Sanity Check - Dual datacenter, 2 cores in each, dozen branches. BGP Best Design Practice Networking |
- Sanity Check - Dual datacenter, 2 cores in each, dozen branches. BGP Best Design Practice
- MPLS as a Customer
- Sanity Check: Aruba CX6400 IEEE1588
- Any TZDIST RFC7808 public service?
- QSFP Question
- Cisco NCS 5500 and HSRP
- Question: I had port 22 open to the world by accident for 3-4 months. How likely do I have a hitchhiker in my network now?
- Cisco IOU images in lab or a proper image?
- If I can find a route in the VRF routing table do I need to further investigate the connection for a BGP idle ticket?
- Difference between Panduit OM3 fiber-optic patch cords with Standard IL vs Optimized IL?
- iPerf CWND
- First-time QOS configuration in a Cisco environment
- Ios-xr forgetting configuration on every boot.
- What is the proper way to trace a passive POE cable?
- Unifi-like auto IP discovery on layer 2 network (IPAM)?
- retransmission issue from F5 LTM
- VLAN ACLs, and traffic direction
- Can a WiFi station be connected to more than one SSID at once?
- Can one machine address non-overlapping subnets?
| Sanity Check - Dual datacenter, 2 cores in each, dozen branches. BGP Best Design Practice Posted: 01 Dec 2021 11:38 AM PST As the title says, consider two datacenters. Call them US Central and Europe West, Each regional location has two routers. Actually PA firewalls, but for this purpose consider them routers. Need cross connectivity, and of course access to branches. I am thinking each DC has an AS, and in each datacenter, both routers have iBGP with it's peer. Between the datacenters each core is full mesh with the other two via eBGP. route-map and prefix-list to control exchanges. The branches utilize communities to reach their respective regions. Is this still a sane way to accomplish this, is there something else I should be considering? [link] [comments] |
| Posted: 01 Dec 2021 01:19 PM PST An engineer that left the company ordered an MPLS circuit from a well known ISP to replace and existing P2P link. I've never used MPLS as a customer and while I could speculate as to why he ordered the circuit, I need to figure out the best way to use it. I wish I had another network engineer at my company or a mentor to ask but since I don't I'm coming here 😄. Perhaps this is a dumb question, but what is the best way to use an MPLS circuit to replace a P2P circuit? Should I update our vpn tunnel to use the new non-private addresses? Or make some kind of vpn tunnel on the routers so that my same private IP address are what the firewalls see? Or something else entirely? Any resources or answers provided are greatly appreciated. [link] [comments] |
| Sanity Check: Aruba CX6400 IEEE1588 Posted: 01 Dec 2021 09:46 PM PST Hey everyone, Just checking if anyone can confirm if the Aruba CX6400 switch supports IEEE1588 Precision time protocol? I can see the 6300f/m series does but I was thinking "surely the 6400 series does" yet cannot see it in the 6400 data sheet. Really hoping the 6400 series does because its perfect for what I need! [link] [comments] |
| Any TZDIST RFC7808 public service? Posted: 01 Dec 2021 09:17 PM PST I'm working on a DIY synchronized clock project, and looking for a service for sourcing timezone information. [link] [comments] |
| Posted: 01 Dec 2021 05:56 PM PST I have used SFP and SFP+ for a long time but I have not used QSFP really. I have a Juniper EX4600 that has 4 QSFP+ ports. I have seen references online that you can use a duplex single mode fiber and run 40gig over two fibers. Is that correct? If so how does that work? Does each fiber transmit on two separate wavelengths like 1270 & 1330? [link] [comments] |
| Posted: 01 Dec 2021 04:18 PM PST Hi, I'm deploying NCS 55A2 pairs in my network and am having issues with HSRP. Running IOS-XR 6.6.3. HSRP VIP is pingable upstream from NCS boxes but not downstream on 802.1q subinterfaces interfaces. HSRP and ARP tables on downstream devices look good but you cannot use HSRP address as gateway. Addresses on subinterfaces work as advertised. Have any of you guys had issues with HSRP not working correctly on NCS? Thanks in advance. Addresses on subinterfaces are .42 and .43. [link] [comments] |
| Posted: 01 Dec 2021 07:30 PM PST Pretty much the title. The device I use that had the port open is a Bobcat miner that uses a Rockchip PX30. The port was actually forwarded as well. The ssh login is not public knowledge and only known by bobcat support. Knowing this, is it possible for someone to ssh into the rest of my network while not knowing the device ssh login? The reason I ask is because I tried to setup a powershell smpt command and Microsoft straight up told me my IP is blacklisted. Going to https://check.spamhaus.org/ it looks like it's reporting HELO values that a device from my network is trying to reach. Having a hard time tracking down what's causing it. Sorry if this is a stupid question, I'm not a network guy. Edit: Spamhaus results
[link] [comments] |
| Cisco IOU images in lab or a proper image? Posted: 01 Dec 2021 04:28 PM PST Hi, I'm about to build an SD-WAN lab in my work and have all the right things in place for it along with the VM running Ubuntu 64bit etc...I'll be using EVE-NG Pro to. The only extra thing I'll be needing are some generic L2 and L3 switches/router images. I have 2 ideas in mind, either download an appropriate image off Cisco's download page (I have pretty much full access to download whatever I want) or use an IOU images for the L2 and L3 "generic" devices I'll need. So I guess my 2 questions are: If anybody could recommend a good image to download off Cisco's site for L2 and L3 that fit that purpose, then please do. Or, use one of Cisco's IOU images which would probably be less resource heavy as well. The only issue is I've not been able to find out how to get ahold of these. I can see on EVE-NG's site that they recommend 4 different types of these images. Could I download these off Cisco's site to? Because I haven't been able to find these anywhere on there, if not then where would be my best bet? Thanks [link] [comments] |
| Posted: 01 Dec 2021 08:05 AM PST So this may seem a little noobish but I am trying to get better knowledge on understanding VRF's and MPLS backbones. If I get a BGP idle connection and I am verifying whether there's an actual issue on this interface/ device, if I check the VRF routing table and see an entry for the neighbor, is further investigation necessary or can I assume the route is operational? A route won't be in the routing table if there's no established adjacency correct? Is there an easier way to check VRF neighbor relationships using the IP of the adjacent interface? I just want to double down on learning and verifying I am getting this right, thanks. [link] [comments] |
| Difference between Panduit OM3 fiber-optic patch cords with Standard IL vs Optimized IL? Posted: 01 Dec 2021 11:58 AM PST I am looking to order a boatload of fiber-optic patch cords with end of the year money to refill our data center new in package patch cords. Last year we purchased some Panduit push-pull style fiber-optic patch cords and they are an Optimized IL style. I went to order this year and following their pattern I noticed they offer a Standard IL, Optomized IL, or Ultra IL/Straight Through option when selecting the performance/construction of the fiber-optic patch cable. I have no idea what this means. Could someone explain like I am five? This is the part number configurator I am looking at: https://www.panduit.com/content/dam/panduit/en/products/media/3/03/203/6203/100366203.pdf [link] [comments] |
| Posted: 01 Dec 2021 03:08 PM PST Hi, I am working on linux hosts and iPerf 3. I like how iPErf3 shows retransmissions. I am trying to increase my Cwnd and everytime i set bandwidth it never goes above 500Kbytes? [centos]# iperf3 -c 10.196.250.14 -w 30m Connecting to host 10.196.250.14, port 5201 [ 4] local 10.198.70.254 port 39240 connected to 10.196.250.14 port 5201 [ ID] Interval Transfer Bandwidth Retr Cwnd [ 4] 0.00-1.00 sec 150 MBytes 1.26 Gbits/sec 140 434 KBytes [ 4] 1.00-2.00 sec 114 MBytes 954 Mbits/sec 0 589 KBytes [ 4] 2.00-3.00 sec 112 MBytes 944 Mbits/sec 0 711 KBytes I have tuned TCP as well ? [link] [comments] |
| First-time QOS configuration in a Cisco environment Posted: 01 Dec 2021 12:46 PM PST I was wondering if I could get some help with a basic Cisco QOS configuration. We're getting close to implementing a new VOIP solution on our network and I need to get everything configured. This is a cloud-based VOIP system so everything will be going out our ASA to the internet. The vendor provided this for me to work off of so if I could get some pointers on where to look or a starting place I would appreciate it. Information provided from vendor: - Confirm QoS (Quality of Service) is configured on all the Routers - Confirm LAN is honoring and prioritizing DSCP 26 for SIP at Layer 3 - Confirm LAN is honoring and prioritizing DSCP 46 for SIP at Layer 3 - Confirm LAN is honoring and prioritizing COS of 5 at Layer 2 There's some additional steps provided as well but this is where I need to start with everything. Our firewall is a ASA 5516 and our core switch is doing all the layer 3 work, it's a 4500X. I have a pretty good understanding of networking but QOS is one of those things I've never messed with. Anyone have some sample configs I can look over or some good websites outside of Cisco to get me started? Thanks [link] [comments] |
| Ios-xr forgetting configuration on every boot. Posted: 01 Dec 2021 06:45 AM PST I prefer to troubleshoot this myself rather than send the ASR 9001 back to the seller. So I configure the ASR, I make sure to 'commit' the configuration, but every time I reboot the device it loses it's configuration. My theory is that the seller has incorrectly factory reset the device and now it is stuck erasing the configuration on every reboot. On every boot I get the following message on the console: 'Configuration Manager is applyinng ADMIN configuration from a user specified alternate source '/disk0:/none' from a rommon variable option' How do I change the location from where it is looking the startup configuration on IOS-XR? Can I do it without rommon? What would be the default location where the startup configuration is stored? [link] [comments] |
| What is the proper way to trace a passive POE cable? Posted: 01 Dec 2021 05:20 PM PST I install whole home wifi systems for a living. Been doing it for a while and I'm always looking for improvement. We install wired APs, which usually requires cabling tracing. Most client's home have uncrimping CAT cables that are dead on either side. This is easy to map out and I generally just use my FLUKE CIQ-100 CableIQ Tester on the data jack, and my Intelitone to find the cable in their low voltage panel. On occasion the clients have passive POE injectors (via a switch, or other power supply). I get the "high-voltage disconnect" message. I do, and either shut off the switch, or tone out a few of the CAT wires that have no power running to them. What is the proper way to tone out passive POE cables? Does the MicroScanner2 from FLUKE allow you to tone out POE cables? [link] [comments] |
| Unifi-like auto IP discovery on layer 2 network (IPAM)? Posted: 01 Dec 2021 05:17 PM PST I'm managing a small business network, think about ~80 connected end hosts both wired and wireless. Currently using the Unifi controller software as the DHCP server (with a Unifi router) but we're planning to eventually move away from Unifi, probably more enterprise grade or opensource router/firewall like OPNsense/PFsense. I really love how I can have someone plug any device in or connect to the APs and 20 seconds later have its DHCP-assigned IP address and it's uptime on a nice GUI. I also like that I can assign static mapping to said IPs and basically make them "static" forever from the Unifi GUI, rather than through every single device individually, and making IPAM a breeze. It just makes my life that much easier, but I'm locked in the Unifi ecosystem to get it. What is the best cross-platform, non-Unifi way to achieve something similar? Can be through command line too, but just need some advice as I've become used to this way of doing it through Unifi GUI. Bonus points if it supports DHCPv6 as well (Unifi does, but doesn't do static mapping like it does for IPv4 and it doesn't list the IPv6 addresses in the GUI either). Thanks! [link] [comments] |
| retransmission issue from F5 LTM Posted: 01 Dec 2021 07:57 AM PST Howdy, really struggling to understand the second delay and the re-transmit here. Very keen for some help! Wireshark screenshot excerpt https://imgur.com/a/a6B9rTz From my reading of it, that final TLS packet of 770 bytes is giving a SEQ that implies it is a much larger packet than it is? Its SEQ vs the previous one is a difference of 2896. so then the client is demanding the gap between 122499 and 123947 - 642 or something. I'm probably massively misunderstanding this though. Hopefully there's enough information in the image to suggest why on earth we're seeing these re-transmits every second on a busy service. Whatever I'm getting wrong though, why is my server, listening on 22603 waiting for 1 second to (re??) send a full packet, that doesn't look to be wholly unaccounted for? Any insights appreciated! [link] [comments] |
| VLAN ACLs, and traffic direction Posted: 01 Dec 2021 07:04 AM PST Hi Reddit. Im currently working on setting up some ACLs on a Cisco N3k, but it doesnt work quite the way that i want it to. This is the scenario: We have a switch, with several VLANs on it, and an interface with a public IP. I created a new vlan on that switch - and made some ACLs, to limit traffic. so good so far. i did something long the lines of the following(IPs have been changed): object-group ip add FR_RDP host 185.161.2.55 host 185.161.2.56 object-group ip add FR_Intern 172.168.1.0/24 ip access-list CV_ACL permit tcp addrgroup FR_RDP addrgroup FR_Intern eq 3389 int vlan 124 ip add 172.168.1.254 255.255.255.0 no shut ip access-group CV_ACL in Forgive any typing errors on commands. I cannot RDP from 185.161.2.55 to 172.168.1.1 with this. not even hitting the rule, it seems. there are more rules than this, above it... if i, right above this add: permit ip any any - it works, for obvious reasons. If i reverse set the current dst as source - and make the new dst any, it works as well. Anyone have any idea as to what is going on - or how i can approach this? [link] [comments] |
| Can a WiFi station be connected to more than one SSID at once? Posted: 01 Dec 2021 05:52 AM PST Wired ethernet is a bounded medium, so it makes sense that if you only have one ethernet interface/port on your station, it can only connect to one L1 network. But with WiFi, it's unbounded so you could (at least in theory) be associated to more than one SSID/L1 network at once. However, I've never seen the above (1 radio connected to a plurality of SSIDs) done before. Is there a reason for this? I've never seen an operating system allow you to do this, so I'm assuming there's something obvious I'm not thinking of. Maybe another way to ask this question: What would happen if a single station had more than one WiFi card/radio? Would it permit you to connect to two SSIDs simultaneously? [link] [comments] |
| Can one machine address non-overlapping subnets? Posted: 01 Dec 2021 12:59 PM PST Sorry for this noobish question, mods please let me know if this is inappropriate. Suppose I have two different subnets where all the machines involved have static IPs defined within each machine (i.e. not as reservations in a DHCP server). Devices on both subnets are physically connected to a single unmanaged switch. Subnet A: 192.168.0.x, 255.255.255.0 Subnet B: 192.168.1.x, 255.255.255.0 Now suppose I have an isolated workstation, call it workstation C, which I want to use to be able to monitor devices on either subnet, but still keep the subnets separate. Could I achieve this by simply connecting workstation C to the switch and assigning it a static IP of 192.168.x.x with subnet mask 255.255.0.0? Suppose I pinged a device on either subnet A or subnet B from workstation C. Intuitively, workstation C should be able to send a ping out on either subnet, since either subnet falls within workstation C's addressable range. However, I don't think devices on either subnet would be able to reply unless workstation C had either a 192.168.0.x (subnet A would be able to reply) or 192.168.1.x address (subnet B would be able to reply). I understand the best-practice for subnetting is to avoid overlapping subnets and set up routes between these subnets, but is my predicted behavior correct? [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment