Understanding and Implemetning a Session Border controller Networking

---

• Understanding and Implemetning a Session Border controller
• Starting my CCDE Journey
• Iperf between UDM Pro <> Win10 PC with 2.5 GBPS is not symmetrical why?
• Is it normal that NCP announces my prefix with my own ASN in his upstream ASN?
• design help: adding a distribution layer
• Does automation result in you having more downtime?
• Traffic Generation set up in lab environment
• Predictive Wireless Surveys - Ekahau alternatives
• Question on acceptable db loss with SM fiber
• Networking hardware question
• AC power vs DC power for new rack build
• Dumb question - from amateur trying to connect things and giving IT dept a solution
• High-Density Wireless AP/VPN Over Wireless Bridge
• IBNS (Identity Based Networking Services) - serious industry direction or Cisco pushing Cisco?
• Recommended layout for network and server room?
• Question about fiber optic cables and the number of cores
• Real-World vs Book BFD Timers
• Not able to ping SVI on PA firewall
• [Question] IPv4: Does the last IP in any subnet imply multicast?
• Issues using FRR to handle IP addressing
• Real life Fortigate perofrmace and everyday usage
• Limit on Number of switches in Stack
• Tail drops / packet loss on SG350X but no source >1Gbps ???
• How intrusive is Cisco Ethanalyzer
• Azure IoT hub load balanced endpoints in strict deny all network

Understanding and Implemetning a Session Border controller Posted: 28 Oct 2021 01:02 PM PDT I've never came across a SBC and I'm hoping to get some advice on understanding them and where to put them in the network. We are currently using Asterisk as our PBX system and hoping to use a SIP trunk service by our MPLS provider. This SIP gateway will be within our MPLS VPN so it will contain a private IP address we can route to. We've been informed we must use a SBC to connect to the SIP gateway. This is the first I've heard of a SBC. Can't Asterisk do the same functions as a SBC with registering and managing the calls? And where would you implement this sort of equipment in a collapsed core network that has two HA firewalls facing the outside of our network towards the PE router? submitted by /u/starlord982 [link] [comments]

Starting my CCDE Journey Posted: 28 Oct 2021 09:07 AM PDT I will start my journey for the CCDE Certification. New v3 is soon ready, and the Learning Matrix is also available. Is there any interest here for some sort of Documentation of my journey? How i study, what i study, labs and so on? And is there some feedback from all already CCDEs how to go for the Written Exam? When i look at the learning matrix, it seems a Huge amount of stuff to read and watch. Im comparisson to the ENCOR (CCIE Ent. Written) exam, which is one book. Also should i rather post this in the Cisco channel submitted by /u/YourMustHave [link] [comments]

Iperf between UDM Pro <> Win10 PC with 2.5 GBPS is not symmetrical why? Posted: 28 Oct 2021 04:47 AM PDT I have a UDM connected to my win PC via SFP+ PC has a 2.5g nic card. Trying to determine why the speeds arent idenctical? There are no other devices in between the UDM PRO and PC When running the test from the PC >> UDM I see the following speeds Desktop\iperf> .\iperf3.exe -c 192.168.86.1 Connecting to host 192.168.86.1, port 5201 [ 4] local 192.168.86.247 port 50881 connected to 192.168.86.1 port 5201 [ ID] Interval Transfer Bandwidth [ 4] 0.00-1.00 sec 271 MBytes 2.27 Gbits/sec [ 4] 1.00-2.00 sec 257 MBytes 2.16 Gbits/sec [ 4] 2.00-3.00 sec 268 MBytes 2.25 Gbits/sec [ 4] 3.00-4.00 sec 253 MBytes 2.12 Gbits/sec [ 4] 4.00-5.01 sec 247 MBytes 2.06 Gbits/sec [ 4] 5.01-6.00 sec 253 MBytes 2.14 Gbits/sec [ 4] 6.00-7.00 sec 254 MBytes 2.13 Gbits/sec [ 4] 7.00-8.00 sec 238 MBytes 2.00 Gbits/sec [ 4] 8.00-9.00 sec 241 MBytes 2.02 Gbits/sec [ 4] 9.00-10.00 sec 258 MBytes 2.16 Gbits/sec [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 2.48 GBytes 2.13 Gbits/sec sender [ 4] 0.00-10.00 sec 2.48 GBytes 2.13 Gbits/sec receiver iperf Done. When running the test from the UDM >> PC I see the following speeds root@ubnt:/# iperf3 -c 192.168.86.247 Connecting to host 192.168.86.247, port 5201 [ 4] local 192.168.86.1 port 53452 connected to 192.168.86.247 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 96.6 MBytes 810 Mbits/sec 892 18.5 KBytes [ 4] 1.00-2.00 sec 92.5 MBytes 776 Mbits/sec 819 18.5 KBytes [ 4] 2.00-3.00 sec 95.2 MBytes 798 Mbits/sec 871 17.1 KBytes [ 4] 3.00-4.00 sec 92.6 MBytes 777 Mbits/sec 995 18.5 KBytes [ 4] 4.00-5.00 sec 94.3 MBytes 791 Mbits/sec 973 17.1 KBytes [ 4] 5.00-6.00 sec 90.0 MBytes 755 Mbits/sec 948 17.1 KBytes [ 4] 6.00-7.00 sec 95.4 MBytes 800 Mbits/sec 1010 17.1 KBytes [ 4] 7.00-8.00 sec 92.5 MBytes 776 Mbits/sec 1116 18.5 KBytes [ 4] 8.00-9.00 sec 93.7 MBytes 786 Mbits/sec 878 18.5 KBytes [ 4] 9.00-10.00 sec 92.5 MBytes 776 Mbits/sec 986 17.1 KBytes [ ID] Interval Transfer Bandwidth Retr [ 4] 0.00-10.00 sec 935 MBytes 785 Mbits/sec 9488 sender [ 4] 0.00-10.00 sec 935 MBytes 784 Mbits/sec receiver submitted by /u/Raggou [link] [comments]

Is it normal that NCP announces my prefix with my own ASN in his upstream ASN? Posted: 28 Oct 2021 03:30 PM PDT I have a prefix which I announce in my own AS. I use a BGP tunnel as well as Vultr to connect my AS. Vultr's AS20473 acts as my upstream. Both bgp.tools and bgp.he.net show my prefix as not only being announced by my own AS but also by AS20473. The same thing does not happen with the BGP tunnel providers. In my opinion, this is wrong: Even though Vultr is my upstream, the announcement should still only come from my AS. Do I get this wrong? This also suggests that this is not "normal": https://bgp.tools/kb/more-than-one-asn-per-prefix I wrote to Vultr support. Not that I would expect this to be solved by them but in their response they claim what they are doing is right: As you engaged in peering with us, we act as your upstream provider.This is the actual BGP service we provide.Once you start announcing your prefix to us, we will forward your announcement to major transit providers in order for your prefix to be seen globally in the internet. ​ I do not see why this is required or correct: The prefix itself only needs to be announced by my AS. It is the routing information (i.e., that the prefix is reachable with my AS and that my AS is reachable via AS20473) and not the prefix announcement that would need to be forwarded by Vultr. Can anyone help me understand if they are right and what's going on here? submitted by /u/segdy [link] [comments]

design help: adding a distribution layer Posted: 28 Oct 2021 10:28 AM PDT planning of adding a distribution layer to some of our network closets. currently we're running a collapsed core (access->core) w/ the access layer doing L3. the main goal is to conserve ports in the core side. we have old buildings and running new fiber is just not feasible at the moment. what's the simplest way to add the dist layer as far as svi's (on the A layer) go. can i just L2 the uplink trunks from the A layer to the core? i'm familiar with the concept but have never put it in practice. submitted by /u/d3adbor3d2 [link] [comments]

Does automation result in you having more downtime? Posted: 28 Oct 2021 09:14 AM PDT Is anyone having their jobs become easier as a result of automation or more modern software in the amount of time spent sitting around and waiting for something to break? When upgrading IOS versions on 6807 and 4507 series switches that my corporation uses, upgrading the IOS version requires copying the .bin file manually, verify that it is not corrupted, and reboot the secondary SUP card manually. Recently when a Catalyst 9K witch with dual SUPs experienced a hardware a SUP card failure, I had the tech plug in the new SUP and the IOS was upgraded to the version that the active SUP was running without me running any commands. For work on the 4507s and 6807s the only thing that Ansible does is copying and verifying the integrity of the .bin file on the primary SUP. Once Catalyst 9k switches are widely deployed, this process will become simpler and done through DNAC (which is better than Ansible for the work in question). The only common denominators here is that a tech needs to be present to perform the physical work. The more advanced software in the 9K switch resulted me in just waiting while the switch did it's thing. This is an example of automation not making roles go away, just making them more easier. submitted by /u/corehazard [link] [comments]

Traffic Generation set up in lab environment Posted: 28 Oct 2021 04:09 PM PDT I hope this is the right place to post this. I work for a smaller ISP (<40,000 home customers). We use to have a very nice lab set up with a Shenick server for traffic generation that was in someway connected to dozens or more ONTs to pass traffic across our PON lab. This lab was taken down and basically cannibalized over the last few years. We are now in the process of choosing a new PON vendor and I would like to get the lab back in a state to do meaningful tests of across XGS ONTs. For initial tests we just used iPerf on a laptop connected to a single ONT then feed across the OLT chassis to a server running iPerf on the uplink port. This worked okay for a beginning test, but I'd like to be able to do more stateful traffic, and pass more than the 7-8Gb a single laptop was able to create. As I said the lab was cannibalized over the years and one of the losses was the license on the Shenick. In talks with other team members it sounds like there is no way to recover the license. In the interim we have found a cisco open source project called T-rex that can do up to 200Gb/s of stateful traffic with the right hardware. ​ Working with our current vendor they have a lab set up with a traffic generator connected to numerous ONTs, which passes up to the OLT and then back around to the traffic generator. What I don't understand is what is necessary to connect the single server to multiple end devices in this fashion. The server has a dual SFP+ card installed, and 8 1gb nics. The only thing I can think is to connect the 10gig ports to the uplinks of the shelf, and I guess then will have to connect individual 1gig ports to ONTs. This would give me at most 8gb of traffic. ​ Just wondering if anyone else has recommendations of how to build up a lab with preferably 20-30 ONTs generating traffic. If we need to purchase more equipment to make it happen then so be it. I'm just struggling to figure out how to make this work. submitted by /u/Wamadeus13 [link] [comments]

Predictive Wireless Surveys - Ekahau alternatives Posted: 28 Oct 2021 02:28 AM PDT Hi All, My company is recently opening many new locations from small offices to huge warehouses. Wireless is our main connection type. I came on board recently and been asked to prepare BoMs for all new locations across the globe. We have no budget to do site survey each time. I though predictive wireless site survey tool would help me a lot. Looking at Ekahau, but cost may be to high. Do you know other options on the market worth checking? I need a tool mostly for predictive surveys. Will not have a chance to be on site in 95% of locations. Thanks for any suggestions. submitted by /u/netguy11 [link] [comments]

Question on acceptable db loss with SM fiber Posted: 28 Oct 2021 07:03 AM PDT I have recently been gifted a Fluke power meter and have begin testing our single mode network for loss. Is there a formula or recommendation for calculating the acceptable db loss over distance? For example I have a 1450' run of SM with an ST bulkhead at each end. submitted by /u/itadm [link] [comments]

Networking hardware question Posted: 28 Oct 2021 02:53 PM PDT Not sure if this is exactly the right place to ask, please point me to the right place if this is the wrong one. I didn't see Hardware as a post flair, that seems weird to me, or like there might be another community that I'm overlooking. The short version is that I'm looking for an inexpensive router or smart switch that'll provide DHCP for the LAN but also let me not set a default gateway for a /24 network. The longer version is below There is a small LAN on a vehicle that allows things on the LAN to talk to each other, These can be statically addressed and don't require internet access. From time to time, laptops will need to be connected to the LANs to talk to the devices on the LAN. However if there is a default gateway in the LAN's DHCP offer then the laptops try to use the LAN's Default Gateway rather than their cellular connection. Seems like Window's network stack should be smart enough to go "oh, that DG is dead. let me use the other" but sadly no. While I could just statically address the network adaptor of the laptops, that would be problematic with multiple machines as well as those machines need to be able to connect to regular networks with a valid DG As far as why it needs to be cheap, we'd rather not spend hundreds of dollars for what is basically a little bay LAN that is mobile (because the vehicle is mobile), plus it'll be cheaper to replace when it fails and I can just restore a config file and have the operators just pop them in to place. Anyway, if you guys have any recommendations, that'd be great submitted by /u/climct [link] [comments]

AC power vs DC power for new rack build Posted: 27 Oct 2021 03:16 PM PDT Is DC power generally cheaper than AC at data centers? We are looking to do a new rack build to expand our footprint, and I was curious why the pricing for DC circuits was substantially less expensive. we were planning on using a rack-mounted rectifier system until we saw that the costs of AC circuits were substantially greater than DC. submitted by /u/thecybernerd [link] [comments]

Dumb question - from amateur trying to connect things and giving IT dept a solution Posted: 28 Oct 2021 02:11 PM PDT Let's start with background: main corporate network, on-board IT watching it, with redundancy, VPNs, proxies, etc. Things like intranet, management and apps for it work there. Regular full corporate. additional network, with security measures (firewall, anti-malware) moved outside of our company (on ISP side, packet scanning, semi/full-automatic). Reason? 2nd network is used for live streaming, Zoom/vMix/Skype/other needed connections, sharing big files (videos) outside + video editing from shared NAS/server; whole 2nd network is bandwidth/CPU limited internally during work hours. Plus my/our personal preference - Parsec - as on-the-run/from-home access tool. So as you may gather from that - 2nd network may throttle easily on switches/routers already (especially on 4K RAW, yes, we need to move to 10Gbps), and CPUs hindered by suprisingly heavy corporate anti-malware thingies would lower video editors efficiency (-10-15% on mixed workload from my limited measurements) So, what I'd like to get from you is - is it possible to connect network no.2 to no.1 (for intranet/mail config only, maybe letting IT access said PC remotely), without hindering video editing station performance? As in even some app that would let "outsiders" access 1st network intranet, without routing all of their traffic inefficiently? PS.: Both networks exist in the same building - but since we'd like to eliminate human factor when it comes to white/black-listings and other stuff that usually happens withing regular work hours (so when live streaming usually happens - and there was an accident when outgoing streaming packets were blacklisted by one of the admins mid-conference) - 2nd network is void of any major internal IT Security influence (aside from their suggestions - which can not override whitelist settings due to how we/ISP made it). Everything else like anti-DDoS, Firewall, AntiMalware, is handled by ISP; we have logins like admin/every-other-obvious-points-of-entry disabled on every router/NAS/PC within the network; and MS Defender+Malwarebytes(lowest CPU usage from tests). submitted by /u/PurpleShart [link] [comments]

High-Density Wireless AP/VPN Over Wireless Bridge Posted: 27 Oct 2021 03:13 PM PDT Tagged 'Wireless,' but Includes VPN/LAN Routing as well. This may be a common occurrence, but one of the few times I've been asked to consult on a compact, easy to manage solution. The requirements: Small Booth at A Large Conference (>250 Booths) Only Wireless Connectivity Permitted for the Booths (e.g. Vendors Don't Get Wired) VPN Backhaul Required for In-Booth Applications My immediate default was a Linksys Wireless Router we'd updated with DD-WRT to provide the VPN and a wireless bridge. And, while this sounds acceptable (local booth clients will be both wired/wireless) it may end up being a "design on-site," job and I'd prefer to have something with which we're comfortable ahead of time. Wireless was acceptable during last year's attendance, but the VPN was not required. Now, it would be preferable to have gear which (a) handled the wireless bridge and (b) handled the VPN. It doesn't seem available as a single package; rather, we'd need two components from just about any vendor. (Quick pass at Ruckus, Meraki, and Ubiquiti) A compact solution is preferred. Are there recommendations for something like this? We would prefer to have the LAN side pre-configured and VPN tested ahead of time. That way, just connecting to the remote wireless gateway would be all that is required from the floor of the show. Thoughts? submitted by /u/WhatThe_IsThatLegal [link] [comments]

IBNS (Identity Based Networking Services) - serious industry direction or Cisco pushing Cisco? Posted: 27 Oct 2021 06:32 AM PDT tl;dr - is IBNS Cisco SEs pushing Cisco proprietary designs or is this an actual, solid long-term industry direction? Can IBNS configurations be used with something other than ISE? General Googling isn't helping me with the answer (or I haven't had enough coffee yet.) ------ I've just run across a customer that has recently replaced their NPS installation with ISE. On the switch side, the Cisco nodes they've recently deployed have been configured using IBNS 2.0 for 802.1x. I'm generally vendor-agnostic, try to use open standards and keep my configurations easy enough for newbies to understand if they have to do emergency changes at 3 a.m. and are sleep-deprived. The customer's parent org and project management often pushes open standards for interoperability purposes. I've just started reading the marketing slicks, configuration guides and other docs but I need a sense of the bigger picture. Is IBNS a real, functioning, good-for-use-in-the-real-world configuration process that I should be looking at moving my other customers to? Is there a advantage to using IBNS-based configurations over Cisco's more standard 802.1x configurations? Is there an increase in the O&M burden with IBNS? Can Cisco's IBNS 2.0 configurations be used with something other than ISE? Am I just completely over-thinking this and am just intimidated with all the classes and maps required to make it work versus a couple of global and port level commands? Thanks! submitted by /u/victorgh [link] [comments]

Recommended layout for network and server room? Posted: 27 Oct 2021 08:07 AM PDT We are considering relocating an office to a new building. The suite will be built for us, so I have the freedom to request the space I want, which will then get pared down to slightly less than the space I need (probably). We'll be putting two racks in the room. A two-post for networking equipment, and a four-post for servers and UPS. Are there standard dimensions or spec drawings out there for a small server room? I'd hate to reinvent the wheel if there's already information like that available. Things I think I need: dedicated cooling electrical sub-panel in the room enough depth to rack a full length server enough width for reasonable working space a plywood board on the back wall for mounting little fiddly bits submitted by /u/canexan [link] [comments]

Question about fiber optic cables and the number of cores Posted: 27 Oct 2021 06:10 AM PDT While looking for suitable single mode fiber optic cables for my project, I came across fiber optic cables with 4-cores/8-cores/12-cores. example example2 They seem to have multiple fiber optic cables bundled together. What I'm confused about is the amount of bandwidth that I'll get from these cables. Is the bandwidth calculated like 10 Gbps x 4? (assuming if it has 4 cores, and uses the 10GBase-LR standard) Is the one with more cores in the cable better? submitted by /u/KiwiDiscombobulated5 [link] [comments]

Real-World vs Book BFD Timers Posted: 27 Oct 2021 07:50 AM PDT Some time ago we started using BFD on our metro Ethernet circuits for OSPF failure detection -- we run an MPLS environment with OSPF as the underlay. Back then I labbed out BFD in GNS3 and didn't expect to get 50 ms x 3 to work, so I maxed the timers (999, I think) with a multiplier of 3. As a proof-of-concept, it worked and was stable. In the real world, we were using ASR 9001s and the config applied cleanly. I set the timers for 500 ms x 3, thinking that was more than adequate -- only to find there was a bug in IOS-XR that caused it to miss BFD updates. We went with 500 x 6 and that remained stable. We have since replaced those ASRs with something non-Cisco (and maybe we should be able to update those timers, but we do have some old equipment out there). We use iBGP (I think that's pretty standard) for our MPLS VPN information. Route reflectors are ASR 1Ks. I turned on BGP fallover so it would dump the session if the /32 disappeared from the global table. That works well -- the timestamps usually match up, within a second, when OSPF loses its adjacencies and BGP drops the session because of the lost route -- but I keep thinking I should turn on BFD instead. Our Cisco reps agree with this; I'm not as convinced since basic fallover is working fine. But the books say you should be able to get 50 x 3 failover. And I'm wary to try that. I don't think the BFD config we have for OSPF is being delegated to the hardware, which makes me suspicious of the CPU's ability to keep up with such tight timing. PE hardware varies -- anything from ISR 2900s to Catalyst 9500s and things in between (6807s, 6880s, Nexus 7Ks, etc.). What are realistic numbers I ought to be able to expect to be stable with multi-hop BGP BFD? I'm sure I'm going to get "it depends on your environment"-type responses, and I acknowledge that, but I figure there's got to be some generally-realistic baseline setting to start with out there. I'm not necessarily concerned about subsecond failure detection, but significantly faster than normal OSPF dead timer/BGP hold down timer. submitted by /u/farrenkm [link] [comments]

Not able to ping SVI on PA firewall Posted: 27 Oct 2021 01:31 PM PDT Hi friends, I created a simple lab topology in eve-ng connection from pc--> switch(cisco vIOS) --> PA firewall .. I created layer 3 link (10.1.1.10/24) on PA connecting to switch.(all links are up) Assigned PC 10.1.1.15/24 default gw 10.1.1.10 switch config:- To PC I created it as access port and assigned vlan 10 and to PA as trunk port and created svi for vlan 10 (10.1.1.20/24 and enabled IP routing as well and pointing DG to 10.1.1.10) I am able to PC but not the SVI on PA not sure what basic thing I am missing here? Please help submitted by /u/noob098098 [link] [comments]

[Question] IPv4: Does the last IP in any subnet imply multicast? Posted: 28 Oct 2021 12:57 AM PDT Hey folks, I'm currently implementing an OSINT tool that tries to parse all IANA-assigned IP ranges, including IPv4 ones. Therefore I'm gonna refer to the related RFCs 791 and 1878 here in advance. I've got a question related to whether or not addresses are unicast/multicast by default, and implied by their prefix notation. For example, in a 192.169.0.0/24 network, the last IP 192.169.0.255 would be the multicast address for the D-subnet. In regards to RFC 791, this is dependent of the subnet bitmask (later: prefix length). For example, /24 means that 255.255.255.0 is the bitmask that decides whether or not a switch or router will send the data packet to an uplink port or keep it within the same network. Now the question is regarding multicast. As per the old RFC 791, an IP like 192.169.255.255/16 would imply that it's a multicast, not for the D-subnet, but for the C-subnet as well. Later specifications seem to imply that multicast addresses don't necessarily depend on /8, /16, /24 or similar notations as the prefix is variable and applied as a bitmask. This means that for example, an not-dividable-by-8 bitmask could lead to different IP ranges, depending on the bitmask, and therefore leading to a different IP address that represents the multicast address for the specific subnet. For example, a network like 10.0.64.0/18 network would have a multicast address for the C-subnet that isn't necessarily a 255 as implied by the older RFC 791. Now my question into the open is kind of this: Is the last IP of a declared subnet with a variable prefix always the multicast address for a specific subnet? If not: Are only the specifically mentioned IPv4 addresses assigned by IANA a multicast address, and every other address should be regarded a unicast address by default? Thanks in advice :) submitted by /u/cookiengineer [link] [comments]

Issues using FRR to handle IP addressing Posted: 27 Oct 2021 08:07 AM PDT Hey everyone, I've run into an issue while using FRR to extend L3 to server that I can't imagine is unique, but haven't been able to find much on the internet about. Pretty standard setup as far as I can tell - 2x eBGP peerings to 2x leaf switches. For the sake of simplifying some of our automation, after the initial bootstrap of the servers I'd like FRR to handle all things networking related to the server, meaning I want FRR to handle assigning IP addresses to OS interfaces. I know that this may not be typically how people do things (using FRR purely as a routing daemon), but for how much it simplifies our automation it's a trade off we are willing to accept. The issue we are having is that when static IP addresses are assigned to an interface, if the interface flaps at any time, FRR doesn't reassign the IP addresses once the interface is available again and you must either restart FRR (not acceptable as this would affect the other BGP session) or run a "no shut" on the interface itself from within vtysh. I've reread the entire zebra documentation multiple times and nothing is sticking out there that can help me with this situation. Aside from a misconfig or something I'm missing in the Zebra conf, the only thing I can think of is to have an ifup script trigger an frr script which no shuts the interfaces from within FRR so that the IP addresses are reapplied. For those using FRR - am I missing something obvious here or is this the only way to accomplish things? Thanks! submitted by /u/charley_chimp [link] [comments]

Real life Fortigate perofrmace and everyday usage Posted: 27 Oct 2021 02:25 AM PDT Fortigate admins, can you share some everyday experiences with Fortigates? We have to replace our old firewall and we got quite attractive pricing for FG200. Datasheet parameters look great but as usual they contain some marketing. Our internet connection has 1Gb/s, so theoretical 3.5Gb/s threat protection is more then we need but how it looks in real life? submitted by /u/tommyd2 [link] [comments]

Limit on Number of switches in Stack Posted: 27 Oct 2021 08:03 AM PDT Hey Guys, I had a query. why we have a limitation on Catalyst switches of stacking only 8 of them. I read the architecture documents but their also it doesn't say anything? Stackwise-480 Architecture submitted by /u/Eastern_Amphibian_85 [link] [comments]

Tail drops / packet loss on SG350X but no source >1Gbps ??? Posted: 27 Oct 2021 07:31 AM PDT Hey Gang,I'm trying to track down some DHCP failures we've noted on our WiFi. The wifi system (meraki) is alerting a couple times a day of DHCP requests going unanswered (server failed to respond) so I setup a packet capture on the firewall/router/DHCP server to see if we can correlate any Discovery/Request packets to missing offers. So far I haven't found any discoveries that didn't get an offer but I did find an 'offer' that didn't have a follow-up request from the client. I started wondering if somehow the switch might be dropping some of these frames/packets. Deeper down the rabbit hole I've found some 'tail drops' on the interfaces used for AP uplinks. In theory, I don't see a reason for this because there is little to no LAN-LAN traffic at this office, and the internet feed is only 1Gbps. The catch is, the Firewall and the SG350X is trunked with a 10Gbps DAC cable. I've read that going from 10G down to 1G can lead to some drops during bursts but it doesn't quite make sense to me as there really shouldn't be any traffic source that could exceed 1Gbps. Or this could be all unrelated to tail-drops but it's the only point of packet loss I can think of right now. I know these switches aren't the best and I'm thinking about replacing them but I want to find absolute proof that they are the problem before making a purchase decision. submitted by /u/DeleriumDive [link] [comments]

How intrusive is Cisco Ethanalyzer Posted: 27 Oct 2021 07:30 AM PDT I need to do some Nexus 9k troubleshooting and wanted to use Ethanalyzer to capture packets between a source and destination IP. How intrusive is it's use? Should it be ran after-hours? submitted by /u/TracerT10 [link] [comments]

Azure IoT hub load balanced endpoints in strict deny all network Posted: 27 Oct 2021 08:55 AM PDT I'm hoping someone can help me out with a problem that I'm dealing with, and it's a real pain in my ass. We leverage the Azure IoT hub for our edge devices in customer networks. Ever since Microsoft changed the provisioning endpoint to one of a Dynamic DNS load balanced method early this year, it's been hell dealing with strict whitelist only environments. It only takes a few months, and the Windows domain DNS controller hands out some new endpoint not on our list. We looked for some form of solution, but so far it hasn't been come to us. We can't be the only ones dealing with this. WE rely on the IoT hub to be able to connect our other services only when devices are registered. New devices that come online after a new endpoint is resolved, fail to provision with the cloud, and therefore a loss of service to the client. Please, any suggestions or info on how someone else dealt/dealing with this? submitted by /u/Just_Sayain [link] [comments]

You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States