Rant Wednesday! Networking |
- Rant Wednesday!
- Python for Network Engineers free course starts next Tuesday (Sept 7th)
- Setting up wifi for a local festival with an estimated 5000 (potential) devices, someone hold me I'm scared
- Advice on how to make code more useful to others
- Monitoring Inside ACI
- Full Time Remote Engineer
- Device to receive UDP audio broadcasts
- Aggregate links to Active/Standby HA Sonic Walls
- Differences between these two Klein Tools tester kits?
- Skills and Qualifications useful when applying for Field Engineer positions?
- Newbie asking for Help on EVPL/Point to Point Ethernet
- SD-WAN designs: Additional Firewall/IPS?
- Digital Phone line troubleshooting question.
- DCN Switch port Mode Access
- Port Forwarding questions
- Device Lifecycles, and when is your EOL?
- Dell EMC 2048P Switch Modes
- gPTP 802.1AS
- ZTP not working on Viptela SD-WAN
- Cisco Firepower vs Fortinet/Palo
- VPN concentrator
- How to thoroughly test an ISP connection ?
- Aruba CX Networking VRRP or VSX
- Cisco AnyConnect DNS weirdness
| Posted: 31 Aug 2021 05:00 PM PDT It's Wednesday! Time to get that crap that's been bugging you off your chest! In the interests of spicing things up a bit around here, we're going to try out a Rant Wednesday thread for you all to vent your frustrations. Feel free to vent about vendors, co-workers, price of scotch or anything else network related. There is no guiding question to help stir up some rage-feels, feel free to fire at will, ranting about anything and everything that's been pissing you off or getting on your nerves! Note: This post is created at 00:00 UTC. It may not be Wednesday where you are in the world, no need to comment on it. [link] [comments]  |
| Python for Network Engineers free course starts next Tuesday (Sept 7th) Posted: 01 Sep 2021 10:21 AM PDT About once every three months, we run a free course on Python for Network Engineers. Our next course starts on Tuesday, September 7th. You can sign-up here: https://pynet.twb-tech.com/free-python-course.html The course syllabus is as follows: The course covers Python fundamentals from a network engineer's perspective. So it covers Python basics using examples and exercises that would be generally familiar to a network engineer. It is definitely a beginners course and doesn't assume any existing Python knowledge. Towards the end of the course I transition into applying Python to Network Engineering (Netmiko and Jinja2). This is definitely a minor part of the course, however, relative to the Python fundamentals content. The course format is a lesson a week for eight weeks. The lessons come out every Tuesday morning (U.S. Pacific time). The lessons consist of videos, exercises, and additional content. A bit about myself, I am the creator and maintainer of the Python Netmiko library and also do a reasonable amount of work on both the NAPALM and Nornir projects. I am a long-time network engineer and have been into network automation for several years now. If you have any questions about this course, ask away. Regards, Kirk [link] [comments]  |
| Posted: 01 Sep 2021 02:25 PM PDT I feel very out of my depth but here goes: the company that I work for is providing wifi for a local festival and I've been tasked with making sure it goes well. I'm planning on using a netgate fw (or similar with QoS/traffic shaping) and ubiquiti high density APs for providing the setup. of concern is that they are going to have lots of those ipads with square readers on them for payments and I need to make sure those have priority to bandwidth. I am setting up two VLANs, one for Guest and one for POS systems. I literally learned about https://en.wikipedia.org/wiki/IEEE_P802.1p while setting up a test bed just now, and I'm wondering if I add in QoS/traffic shaping on top of this if it will help, do nothing, or hurt performance of the network. also i suppose while I'm here if anyone has setup stuff like this before please drop your protips. In my head I'm setting up a portable rack with my firewall and a POE switch in it, then just connecting all my APs up to the switch and setting it up like it's a normal office network, but I've gotta be missing details here. [link] [comments]  |
| Advice on how to make code more useful to others Posted: 01 Sep 2021 02:22 PM PDT I write a lot of useful code for myself. Take my latest project for example, Network Search and Rescue: https://github.com/austind/net_sar It does exactly what I need. Pulls hosts from my NMS (Solarwinds Orion), pulls CDP neighbors, and finds any CDP neighbors that aren't in my NMS. I didn't use Ansible because get_facts doesn't return important details about CDP neighbors (specifically IP address and capabilities). Also I've found ansible is a lot slower than plain multithreaded netmiko. I want to make this more useful to others as "canonically" as possible, but I need some feedback. for example:
any other feedback would be great. Cheers! -Austin [link] [comments]  |
| Posted: 01 Sep 2021 03:11 PM PDT I'm curious if anyone monitors an ACI environment with an external tool, and if so, what tool that is. It Has Been Decided that we will move to ACI, but there are a bunch of unanswered questions I'm trying to get in front of. We currently do a fair bit of port-level and IP SLA monitoring through PRTG so that we can alert on various marginalities. Unfortunately, it doesn't appear that PRTG and ACI talk well enough to get IP SLA information out via SNMP. I expect that we could probably cobble together a custom solution, but this might be the last nail in our PRTG coffin, and I'd rather move to a new system now rather than later. Specifically, physical and logical port status, errors/drops and IP SLA status, RTT, and errors/drops. [link] [comments]  |
| Posted: 01 Sep 2021 12:33 PM PDT I recently accepted a new job as a permanent remote network engineer. I've been working as a network engineer for about 5 years now, but all of the positions have been on-prem. I'm a bit concerned about there being a lack of social interaction as well as being able to know my team on a personal level. I'm also stoked about it though because its a very reputable company, adding shine to my resume and diverse experience under my belt. If you've worked full time remote as a network engineer, what is your experience in relation to my concerns? [link] [comments]  |
| Device to receive UDP audio broadcasts Posted: 01 Sep 2021 08:39 AM PDT Is there a device that does one thing, and does it well: listen for UDP multicast audio data and converts it to analog through, say, a 3.5mm jack output? Ideally it would connect to the network with an ethernet cable but wifi would be fine too. The digital audio format doesn't really matter. Could be ADPCM 8bit 22khz mono or anything else. MP3 even. We use We currently have a SNOM PA1 device that does its job well of being a PA device for the IP phone system. It also does what I described above but the darn thing gets updates once in a while and its configuration changes and it stops listening to multicasts without warning. It's a nice feature of the PA1 but sometimes I wonder if we're the only ones using it. Now I know I could build one myself with an ESP32 or ESP8266 and some DAC but I'd prefer not to reinvent the wheel, if that's the case here. Any suggestion of such a device? Does it even exist? [link] [comments]  |
| Aggregate links to Active/Standby HA Sonic Walls Posted: 01 Sep 2021 03:11 PM PDT Is it possible to have an aggregate link going to a pair of Sonic Walls in Active/Standby HA mode? I think the traffic load-balanced over the aggregate uplink that goes to the secondary FW would just get dropped. Is this correct? If so, whats the best way to ensure traffic goes to the Primary then switches over when there is a failover on the HA pair? [link] [comments]  |
| Differences between these two Klein Tools tester kits? Posted: 01 Sep 2021 02:19 PM PDT Hey all, I'm having trouble figuring out the differences between these two Klein Tools tester kits. To me, it looks like they both do the same thing but surely I must be wrong. One has the 6 Test + Map remotes, and the other has 18 "Locator Remotes" Any help is appreciated. I'm just trying to understand the difference, especially considering the difference in price. [link] [comments]  |
| Skills and Qualifications useful when applying for Field Engineer positions? Posted: 01 Sep 2021 02:01 PM PDT I am UK based and wanting to start a career in Field Engineer/technician for companies such as BT, Openreach, Virgin etc. I am already tech savvy however what training or qualifications can I get to give me an edge in interviews, hopefully getting a job and for my own knowledge? [link] [comments]  |
| Newbie asking for Help on EVPL/Point to Point Ethernet Posted: 01 Sep 2021 12:44 PM PDT I'm trouble shooting with a customer, he can ping across good but when he is generating traffic at the same time there is packets loss. Is running the both test at the same time making the packet loss? [link] [comments]  |
| SD-WAN designs: Additional Firewall/IPS? Posted: 01 Sep 2021 12:22 PM PDT I'm curious to what people are doing in the real-world when it comes to SD-WAN designs. I currently still utilize a next-gen firewall and a SD-WAN box for site-to-site VPN's (meraki. I know, not the greatest). DESIGN 1: Both the next-gen firewall and SD-WAN box is connected to the internet. All user traffic goes through the next-gen firewall first, and either egresses straight to the internet, or routes to the SD-WAN for site-to-site VPN traffic. The problem with this design, is that we are not utilizing SD-WAN tech for internet egress traffic. Internet egress goes out ISP1, and if ISP1 fails (according to a SLA), it goes out ISP2. DESIGN 2: The other design only has the SD-WAN box connected to the internet. The next-gen firewall does not connect to the internet. The default route of the next-gen firewall goes out the SD-WAN box. So the SD-WAN box controls internet egress and site-to-site VPN. How are other people designing their network? Are they skipping the next-gen firewall completely? Are the designs I'm using seem dumb? [link] [comments]  |
| Digital Phone line troubleshooting question. Posted: 01 Sep 2021 11:18 AM PDT Hi, this may not be the right place to post this but the telephony subs seemed pretty deserted. It might be a dumb question but how would one go about troubleshooting a single pair digital phone line? (Not VoIP) I'm trying to half step starting with the cross connect at the 100 block next to the PBX. Would you just terminate the cross connect to an RJ11 and plug in a digital phone to see if it works? Is there such thing as a digital butt set? [link] [comments]  |
| Posted: 01 Sep 2021 10:24 AM PDT Is anyone here familiar with DCN switches? Having issues with access ports. I have servers (with no VLAN tag) connected to an access port assigned to VLAN 15. Another port on the switch is a trunk port which goes to a router with a VLAN interface of 15 which is where the default GW for the servers resides. VLAN 15 is allowed on the trunk. I've got no communication at all, almost like the access port isn't tagging on egress or removing the tag on egress. Don't have config to hand, I left the DC in a strop! But basically VLAN15 interface has been created. Switch port mode Access, switchport access vlan 15. I've even tried eliminating the server as the problem by creating another VLAN 15 access port with a static IP and pinging the gateway. No go..... [link] [comments]  |
| Posted: 01 Sep 2021 10:16 AM PDT Hi Folks, I have one machine that seems to fail to forward its port to the router. I can RDP into the machine when I'm in my office so I know the port is open and accepting connections, but when I try to connect externally the request times out. The router is configured the same for all of these machines but only one fails, they all have firewall rules and custom RDP port settings in the registry. Is there some low-hanging fruit I'm not checking or setting I'm missing? I want to believe it has to do with a static IP address maybe? This otherwise works for the rest of my dozen machines. Thanks in advance! [link] [comments]  |
| Device Lifecycles, and when is your EOL? Posted: 01 Sep 2021 09:48 AM PDT Hello, My company has never had a formal refresh standard for network gear and I am currently in a process of trying to create one. I have been with my currently employer for five years now, so I look at all of the devices that where here when I started and feel its like to start the refresh. I was hoping to get some insights on how all of you great people approach your refresh cycles. Five years generally feels like a good spot for most datacenter gear, but I do not have any real reason why Five years is the number. I know a nexus 7010 can run longer than that, and I have them on smart-net so it will be replaced if it fails, and its under security/vulnerability support until 2025, so as long as I am happy with the features and I am not encountering any bugs, is there a rush to replace it? That brings me to my second question. when deciding something is EOL, which date do you look at? I feel like end of maintenance would probably be the spot, but as I stated above, if you are happy with the features and not hitting any bugs, would you push further out to end of security and vulnerability date? Thank you in advance. [link] [comments]  |
| Posted: 01 Sep 2021 09:39 AM PDT I am trying to configure ports on a Dell EMC 2048P switch to pass multiple VLANs. This is the only Dell EMC 2048P switch I manage and I inherited it with my client. I have read on the Dell site about setting the switchport mode to General, but I cannot get this to work. I am trying to do this through the GUI. Is that my mistake? Do I have to set this up through CLI? [link] [comments]  |
| Posted: 01 Sep 2021 05:21 AM PDT Need some inputs on the IEEE802.1AS standard. I'm looking to design a FPGA based End Instance in a PTP network that complies to IEEE802.1AS. I'm aware of the time synchronisation part. Need to understand the flow of other messages like the Announce message and Signalling message. As a End Station device, what should my device's role be for these two messages? [link] [comments]  |
| ZTP not working on Viptela SD-WAN Posted: 01 Sep 2021 08:39 AM PDT Hi, I have been tasked with testing and setting up a bunch of ISR 1100's for use with our SD-WAN environment. All of the config behind the scenes has been done as far as creating the template and the custom device values along with registering the device on vManage to. The cert is showing as "installed" on Configure > Devices and also showing as "valid" on Configure > Certificates. I have plugged the router into our network, it has obtained a DHCP address but nothing else happens. vManage never sees it and it never downloads the config. I'm stumped to be honest. The router itself can ping the Internet (8.8.8.8) so there is definitely connectivity out. I have ran a "show control connections" and it returns nothing via the console port on the router. When running a "show control connections-history" command i can see it displays the following: for "LOCAL ERROR > RXTRDWN" which indicates it receieved a "Received Teardown" message for "REMOTE ERROR > BIDNTVRFD" which says it is a "Peer Board ID Cert not verified" But when i do a: "show orchastrator valid-vedges"......on both vBonds, it shows that the device as "valid" At the moment i'm stumped, any help or input would be massively helpful. [link] [comments]  |
| Cisco Firepower vs Fortinet/Palo Posted: 01 Sep 2021 08:27 AM PDT Hey all, I've seen a number of posts of people recommending pretty much anything over firepower, but why? Personally I'd like to consider changing vendors, but there is pressure to stick with Cisco and roll it into an EA. We have a number of Cisco security products, and quite frankly, they seem pretty good, and the integration with one another is pretty nice. I need to refresh the hardware within the next year or so (currently have a bunch of ASAs running firepower). Also, can't get fired for buying Cisco... I've inherited these devices and have been learning how to use them, I wouldn't say it's a happy experience, but it's not horrible. Of all the security products, I think firepower is the one that could be replaced with something better. Upgrading them to 6.6.4, it has been a little bit better from when they were running older code (one upgrade caused an outage due to firepower deciding to not advertise routes on the secondary appliance and cisco tac couldn't tell me why). I hear things are supposed to get better with 7.x, and the addition of snort 3 offering better performance. Is anyone able to offer more details as to why other platforms are better? I need some technical reasons as to why one is better than the other (ex: Antivirus/antimalware, SSL decryption, App control, IPS, and for the OT space). There isn't a whole lot of time before the EA decision, so can't really do a PoC. Some of my grievances so far with firepower: - No ospf bfd support - active/passive HA only - This is fine except for my datacenter. - ssl decryption performance sounds terrible - not doing it today, but looks like I'd need to get another product to handle it - like F5. - firepower doesn't detect applications running on different ports without me telling it to look there - I hear this should change with the newer snort version - I wish reporting was a little bit better with FMC. - Newer FTD devices you have to update FXOS, then firepower services... - Initial setup of a firewall is a chore. Just an idea of the appliances that I've been getting quoted for my sites (excluding DC) since I plan on doing a lot more with the firewalls: - FTD 4112 - Fortigate 1800F Thanks. [link] [comments]  |
| Posted: 31 Aug 2021 09:46 PM PDT Hi All, Looking at getting peoples advice/recommendations for some on premise devices we can use to terminate site-to-site VPN's with customers and 3rd parties. Currently we have some ASA's doing the work however they are showing their age and we need some extra features that they currently don't offer. I want to be able to run multi-contexts, like VRF's for example. The idea here is that if a customer wants site to site vpn's to replace their MPLS then we can terminate their VPN and dump them straight into their VRF. However, security will want access controls and next gen type capabilities on these to filter traffic before making it into the customer VRF. We would also need BGP routing capabilities. We currently have 30 customers, not all using site-to-site VPN's however that could be the required scale long term. I have thought about a cisco routers to terminate the VPN's using a FVRF for to build their tunnels over and placing the tunnel interface into their forwarding VRF. Then using a L2 firewall to bridge the connectivity between the Cisco router and their VRF. The reason for using a router is that they in my experience have been great for VPN's and provide all the routing capabilities we need. [link] [comments]  |
| How to thoroughly test an ISP connection ? Posted: 01 Sep 2021 07:27 AM PDT Hello everyone, We have been battling with our management service regarding network issue faced by partners using a dedicated 100 mbps line used to stream events in our office. They are apparently facing drops on their streaming tools that connects to differents streaming services. I've done multiple tests, icmp and iperf mainly with absolutely no result so far, so i'm not even able to replicate the issue. What could be use on Windows or Linux to continue my tests ? I would love to see if tcp sessions are dropped after a while, is iperf the best solution to validate both bandwidth and sessions flows ? Or maybe the best test would be to directly stream a live event from a laptop and see by myself if i face any issue ? [link] [comments]  |
| Aruba CX Networking VRRP or VSX Posted: 31 Aug 2021 07:00 PM PDT Hello, Got some new Aruba-CX switches and looks like this is different than the HPE Comware switches. Just want to hear some feedback if anyone has deployed a pair of them on the core level with VSX. I am trying to decide to either go with VRRP or VSX. [link] [comments]  |
| Cisco AnyConnect DNS weirdness Posted: 31 Aug 2021 08:00 PM PDT Hello everyone. I configured Cisco AnyConnect with a split tunnel, and users have noticed that DNS lookups fail in some cases. This may be because our computers send all DNS queries to both the DNS server via the tunnel and to the regular DNS server for the host, resulting in a negative lookup result from the local DNS server. Today I implemented split DNS for the two domains we use for production equipment. This worked as expected for MacOS, but Windows users ran into the following issue: When a user tried to connect to a device using the FQDN, their computer would send a query only via the tunnel and get a (quick) response, but Putty, WinSCP, and Firefox would fail to use the DNS reply, and would complain that the host couldn't be found. When I rolled back the split DNS changes, Windows users could resolve FQDNs as before. Has anyone run into this before and found a fix? I don't want to tunnel all DNS traffic b/c this would keep the AnyConnect sessions from ever timing out, and we don't really want to answer irrelevant DNS queries. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment