Rant Wednesday! Networking |
- Rant Wednesday!
- When do we get to stop defending the network?
- L2 vs L3/L4 problems prevalence in enterprise networks
- server/client HTTP on-demand network performance tool
- Security Cert (SSL/TLS) Lifecycle Management
- The inevitable "Why are my transfers so slow" and how to fix it
- Linux - TCP traffic to IP without ARP entry vanishes
- We just had a VPN tunnel where one side was showing up, with tx and rx counters increasing, and the other side was showing down. We bounced it on the 'up' side and it started working. Any ideas what may have happened?
- Versa SD-WAN to AWS
- Lead times
- Multicast/PIM between 6500 and Nexus9k via vPC
- Staging Area Setup (UAT)
- Need some career advice...
- How to fault find a bandwidth issue?
- Question regarding Sandvine (Activelogic) bandwidth shaping
- Switch and server connection questions
- SocketIO server not getting connected in School WiFi
- Switch Recommendation 10GBe
- Does Loop Protect Protocol work with Port-Security ?
- Don't ever run WCCP on your core...
- Network Device Inventory Software
- Multiple IP networks on a single L2?
- Multigigabit switch
- Identifying wifi clients in a guest network
| Posted: 28 Sep 2021 05:00 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments]  |
| When do we get to stop defending the network? Posted: 28 Sep 2021 03:48 PM PDT Does there ever come a time that we get to stop defending the network and people stop immediately jumping to "it must be a network issue" without doing any basic troubleshooting? I'm getting burned out answering tickets escalated to me that should never have crossed my desk. And also when I have an issue with something and loop in an external vendor. It's always "our stuff is configured properly. It must be your network". [link] [comments]  |
| L2 vs L3/L4 problems prevalence in enterprise networks Posted: 28 Sep 2021 04:02 AM PDT Hi there, I've been working in a NOC for a little over two months and so far the vast majority of problems are related to either routing (L3) or firewalls (L4). L2, on the other hand, seems to just work - I have, for example, not seen a single STP related incident. I am thus wondering if this is the case for my organisation only or for most setups and what is the relative benefit of further learning about each category of technologies. [link] [comments]  |
| server/client HTTP on-demand network performance tool Posted: 28 Sep 2021 10:10 AM PDT So I operate a large enterprise network and I'm looking for a tool that can perform on-demand host to host network performance testing. I'd like it to test throughput, loss, delay, jitter, QoS, UDP/TCP, MOS, etc. I'd also like the tool to be installed on a webserver and use regular HTTP clients via a java applet or some such method. Is there any good software that can do this? I know of some good stand-alone hardware that can do this and be always on, but no software application that can be installed on our own infrastructure. I do use IPERF3 quite a bit, but this tool will be more for other IT staff to be able to rule out network issues. [link] [comments]  |
| Security Cert (SSL/TLS) Lifecycle Management Posted: 28 Sep 2021 12:48 PM PDT My team will be responsible for managing the expiry of certs on some of our network gear going forward. If they lapse, the entire network goes down due to the deployment design. What best practices and protocols do you use to make sure these expirations don't get missed? We can set email reminders to an AD Group/distro but these things are liable to change or disappear over the years. [link] [comments]  |
| The inevitable "Why are my transfers so slow" and how to fix it Posted: 28 Sep 2021 02:08 PM PDT Greetings everyone, Our company connects sites using MPLS and S2S IP Tunnels. There is a requirement for file synchronization between three primary sites (US site hands off to China site to keep 24/7 development in play). As always, due to the latency involved the file transfers are less than optimal , especially considering the size of the syncs. The files that need to be transferred are several hundred and about 100GB a night. Primarily US to Taiwan, then Taiwan to US.
My IT team is struggling with how to improve this - sftp, scp, MT robo copy while showing some marked improvement, are still unacceptable. We are planning to install direct 1GB MPLS links between the sites (I know, latency) - so what are some more tricks I can try? Should I just purchase hardware network acceleration devices? The other thought was using a service like raysync.io. Any thoughts or insight greatly appreciated! [link] [comments]  |
| Linux - TCP traffic to IP without ARP entry vanishes Posted: 28 Sep 2021 01:42 PM PDT I've spent some time today trying to debug IP traffic that wasn't going anywhere. Our application was sending it out, but tcpdump wasn't showing the traffic leaving the interface (Not a routing issue). Turns out, ARP was "broken", and there was no entry for the IP we were sending too. I've manually added an entry and asked someone to investigate our ARP issue however.... Is there anywhere in linux to help me debug this? What happens with traffic that gets dispatched from an application but doesn't reach the network? Any logs or "tcpdump" like commands to capture traffic like this in the future? [link] [comments]  |
| Posted: 28 Sep 2021 08:49 AM PDT All the details I can think of are in the title, but let me know if there is some other info that might be useful. But what could cause this type of situation? The tunnel is up now, but I just want to know what could have caused this so I can prevent it in the future. [link] [comments]  |
| Posted: 28 Sep 2021 11:02 AM PDT We have a co-managed Versa SD-WAN appliance and we have two BGP tunnels set up to AWS. The tunnels are up and connectivity is across the tunnels. Can ping and transfer data/RDP sessions. From time to time the tunnel will drop a few packets, before starting to communicate again. I have worked several times with the ISP and been escalated/what have you and issue is still occurring. I have matched the exact setting from the AWS documentation. The Versa appliance we have seen issues with a Meraki site to site VPN, which may have been isolated to Merakis not playing well in a multi-vendor environment. We keep seeing no proposal chosen, on both sides. Although the settings match as best as I can tell, and as well as the ISP Tech. The IPSec in the Versa appliance is set to 1 hour, and the IKEv1 or 2 is set to 8 hours. AWS Technician stated that there is a misconfiguration on the Versa appliance, I'm not an expert on the Versa side. I have the ISP technician reviewing on their side, possibly opening a ticket with Versa. I know it sounds simple, but the error we are seeing is no proposal chosen, and when 3 or more packets are dropped it causes issues with the application. Any suggestions or has anyone ran into similar issue? Any help is greatly appreciated. [link] [comments]  |
| Posted: 28 Sep 2021 10:58 AM PDT What sort of lead times are people seeing for the major vendors? I am planning for a major refresh (switching/routing/wireless/firewalls) in 2022 and just wondering how much consideration I should give to delivery times. Thanks! [link] [comments]  |
| Multicast/PIM between 6500 and Nexus9k via vPC Posted: 28 Sep 2021 05:52 PM PDT Hello Decided to add a pair of Nexus 9k into our multicast network, but scratching my head about proper way of doing that while using vPC link for upstream redundancy, considering that we using ASM and according to the cisco manual: "A PIM adjacency between a Switched Virtual Interface (SVI) on a vPC VLAN (a VLAN that is carried on a vPC Peer-Link) and a downstream device is not supported; this configuration can result in dropped multicast packets. If a PIM neighbor relationship is required with a downstream device, a physical Layer 3 interface must be used on the Nexus switches instead of a vPC SVI." Here is the schematic drawing: [vpc-pim-nexus-6500-1.png](https://postimg.cc/Z9rFqWqc) As soon as I enable link B - server looses some multicast flows (they are still being pushed by static join from 6500); if i disable link A and only leave link B up - no multicast flows at all even though "show ip mroute" shows them properly. I haven't tried to configure interface for Vlan B on the secondary nexus yet, but maybe going to give it a shot and additionally to enable an hsrp on it (don't think it will help though). From that I read - it should work fine if i convert interconnects between my 6500 and nexuses into individual L3 links. But, I really don't want to do it as there are some other vlans going through the vpc at the moment. [link] [comments]  |
| Posted: 28 Sep 2021 01:59 PM PDT Hi Guys, I have a requirement of setting up a staging area for test environment. Basic requirement is
Current Setup:
Query:
My Planning/Thoughts:
Any suggestions are welcome, thank you in advance. Apologies, if this query seems a bit noob. I have taken a role of Lead recently and this part comes along with it. [link] [comments]  |
| Posted: 28 Sep 2021 12:33 PM PDT Guys, can someone please provide me some career insight on this offer I am about to get? I know I must ultimately make the decision myself, but any insight would be helpful... Currently, I am a lead engineer making pretty good money for my age. I am very happy with the company and basically run the entire network... My downsides: they will not give me a raise and they do not have the $$$$ to expose me to emerging techs (I really want to get involved with ACI, SD-WAN, etc..... Additionally, there is nowhere for me to go upward. I asked them to create a new role and let me try to fill it.. they said no. I just got an offer for a fortune 50 company... Double the pay I have now, deep into 6 figure territory. BUT... Contract to hire. I do genuinely believe I would be converted. Additional downsides: 1.5 hour commute... Working in the office is mandatory. Right now I WFH 100%.... Also, they marketed the position to me as an Sr ACI engineer, but it seems that really what happens is: Design team sends me a design, I design the "implementation work", and then a layer 1 team deploys the tech... So it is almost like a Network PM role. However, there would be room for expansion Idk, I was really excited to work with ACI finally but it looks like I wont be touching the APIC that much at all.... There are a lot of cons, but the $$$$ is the biggest pro. Should I take it? Or wait until CCNP and try to get something better. Also, I know there is always the saying money doesn't buy happiness and not to chase the money, but this salary range would literally be life-changing for me. [link] [comments]  |
| How to fault find a bandwidth issue? Posted: 28 Sep 2021 05:58 AM PDT Hi all, I'm a Jack of all trades master of none edu ICT systems guy, I have HP/Aruba gear generally speaking. What I have a problem with is that I have 10gb fibre from the core to edge switches that are then gig to client. In a bunch of the edge switches the clients get as close to 1gb up and down as I could want, however, in a bunch of locations I get between 500-300mb. For the general clients that's really not a big deal, but my AP's plug in to those switches and then the problem obviously becomes bigger as instead of 1 client for each ~300mb I could have one AP with 30 users on it and then they only get that same bandwidth between them. They are all the same config, the switches. They all go 10gb fibre to the core. There is no obvious damage to cables, I've tried going from a fly lead to a laptop straight into the switches to cut out patch or room cabling issues, but with no joy. I'm not a mega network geek, I can and do get by in the cli doing some vlan stuff and some diagnostics on issues now and then, but I don't know how to trouble shoot this issue - is there some way I can do something on the switch to see where the slowness comes in? Any thoughts would be most appreciated. Also, im ok on the edge switches cli (procurve/Aruba) but the core is Comware and the cli on there scares me! Dunno if that will matter to any options I might have. Do fibre cables degrade? I just can't understand it. Thanks [link] [comments]  |
| Question regarding Sandvine (Activelogic) bandwidth shaping Posted: 28 Sep 2021 02:02 PM PDT I created a netobject (10.130.0.0/16), a shapingobject (50 mbs,split by none) then I created the shaping rule and linked the shapingobject to the netobject. There are 3 ip addresses in that subnet that I want to set their speed limit to 5 mbs, but I'm not sure exactly how to do it. Would really appreciate it if someone could help. [link] [comments]  |
| Switch and server connection questions Posted: 28 Sep 2021 11:53 AM PDT I have a server with an added in pci labelled as 10G 2-port Ethernet/Copper NIC and the it has a built in 10/25Gb 2-port Fiber Optic NIC. I have SFP to RJ45 1000Base modules - this means 1Gb instead of 10Gb right. Also the switch has all fiber 10Gb ports configured. — My questions are: Can you or can you not mix 1Gb and 10Gb speeds on different ports on the same switch? (Does it depend on the switch or is it bad practice?) Cat6 cables only support 1Gb right? (Package doesn't specify details). I think it only supports 1 Gbps because I think cat 6a is 10Gb. 1000Base SFP is 1Gb right? 10GBase SFP is 10G right? So I would need to buy either PCI Fiber NIC cards probably. Also all the labels and packaging for these only show "G" and "Gb" so I'm assuming Gigabits… and Gigabits per second. [link] [comments]  |
| SocketIO server not getting connected in School WiFi Posted: 28 Sep 2021 08:24 AM PDT We've an application which involves communicating through socket server. It's running in 2087 port. We've tried using different ports on our end, to no avail. Here's the list of things we've done so far to tackle this issue.
FYI they've also blocked peer-to-peer communication in their network and saying like they haven't blocked any port. We would really appreciate a way to make this work in their network. Hopefully, an universal solution which will work in these types of scenarios. Also, our login and other APIs are working fine since they're anyway happening over HTTPS. [link] [comments]  |
| Posted: 28 Sep 2021 07:23 AM PDT I need a recommendation on some affordable decent 10GB Ethernet Switches (Stackable), will mostly be used for iSCSI, so I think packet buffers are important here. It's key that within the range they have 10GB Ethernet and SFP+ models, that can be stacked together In an ideal world I would have the following all stacked together and all switches would have dual redundant PSU's 2 x 24 Port 10 GB Ethernet Switch I think I am struggling to find what I am looking for as 10GBe looks like it is a thing of the past with everything going over to SFP, however I have a SAN which we invested a lot of money into which has 8 x 10GBe Ethernet Connections. Look forward to your recommendations [link] [comments]  |
| Does Loop Protect Protocol work with Port-Security ? Posted: 27 Sep 2021 11:43 PM PDT Hello everyone, I'm working for a company which wants to change its network equipment. We are changing old aruba by aruba 6100. We are also changing network link, we remove network interconnection and we connect the switches to two network cores with fibres. We don't need STP anymore, so I'm configuring Loop-Protect on every switches to prevent network Loop. I also want to increase the network security by implanting Mac port-Secuirty. The problem is when I configure Port-Security on every port, Loop-Protect doesnt detect any loop anymore. When I disable Port-Security, it works again. My conclusion is that Loop-Protection doesn't work with Port-Security, is that normal ? Do you have any ideas ? Thanks ! [link] [comments]  |
| Don't ever run WCCP on your core... Posted: 27 Sep 2021 06:37 PM PDT Figured out that when the proxies have an issue and all drop out of session that it bumps every other interface with WCCP configured on them making dynamic routing go apeshit throughout the enterprise. Solve by offloading WCCP to an L2 attached switch and turning the WCCP statements on the core interfaces into PBR statements. What a freaking day that was... Just FYI, it worked fine for 10 years and was designed by a consultant for handling wireless byod traffic originally. [link] [comments]  |
| Network Device Inventory Software Posted: 28 Sep 2021 08:55 AM PDT Any recommendations on inventory software that can actively scan segments and then either figure out what sort of network devices (FWs, routers, switches, etc.) are there? Most of what we are finding is host/endpoint centric. [link] [comments]  |
| Multiple IP networks on a single L2? Posted: 28 Sep 2021 12:49 AM PDT I have always followed the unofficial best practice of putting only one L3 net (IP network) on a L2 network. If I added a network, I added a VLAN. However, technically there is requirement for this: one can not just assign multiple IP addresses to an interface but the IPs can have different prefixes (and hence constitute different IP networks). I am considering the following scenario: I have two sub nets routed over two different providers. I have some machines which should be accessible on both addresses. So I am considering creating a single VLAN called "WAN" that includes both networks. A node on this VLAN can then add either an IP from ISP1, an IP from ISP2 or both, depending on requirements. Is there anything wrong with this? Should I ALWAYS create a separate L2 network for each IP network? [link] [comments]  |
| Posted: 28 Sep 2021 07:14 AM PDT Need a switch with at least 2 2.5gbe, 5gbe or 10gbe ports besides the uplink. Preferably the uplink being 10gbe and the other ports can just be gbe. Doesn't need more than 8 ports and preferably quite/fanless. Also managed is a must. Ports have to be rj45. Have found switches like this for under 300 euro but they were unmanaged. [link] [comments]  |
| Identifying wifi clients in a guest network Posted: 28 Sep 2021 03:17 AM PDT Hi, a customer of my company has a bit of a unique request. We manage their wifi network and they have 3 SSIDs. One is for very secure clients and has a lot of logging and restrictions. But there is also a open guest wifi, which is basically open and you can access it with a voucher. And everybody can create vouchers for any guest. Now, there are a few very smart people who use the secure clients in the guest wifi and the customer doesn't like that. The clients have the randomized wifi mac enabled. But we have to find a way to block those in the guest network. Is there a way to identify these clients reliably? [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment