What's your on-call rotation like? Networking |
- What's your on-call rotation like?
- Can large companies with millions of servers and VMs (like Microsoft Facebook Google or Amazon) run out of private ip addresses?
- GPON Vendor help
- Wellfleet Breath of Life (BOFL) - any clue what this is?
- Automatic configuration of Port/VLAN and client by MAC address
- IP over Non-Ethernet Layer 2 Protocol?
- Network Lab on a Linux Box using Vagrant
- Cisco ASA 5506x ASDM issue - stuck on "Software update completed" but only one 1 out of 2 devices.
- VLAN ACL security - what am I missing here
- Port calculator for new sites
- Newb Question - VLANs with same subnet?
- Experiences of Draytech Vigor 3910
- Need to learn NX 93ks in 3 months any recommended study materials?
- Migrating Cisco switch configs to Aruba CX 6300
- Routing Question
- Question Regarding Industrial Grade Switches
- QoS general questions
- Office internet connections - how do you monitor them properly in 2021?
- Cisco ASA Anyconnect DHCP
- Can you use DDNS w/ a Static IPs?
- Device isolation exclusions failing on Cambium APs
- Thousands but ONE PROBLEM
- LINUX BONDING AND LACP ON DELL SWITCHES
- Any reason the Mellanox SN2700 32x100G switch is much cheaper to buy 2nd hand cp,[ared to other competitor switches?
| What's your on-call rotation like? Posted: 12 Nov 2021 03:32 PM PST Hey networking, tell me about your on-call duties/rotation/frequency/intensity. Trying to get some context outside of the 3 companies I have worked for. I'll go first; once a month, a week at a time, almost guaranteed to get a few middle-of-the-night calls and a few weekend morning/afternoon calls, decent triage/due diligence done beforehand, but a bit of shit slinging too. Only paid when called, regular hourly rate. ~1-5K employees to give you a sense of company size. Been in the game about 8 years. Cheers Edit: forgot to post SLA as one person did; we're expected to respond within minutes, and have our laptops with us at all times. [link] [comments] |
| Posted: 12 Nov 2021 06:51 AM PST The 10.0.0.0/24 address space has 16777216 ip addresses available. Azure says it has nearly 4M servers, and who know how many VMs are there. Same goes for Google and Facebook. And the 192.168.0.0/16 has a little more than 65k addresses, which can be easily used up by these companies, quite possibly in a single region. [link] [comments] |
| Posted: 12 Nov 2021 05:14 PM PST All, Im relatively new to GPON and am tasked with helping a service provider find hardware solutions. At their headend today they run Zyxel switches that they want to replace. Sounds like they've landed on Ruckus switches for the Head End. So first my dumb question: Would the Ruckus Switches be considered the OLT? They will be a stack of switches with layer 3 capabilities. Or is the OLT after the Main network switches facing the customer ONT? If I still need OLT does anyone have any recommendations on hardware that's worked well for you? Since Im new to GPON Im not terribly familiar with the vendors outside Cisco that do this. Looking for recommendations on ONT's and Fiber splitters too. Most sites will be around 10 miles away from the CO, and in some cases up to 20miles. Hoping to start with GPON with upgrade options to 10Gig later on. Any guidance would be appreciated. [link] [comments] |
| Wellfleet Breath of Life (BOFL) - any clue what this is? Posted: 12 Nov 2021 06:29 PM PST Hi, I've been investigating some network issues and play around with wireshark in one of our Sites. We have there Avaya VSP (VOSS) switches running and in wireshark I see a massive spam of Packets which are classified as „Wellfleet Breath of Life" (BOFL) from wireshark. No human readable payload or other useful Information. I want to know what this is but googling is delivering only a very low amount of results. „sensing Protcol" (maybe PPP?) - from some very old Network Books. Nothing more - just what the Acronym stands for. Do you guys have any clue what these packets are and how can I disable the spamming of this into my network? [link] [comments] |
| Automatic configuration of Port/VLAN and client by MAC address Posted: 12 Nov 2021 05:50 AM PST Hey guys, I would like to achieve the following: If a known host (identified by MAC address) is connected to any switch within the company network, the corresponding port should be configured automatically (assigned to a specific VLAN). At the same time, the host should automatically be assigned a defined IP address. If the host is unknown, it should end up in a While doing research, I stumbled upon 802.1x. But if I understand correctly, it only works in conjunction with a DC. We have a large number of hosts that aren't members of the domain so I'm not sure whether this is the right way to go. I know that there is DHCP MAC binding. But I would like to avoid having to configure the one thing here and the one thing there... A central way to define VLANs and IP addresses based on MAC addresses would be my dream. Is there such a thing? If so, which keywords do I need to delve deeper into the subject? Thanks a lot in advance! PS: The security aspect is secondary. [link] [comments] |
| IP over Non-Ethernet Layer 2 Protocol? Posted: 12 Nov 2021 09:17 AM PST Hello, I'm writing up some training material for some of my non-networking electronics technicians at work today and I ran across something I can't find an answer for. Are there other data link layer protocols that can use IPv4 or v6 other than Ethernet? I know the opposite is possible. Ethernet can be used with several different Layer 3 protocols but that was more common back in the 1980s and 1990s. But I can find anything else that is a layer 2 protocol that can use IP for its layer 3 protocol. That leads me to link the answer is IP can only be used over Ethernet. But maybe there is something else out there I don't know or is buried so far down because of how ubiquitous IP over Ethernet is these days. Or maybe it's a dumb question and I just am not up on my technology history. Don't know but I figured this would be the place to ask. Thanks for any replies and have a good one. Edit: DANG. I was right on asking here lol. Thanks for all the awesome responses! Some of these made me smack my forehead like "oh yeah duh" but a lot of history here I've never heard of. Thanks all! [link] [comments] |
| Network Lab on a Linux Box using Vagrant Posted: 12 Nov 2021 07:19 AM PST The last time I was messing about with labs I was using Vagrant with Virtualbox and some Juniper virtual routers. I was using vagrant cause it can all be setup with the CLI as I want to host this on a Linux box. Just wondering what the current trend is, has Vagrant been replaced by something better? [link] [comments] |
| Cisco ASA 5506x ASDM issue - stuck on "Software update completed" but only one 1 out of 2 devices. Posted: 12 Nov 2021 02:49 PM PST I have a active /standby pair of ASA 5506 running the following software; firewall1(config)# sh ver Cisco Adaptive Security Appliance Software Version 9.8(4)20 Compiled on Thu 02-Apr-20 10:19 PDT by builders firewall1 up 6 days 0 hours --------- firewall2# show ver Cisco Adaptive Security Appliance Software Version 9.8(4)20 Compiled on Thu 02-Apr-20 10:19 PDT by builders firewall2 up 1 year 120 days failover cluster up 5 years 249 days When firewall1 is active, I am unable to connect to ASDM, but I can connect to ASDM on secondary IP. The issue is that it always gets stuck on "Software update completed." and will go no further. I have read a number of issues with versions of JRE etc, but I am at a loss of why it would work with only 1 of my firewalls when they are both identical. I have tried removing the local cache folder and even reinstalling ASDM launcher, but same issue persists. I will be in a position to update the software if this might stop the problem, but again not sure why only 1 machine. Thanks [link] [comments] |
| VLAN ACL security - what am I missing here Posted: 12 Nov 2021 12:26 PM PST I have a Netgear M4300 (which might be the biggest issue, we will see). I have the following VLAN config; 1 vlan 1 192.168.1.30 255.255.255.0 2 vlan 2 192.168.2.1 255.255.255.0 My firewall IP is 192.168.1.254 and I have added a static route to 192.168.2.0/24 via 192.168.1.30. This all seems to work as expected as I have a host on 192.168.2.0/24 that I can see from 192.168.1.0/24 and it can see the internet via NAT. Eventually, what I am trying to do is block access to the VLAN apart from specific hosts/networks to specific hosts/ports in the VLAN. However, before I get there, I am trying to get my head around ACLs on VLANS and I appear to be failing at the first hurdle. In order to test this, I have applied the following ACL to VLAN 2; ACL Name: test Inbound VLAN ID(s): 2 Sequence Number: 10 Action......................................... deny Match All...................................... False Protocol....................................... 1(icmp) Source IP Address.............................. 192.168.1.195 Source IP Wildcard Mask........................ 0.0.0.0 Destination IP Address......................... 0.0.0.0 Destination IP Wildcard Mask................... 0.0.0.0 ACL Hit Count.................................. 0 Sequence Number: 20 Action......................................... permit Match All...................................... TRUE ACL Hit Count.................................. 7395 However, I can still ping 192.168.2.65 from 192.168.1.195. Even if I modify the ACL and add the DENY on 192.168.1.0/24, I can still ping 192.168.2.65. What am I missing here apart from a decent level of knowledge into how this all works. I feel this should be easy to do, yet it does not work. I want to be able to apply an ACL as described above, but if this doesn't work, I'm dead in the water. Suggestions? Thanks [link] [comments] |
| Posted: 12 Nov 2021 05:44 AM PST What do you guys use for calculating ports for new office builds? We pretty much use an excel template for this but wondering if there are other efficient/cleaner ways. [link] [comments] |
| Newb Question - VLANs with same subnet? Posted: 12 Nov 2021 09:54 AM PST Curious if I can assign a virtual IP range to a VLAN, almost like putting a VLAN behind a VPN/NAT? Would like overlapping subnets to exist on the same network. Example: Internal soundmasking 192.168.100.0/24 network on its own switch - d/c from the rest of the network. Then maybe we also have the IP phone system on 192.168.100.0/24 that is connected to the rest of the network. I want to add the soundmasking into the rest of the network, without having to change its subnet. Thinking I can setup a new vlan / tag port on my main switch (HPE/Aruba L3 stack) to connect the soundmasking switch to - then set something up in switch or router to tie that vlan to another ip range? say 192.168.200.0/24 . So if I send data to 192.168.200.1, it would be forwarded to 192.168.100.1 on that vlan? - And reversely data sent out of that port/vlan on 192.168.100.1, would look like its being sent from 192.168.200.1? If you guys can point me in the right direction? I can usually figure things out but in this case I'm not even sure what to search for / what to read up on? [link] [comments] |
| Experiences of Draytech Vigor 3910 Posted: 12 Nov 2021 11:13 AM PST I'm looking for a router/firewall device for a shared office environment. I will deploy a number of switches and APs with up to 30 VLANs with different companies running desktops, laptops, phones, printers etc. I have a 500Mb connection that I want to use with a 4G modem (active/passive) and provide Internet access to these companies whilst having good control and reporting on the utilisation. For example, a company may choose to have 100Mb dedicated. I would want to be able to report on top talkers, live stats of bandwidth usage/sites per device / VLAN. Has anyone experience with the 3910 or can suggest similar products that I should also look at. Ta [link] [comments] |
| Need to learn NX 93ks in 3 months any recommended study materials? Posted: 12 Nov 2021 04:02 PM PST Hey guys, I need to learn a decent amount about 93ks will be moving over our old nexus switches to new 93ks. Im currently studying for my CCNP Encor and fairly new to the Engineering space. Do you have any tips on recommended study material? Just looking for a start point really my boss is paying for official courses, but looking for some more material just to build out my knowledge base. [link] [comments] |
| Migrating Cisco switch configs to Aruba CX 6300 Posted: 12 Nov 2021 01:12 PM PST Is there a documentation that explains how to do the Cisco switch migration to Aruba? Or just a general migration documentation. We are planning to migrate configuration and will be working on a lower level with a big team to help with the migration. I have found some YouTube videos as well but want a detailed document that explains it. Thank you in advance. [link] [comments] |
| Posted: 12 Nov 2021 09:14 AM PST Hi guys, not sure if this idea is possible but here goes. We have two Sophos XG450. Two different locations connected via an IP sec tunnel. The connection works. Great. We have an internal server on east coast that west coast users on site can get to. Great. When west coast users want to get to this internal site, the only way for them to have a SSL Vpn connection to the east coast firewall. Trying to see if there's a way that when they're connected to the west coast firewall SSL Vpn, that they'll be able to get to the internal site hosted on the east coast. Thanks! [link] [comments] |
| Question Regarding Industrial Grade Switches Posted: 12 Nov 2021 06:51 AM PST Good morning all, I am not sure if anyone on here has ever used products from a vendor called ORing/Rugged Science. I am a network engineer specializing in industrial grade architecture and related devices and I am trying to find information on using third party (Startech) RJ45 SFP 1Gig transceivers with their switches. Whenever I slot them in, I get link lights but no traffic is flowing between the two devices.. I have used the web GUI to force port speed on the switch but still no dice. I have used the "secret" command on cisco switches before to allow third party SFP hardware to work and am wondering if there is something similar I can do on the ORing Switches. I am using an ORing IGPS-9084GP Industrial Grade Switch if that helps. Cheers! [link] [comments] |
| Posted: 11 Nov 2021 11:59 PM PST Am I right in thinking QoS only becomes relevant if there is congestion? I.e. if traffic levels are below what the physical interface is capable of (or below the shaper if using that) then everything is forwarded at line speed anyway. Thanks! [link] [comments] |
| Office internet connections - how do you monitor them properly in 2021? Posted: 12 Nov 2021 08:38 AM PST In the last couple of years, many businesses have switched out to using more and more cloud services. For my company this came down to pretty much all infrastructure getting moved to the cloud. People check e-mails via office.com, have meetings via zoom and developers VPN into the virtual appliance running in AWS to access their test environments. This means that when we get back to office, the network there has to be basically an internet cafe. But the business does rely on that internet link for pretty much everything. Yes, I have dual internet connections in offices, but right now the only monitoring that's happening is rpm probes that ping some common IPs and if there are too many failures - internet link gets switched over to another one. This is hardly sufficient for todays world. So my question is - how do you guys monitor internet connection to all the cloud services and make routing decisions based on that? For example, I could use something like Thousand Eyes, have 2 instances pinned to different internet links and monitor connectivity through it via all of their built in tests that can cover all the cloud services I care about. I could write a script that would trigger route failover based on the tests from 1k eyes, but as far as I am aware I'd need to be able to reach 1k eyes web site to get the data that link is down - which is kind of hard to do when your internet is down. I guess I could do it from a known IP on the internet directly to the working WAN IP, but that seems a bit like a hack. Are there other products that can do similar things? Or maybe even open source projects? I am also open to looking at some other vendors for WAN connectivity, not that I mind the Juniper SRX that I have now, but making internet failover and monitoring as easy as possible would save me from lots of headaches... [link] [comments] |
| Posted: 12 Nov 2021 10:55 AM PST Hi Folks, I have one anyconnect tunnel running on my asa and have external dhcp for it. I need to config a second anyconnect tunnel due some requirements, but i dont need to have a new scope. I know with pool address on the asa we can use the same for multiple tunnel groups. Based on how tcp and dhcp works, should be fine to use the same dhcp scope for 2 tunnels? I haven't seen neither any limitation or possible conflict. Group-policy grp-tunnel-1 attributes Dhcp-network-scope 10.10.0.0 Group-policy grp-tunnel-2 attributes Dhcp-network-scope 10.10.0.0 Tunnel-group tunnel-1 Dhcp-server 10.0.5.1 Tunnel-group tunnel-2 Dhcp-server 10.0.5.1 In the future we are going to migrate it to the Asa and not use external dhcp. Thanks. [link] [comments] |
| Can you use DDNS w/ a Static IPs? Posted: 12 Nov 2021 05:41 AM PST Can you use DDNS w/ a Static IPs? We currently have a management network where we connect our iLO/iDRAC, it uses static IPs. The issue is we have people who build the servers and get everything setup, but then sometimes forgets to get a DNS entry for the management interface. No one notices the issue, till there is a problem with the server... I searched Google and I see a lot of Use Cases for DDNS w/ a Dynamic IP, though saw nothing for static. I am curious if it can be leveraged with a Static IP to remove a step from the process as well as make sure we don't run into an outage w/o knowing how to access the server's console. I am not a Networking SME, though the networking engineers I am working with on this don't speak the same langauge and Google Translate doesn't always work that well on these type of topics. I see them talking about DHCP and we currently use Static IPs, hence why I am wondering if there is a limitation. [link] [comments] |
| Device isolation exclusions failing on Cambium APs Posted: 11 Nov 2021 08:21 PM PST I have a network with an bunch of Cambium cnPilot e410 APs controlled by the cnMaestro cloud controller. They are running version 4.2.1-r12. We have 2 wlans set up, 1 for internal use, and one for Guest access. The guest access wlan has client isolation turned on and set to Network Wide. It is also on its own vlan. We need to allow a couple of wireless printers on the guest wlan. I added their MAC addresses to the client isolation list but they are still not accessible on that wlan. I have made sure they are on the correct wlan and connected. They do both show an IP address and gateway address that is correct for the guest wlan. I'm not sure what I'm doing wrong here. For troubleshooting, I turned off client isolation and the printers were immediately available. They are also available from the internal wlan almost any time. Turning the isolation back on, the printers are once again inaccessible. Am I missing something? [link] [comments] |
| Posted: 12 Nov 2021 05:15 AM PST Hey guys, Our company is moving to a different location and in a few weeks our Users network is going to be up and running. My manager told me we have a new problem- When the time comes and the technicians will connect each device (PC, Printers, IP Phone and more) to the dedicated switch in the floor we will need to configure a dedicated Vlan for each department. the problem arise when you understand we are talking about a thousands of devices and 40 different Vlans. If you guys have a solution or maybe a script you used before so I could modify I will really appreciate it <3 Thanks EDIT: I mean we need the interface being assign to his dedicated Vlan by the device being connected to him. [link] [comments] |
| LINUX BONDING AND LACP ON DELL SWITCHES Posted: 12 Nov 2021 07:23 AM PST As noobie in networking I have a question. I have 2 proxmox nodes, using mode 4 of the Linux bonding (802.3ad) connected on two not stacked dell switches (s4048) using LAPC port channel. This was an early implementation for failover. Now I want to combine the bandwidth for the interfaces and im wondering what's the best approach, to stack the switches and continue using mode 4 or can I use mode 0 Linux bonding combined with the dell switches? [link] [comments] |
| Posted: 11 Nov 2021 05:42 PM PST **compared Long story short, I'm working with a very small office (about 4/5 workstation PCs total) and we can benefit from a 100G switch in the future with our workloads (with PCI 4 and 5, storage speeds are. I'm looking at 2nd hand switches and the Mellanox SN2700 has a lot of availability right now and is relatively well-priced (about 2000 for 32 ports of 100G with their Spectrum ASIC). Anything 2nd hand from eBay with >8 100G QSFP28 ports seems to often be at least double or triple the price. I'm fairly familiar with MLNX-OS but not yet with Cumulus., so I'm wondering... Is there something I'm missing here or is this a pretty good deal? Why are the Mellanox SN2700 switches so much cheaper compared to Arista / Cisco / Juniper 2nd hand switches? [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment