-CAP3602E-A-K9 Error - AAA Authentication Failure for Client MAC: xx:xx:xx:xx:xx:xx UserName:host/HOSTNAME.FQDN User Type: WLAN USER Reason: Authentication failed [link] [comments]  | ||||||||
| Posted: 16 Jul 2021 12:00 PM PDT So I've got a Dell 5212 switch. Loaded some pre-made configs onto it. Trying to modify them a little and assign a few interfaces to Vlan 100. Error: "Vlan 100 does not exist." Do show run: interface Vlan 100 shows up. No shut Do show vlan: The other vlans that were loaded are on there. Vlan 100 is not. No int Vlan 100: this Vlan does not exist. Yet still shows up in the running config. [link] [comments]  | ||||||||
| Private VLANs and non-private VLANs over same trunk ports? Posted: 16 Jul 2021 11:59 AM PDT We recently set up a DMZ vlan for any device that is not controlled directly by our company and only needs direct internet access. This was simple enough to do and it's working fine. We would like to set up an additional layer of security between these devices by using private vlans to separate devices from different vendors. Basically, each vendors' devices would live in their own private community vlan, associated to the single primary DMZ vlan, all with access to the internet but without being able to communicate to another vendor's devices. I'm testing this in a lab setting right now and the issue I'm having is that I can get private vlan hosts on a switch to access the internet, and I can get non-private vlan hosts to access the internet, but not both at the same time. Here's a simple diagram: https://i.ibb.co/YDskJXR/2021-07-16-14-52-43-Untitled-Diagram-drawio-diagrams-net.png When the router-facing port is in trunk mode, host B can reach the internet. When the router-facing port is configured as a promiscuous port, host A can. But only one of the hosts can ever reach the internet at once. Obviously this will cause problems in production because unless I can figure this out, enabling the DMZ hosts in their private vlans to reach the internet will cut off access for all other non-dmz devices. What am I missing here? [link] [comments]  | ||||||||
| ACL on SVI filtering traffic to the default gateway? Posted: 16 Jul 2021 10:45 AM PDT Sorry if this is a dumb question, but this isn't making much sense to me. Essentially I have an ACL applied to a server vlan on a layer3 cisco switch. The ACL seems to be working as expected for the most part. Traffic to/from the permitted items works, and all else is denying. The only issue however is that the servers can't ping the SVI default gateway. To me logic would dictate that all the servers should be able to ping the GW since it's all within the same subnet, and therefore shouldn't be hitting the ACL for that traffic, however if I remove the ACL there is no issue. Can somebody explain this to me? Here's an example config: ip access-list Servers_in permit ip any host 10.1.1.10 ip access-list Servers_out permit ip host 10.1.1.10 any interface Vlan120 ip address 10.120.2.1 255.255.255.0 ip access-group Servers_in in ip access-group Servers_out out [link] [comments]  | ||||||||
| Tool to Collect and visualize RADIUS Accounting Data? Posted: 16 Jul 2021 08:55 AM PDT Am using FreeRADIUS to collect subscriber accounting data for a few thousand users. Problem is, not currently doing anything with that data. It's sitting in a MySQL database --- anyone know of an out of the box tool out there that can be used to read & visualize the data? Otherwise I suppose it'll fall to our dev team to write SQL queries and integrate into an existing product. What does everyone else use? Is everyone using custom solutions? [link] [comments]  | ||||||||
| Posted: 16 Jul 2021 08:49 AM PDT Hello.. new to firewalls (FortiGate) so bare with me if this is a stupid question.. If a subnet is assigned to a VLAN interface, can only that subnet pass traffic via that rule even if the source IP address field is "ANY"? (e.g.) Policy ID (1), Src Interface: internal VLAN: (10.0.0.0/24), Src Address: ANY, Dest Int: ANY, Dest Address: ANY, Ports: 443. Can only 10.0.0.0/24 leverage the above rule? OR can ANY internal address behind the FW leverage that rule? Thanks in advance! [link] [comments]  | ||||||||
| Posted: 16 Jul 2021 08:38 AM PDT
So it's been a long, long, long time since my deep network days. But... the case is still that if Computer A is behaving here... and it's UDP... there's bupkis that can be done strictly from the POV/internals of Computer A to help out whatever is ailing Computer B, right? It's gotta be something(s) on the far side of Computer A's NIC? [link] [comments]  | ||||||||
| Compact, Alternative Powered Serial Console Server Posted: 16 Jul 2021 07:34 AM PDT Hey all, hopefully this is allowed. I'm looking for a solar powered, compact serial console server. I only NEED one port, but 2 would be nice. I've been thinking of just using a standard compact one and self wiring a solar panel myself up to it, but I'd prefer it not to be that much of a hack job and I may end up needing more as time goes on. Does anyone have any suggestions? [link] [comments]  | ||||||||
| Dumb question related to uplink Posted: 16 Jul 2021 05:01 AM PDT Hi Guys, Noob question from a guy returning to R&S post 3-4 years as I have mainly moved to security roles in my organisation. But I have been handed a project where we are deploying few switches in customer's location. Mock up diag will be shared at the end of this post. As we are deploying multiple layers of switches in their environment. Currently, as per plan, TOR switch will connect to Core switch (Spine SW) in this new section in full mesh and same goes for L3 uplink with their existing switch. Switch modes:
Uplink Info:
Mock Diagram: Click here for network diagram My query:
[link] [comments]  | ||||||||
| Meraki VLAN -> UniFi Switch -> HyperV VM Posted: 16 Jul 2021 04:35 AM PDT Hi /r/networking, Router = Cisco Meraki MX64 As the title suggests, I'm trying to setup VLAN's for a 3CX SBC (VM) running on Hyper V. Currently the router/ firewall is a Meraki MX64 with VLAN 100 created and DHCP running. I've created a VLAN-only 'network' on the Unifi Controller and provisioned to switches. I've created a Profile called 'Tagged' which includes the native VLAN1 and tags the VLAN100, applied to all ports on the switch. The NIC on the VM has VLAN identification switched on with '100'. The VM cannot seem to get an IP address...? The Hypervisor is able to ping the Meraki's VLAN100 router IP (10.100.1.254). [link] [comments]  | ||||||||
| Network Device state management with puppet Posted: 16 Jul 2021 04:07 AM PDT Anyone uses puppet to manage state(in terms of how the configuration should be) on network devices? How is your experience so far? If you use puppet, do you only use puppet or use it with ansible and/or python netmiko or something similar? Also is it just puppet you use or puppet bolt? [link] [comments]  | ||||||||
| How to tunnel a nmap scan through node and ssh? Posted: 16 Jul 2021 07:51 AM PDT So I want to do a sort of asset discovery of local and remote locations using ssh tunnels. Want a frontend so I'm using node. Is it possible? [link] [comments]  | ||||||||
| Posted: 16 Jul 2021 04:56 AM PDT Just curious to hear what enterprise vendors everyone is using for SSL decryption? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment