Moronic Monday! Networking |
- Moronic Monday!
- Where can I learn more about cloud providers network architecture?
- What are everyone's favorite vendor-neutral networking books?
- Strange Ipsec tunnel issue
- I'm scared.... of VTP!
- OSPF - Divide Area 0
- Does the SFP matter?
- Checkpoint Maestro Site Sync Link and QinQ problems
- OSPF design
- DevNet Associate Tips
- Aggregate protocol (tier 1 ISP) data?
- Leaf Switches in Spine-Leaf
- HA for 1 BGP connection and two routers Cisco ISR 4331
- Router for my bussines
| Posted: 29 May 2022 05:00 PM PDT It's Monday, you've not yet had coffee and the week ahead is gonna suck. Let's open the floor for a weekly Stupid Questions Thread, so we can all ask those questions we're too embarrassed to ask! Post your question - stupid or otherwise - here to get an answer. Anyone can post a question and the community as a whole is invited and encouraged to provide an answer. Serious answers are not expected. Note: This post is created at 01:00 UTC. It may not be Monday where you are in the world, no need to comment on it. [link] [comments] |
| Where can I learn more about cloud providers network architecture? Posted: 30 May 2022 06:12 AM PDT When working on any large-scale designs, we're always limited by some scalability parameter for one platform or the other, and we have to design our way around it. That got me thinking regarding how a cloud provider's network, like AWS or Azure, could support the level of multi-tenancy they provide on a network level. I'm interested in both the networking and orchestration facets of it. A couple sample questions off the top of my mind:
I'd also like to check out any public resources you can point me to regarding cloud providers' network architecture and operations in general. [link] [comments] |
| What are everyone's favorite vendor-neutral networking books? Posted: 30 May 2022 03:06 PM PDT I'm looking to expand my collection. I have TCP/IP Illustrated, Routing TCP/IP Volumes 1 and 2, and Interconnections. What other vendor-neutral networking books would you recommend? I'm thinking something surrounding 802.11 wireless would be good. [link] [comments] |
| Posted: 30 May 2022 04:16 PM PDT hi all, strange issue we are having. All sites have a sophos UTM FW linked by IPsec VPN tunnels. - site A is ipsec tunneled to site B - Site C is tunneled to site B suddenly only site C can communicate with site B. however site A to B tunnel is still active and showing no errors. no changes were made, we checked all the settings nothing seems off. > Site C is able to ping all devices and connect to all web apps from site B. > Site A can't ping any device or connect to any web app from site B. > Site A and C can communicate just fine but traffic doesn't flow like A>B>C > no static Ips have changed. Sophos support are still investigating. not even sure how we can pin this on a possible ISP issue? any theories? [link] [comments] |
| Posted: 30 May 2022 07:36 AM PDT Hi all. A week ago my company acquired another company, which we will now provide the support for. This company has multiple sites around the globe, and they are running VTP, however, VTPv3. I've been deep-diving into VTPv3 the last week, and from what I've noticed is: General facts:
In their (or our now) domain no switch is the Switch1#vtp primary server. All servers are either vtp mode server or vtp mode client. Does this probably mean that they setup VTPv3 with the primary server, but then probably just reverted it back? If I check other switches in the domain, its says that "Primary description" is XYZ-COR-01, however, XYZ-COR-01 is only in "Server" mode, so its probably likely that it was Primary server and then they removed it, correct? I've created a document with the following steps before I introduce a switch in VTP (I always take in consideration that the switch has been used elsewhere). Imgur: The magic of the Internet Any other things to keep in mind when dealing with VTPv3? From what I read, it seems to be better since you cant nuke the network with a switch with a higher configuration revision, if I understand it correct, and I guess that was what the problem was with v1 and v2. [link] [comments] |
| Posted: 30 May 2022 02:12 AM PDT Hi all, I am in the middle of a carve-out project. Multiple sites will leave the network with one site hosting the new datacenter. Sites are connected via an ISP MPLS, traffic is routed and routes are being distributed by OSPF in a single area 0. VPN is only for backup. Rough diagram here. Right side is the desired outcome, there should be no route distribution between the two companies, so static routing will be fine. The question is, how can we separate the routers into their own OSPF backbone area? Scheduling a maintenance window would not be a problem and right now I can see no other way then to have an engineer on site and change the OSPF config on each router and setup static routing between new and old HQ in one big downtime. After that is done, the ISP can separate the MPLS networks. Is there a more elegant solution for this? Any tips would be welcome, thanks. [link] [comments] |
| Posted: 30 May 2022 10:53 AM PDT Hello all, just out of curiosity, where does everyone get there SFP's from? I'm still learning in my first networking roll here and I noticed that we get all our SFP through CDW and let me tell you they are expensive. I recently got curious why we always did it this way and the answer I got was "idk we always just did it this way, it's the companies money". So bot much of an answer there. I was looking at this Webiste https://www.fs.com/c/fiber-optic-transceivers-9?gclid=Cj0KCQjw1tGUBhDXARIsAIJx01npkgQncirSFppFp5cfMFvsYRvBNYlbxSPqPRvad7G1E4QHzX0hevkaAjkoEALw_wcB and they look more reasonable in price. Any recommendations? [link] [comments] |
| Checkpoint Maestro Site Sync Link and QinQ problems Posted: 30 May 2022 11:48 AM PDT Hello everyone, I am at a bit of a loss with getting the switchport configs right for a couple of site sync links of four Checkpoint Orchestrators. Unfortunately I have no ways of gathering actual pcaps to look at how traffic is actually formed or what point is is even reaching. First off the topology. It's nothing special, two N9K vPCs connected to each other via DWDM. Each Orchestrator connects to a single port on a Nexus. As per Checkpoints documentation, which I was given by the engineer, the infrastructure has to support QinQ and must not remove the given VLAN tags. The following configuration is an example of what has been set on the connected switchports on each Nexus: For the connections linking Orchestrator A1 to B1 (configured on N9K-A1 and N9K-B1) For the connections linking Orchestrator A2 to B2 (configured on N9K-A2 and N9K-B2) According to the firewall tech he is neither able to sync the devices nor able to reach the opposing DC via ping on those interfaces. I see no inconsistencies for spanning tree in either VLAN3600 or 3601, MAC addresses also show up properly on all of the interfaces. MTU is fixed at 9216 on the DCI. I may be misunderstanding the fundamentals of QinQ, however I followed Cisco's documentation on QinQ tunneling and unfortunately can't find any culprit that could keep the QinQ tunnel from working. From what I understand Checkpoint sends out a frame with two VLAN tags stacked within and needs those tags preserved. I assumed that the configuration above would add the respective VLAN as an S-Tag and carry the traffic to its respective destination. I have not yet tested whether tunneling L2 protocols helps but also have not yet gotten a reply from the techs if there are any specifics to be configured other than QinQ support itself. I would be very grateful for any input, especially since this is my first time dealing with QinQ in general. Any pointers would be much appreciated. [link] [comments] |
| Posted: 30 May 2022 02:22 AM PDT I have a client who has 2 hub sites and 25 spoke sites connected over L2 VPN. L2 VPN is managed by ISP and only 1 VLAN Is allowed per site, customer doesn't have any control over ISP devices. Customer wants to run OSPF for hub to spoke connectivity and also wants certain subnets to prefer HUB1 In DC A and another set of subnets to prefer HUB 2 In DC B. Customer is zoomed in to using OSPF only at the moment due to multi vendor environment and operational reqs, also requested each spoke should be able to speak only to HUBS not to other spokes. I would highly appreciate if you can share some of your experience on how this should be designed with related to the areas, route advertisements and manipulation. [link] [comments] |
| Posted: 29 May 2022 06:23 PM PDT As someone with limited coding experience, starting the DevNet associate after my CCNP is going to be a fun endeavor. I see that cisco has some good courses but I'd like to get some input from the community to see what helped you the most. Should I consider learning something prior to jumping in feet first? I have start a python course on INE that I will be completing in a few days. So much new stuff to learn! [link] [comments] |
| Aggregate protocol (tier 1 ISP) data? Posted: 30 May 2022 09:30 AM PDT Does anyone know where to find aggregate protocol data? E.g. HTTPS represents X% of all traffic, ssh represents Y% of all traffic, SMTP Z%, etc. ? [link] [comments] |
| Posted: 29 May 2022 07:13 PM PDT Question on how leaf switches are configured in a spine-leaf architecture. Are these stacked? or VLT or MLAG? I'm still a bit new to these as well, but looking for a solution to where I can upgrade firmware (perform maintenance) on one of the switches without loss of service to the secondary switch. Reason I'm asking is switch stacking has a downside for us that upgrading firmware will take down the whole stack. [link] [comments] |
| HA for 1 BGP connection and two routers Cisco ISR 4331 Posted: 29 May 2022 07:50 PM PDT Hi, I am trying to set up HA for the BGP connection. I have one connection coming from the ISP and the client requested two routers on their end. So the setup is simple : ISP BGP Router ----> Switch WAN (here are connected two Cisco Routers) -> Primary Cisco router ----> Client`s LAN switch 1 -> Secondary Cisco router ----> Client`s LAN switch 2 I was thinking about Stateful Interchassis Redundancy because I can set up only 1 BGP session to ISP. What would you recommend? [link] [comments] |
| Posted: 29 May 2022 09:40 AM PDT Hey, My current router is CheckPoint 730. And in the last 2 years, my users have doubled themselves. Today I have 25 ap, 15 switches, and something like 300-500 clients, I have a vrf network and i have FW VDOM in my isp, (2 sites) but I'm thinking of using the airfiber by Ubiquiti (the 2 sites are in the same street). I need a recommendation for a new router, because of the CP crushing from time to time... and also to get some understanding if the airfiber will do the job. thanks! [link] [comments] |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment