|
Mierdaan posted:MTU question. What's would happen if we have a storage network (NFS/iSCSI traffic) with jumbo frames enabled on only some interfaces? E.g. on the switches, but not the filers/servers? I'm assuming this is a terrible idea and everything should be switched over at once (or set up that way in the first place, of course...) Jumbo frames on switches but not devices is fine: your devices will send normal-sized packets and that value is well underneath your jumbo packet MTU ceiling. Jumbo frames on devices but not switches is where you can run into problems, as the switch will either drop the packet or fragment it, neither of which is desirable.
|
#
?
Mar 6, 2012 22:16
|
|
|
|
| # ? May 31, 2024 17:43 |
|
|
jwh posted:Mayhap you should purchase a firewall? We have an ASA, but if the internal traffic never gets to the firewall, how would that help with building "inside" ACLs?
|
|
#
?
Mar 6, 2012 22:17
|
|
|
madsushi posted:Jumbo frames on switches but not devices is fine: your devices will send normal-sized packets and that value is well underneath your jumbo packet MTU ceiling. Thanks for putting my mind at ease. That is how I thought it'd work but I always talk myself into things being worse than they are. fake edit: Test environment? What's that.
|
|
#
?
Mar 6, 2012 22:32
|
|
|
Mierdaan posted:MTU question. What's would happen if we have a storage network (NFS/iSCSI traffic) with jumbo frames enabled on only some interfaces? E.g. on the switches, but not the filers/servers? I'm assuming this is a terrible idea and everything should be switched over at once (or set up that way in the first place, of course...) I experimented with this last week to some undesirable results. Set your switches first. If your switches are set to jumbo they'll be ready to handle any jumbo traffic your hosts send out. You can change your hosts at any time after that. If you change your hosts first then your switches will probably drop the packet or do something altogether unpleasant to it. So it doesn't have to be a seamless rollout, but make sure your switching infrastructure can handle it first. e: bleep bloop didn't see this was already answered on a new page, so e;fb.
|
|
#
?
Mar 6, 2012 23:30
|
|
|
Since the conversation has gone the way of 10Gbe, I'd like some advice. We are looking at refreshing our entire VMware environment, and rather than build up, we've decided to build out. As part of this, we are thinking about replacing our iSCSI/VMware switches, which are currently some higher end procurve switches. We don't need a ton of access ports, so we were thinking about getting a pair of 3750s to handle this job. Additionally, we want to toss some 10Gbe cards into our netapp and getting 10Gbe for that (give each head 1 link to each switch, total 4 Gbe ports). Since we are going for smaller VMware servers we don't necessarily see the value of 10Gbe to them today, but would like to retain some amount of spare 10Gbe capacity in case we go with blades for our next refresh. Ciscos documentation on these switches implies that i should be able to get 4 ports to 10Gbe on each, but CDW doesn't seem to show a 4 port 10Gbe module. Is a pair of stacked 3750s with 4 port 10Gbe modules a good solution given my listed requirements?
|
|
#
?
Mar 7, 2012 02:04
|
|
|
Powercrazy posted:HAHAHA. Seriously? Wow.... SFP+ MSA doesn't have the power to drive LR2 10G optics, so anywhere they plan on integrating IPoDWDM or any kind of long haul 10G it has to be XFP form factor. So in the case of the 9001 the SFP+ ports are intended for your local router-aggregation connectivity (using SFP+ direct attach, or SR/LR optics), and the XFP are intended for WAN connectivity (IPoDWDM (OTU2 encap), LR2/ER/ZR LAN-PHY 10GbE, or WAN-PHY framed). adorai posted:Since the conversation has gone the way of 10Gbe, I'd like some advice.
|
|
#
?
Mar 7, 2012 02:51
|
|
|
ragzilla posted:3750 architecture has always been criticized historically over having lovely buffers which hampers their adoption as a datacenter switch. I'd recommend looking to 4900 (4500 based) or Nexus 5k for 10GbE aggregation/access.
|
|
#
?
Mar 7, 2012 05:00
|
|
|
Juniper or Brocade These are ment to be good http://www.brocade.com/products/all/switches/product-details/icx-6610-switch/specifications.page BUT you have to buy licences  to enable 10GDunno about buffers as well  edit: buffers be quote:Greater buffering capabilities: With an 8 MB packet buffer, the Brocade ICX 6610 nzspambot fucked around with this message at 06:25 on Mar 7, 2012 |
|
#
?
Mar 7, 2012 06:19
|
|
|
I don't know how much you'd get things for, but for cheap 10GE setups we've been using Dell 8024Fs, 24 SFP+ ports and 16MB buffers. Performance wise they do as well for access stuff as Brocade TurboIrons (cost us around 1.5x as much) but the interface is a tad funky. By which I mean unintuitive. Dell makes lots of switches and by god, almost every one has different command syntax.
|
|
#
?
Mar 7, 2012 07:25
|
|
|
Anjow posted:I don't know how much you'd get things for, but for cheap 10GE setups we've been using Dell 8024Fs, 24 SFP+ ports and 16MB buffers. Performance wise they do as well for access stuff as Brocade TurboIrons (cost us around 1.5x as much) but the interface is a tad funky. By which I mean unintuitive. I thought they just have re-branded equipment that wasn't a server for the most part?
|
|
#
?
Mar 7, 2012 14:56
|
|
|
Anjow posted:Dell makes lots of switches and by god, almost every one has different command syntax.
|
|
#
?
Mar 7, 2012 16:19
|
|
|
Bluecobra posted:Dell recently acquired Force10 and FTOS is a pretty good IOS clone. Most of the commands are identical. I wonder if they are eventually going to drop the PowerConnect line in favor of Force10. Though they also own both EqualLogic and Compellent and they keep that separate so who knows. For a short time they partnered with Juniper and re-branded some EX line access switches but I think that deal has since been canned when they purchased Force10
|
|
#
?
Mar 7, 2012 16:34
|
|
|
ragzilla posted:SFP+ MSA doesn't have the power to drive LR2 10G optics, so anywhere they plan on integrating IPoDWDM or any kind of long haul 10G it has to be XFP form factor.  . Looks like they were finally forced to adapt.
|
|
#
?
Mar 7, 2012 18:24
|
|
|
Powercrazy posted:However the XFP form factor was rejected by the 6500/7600 BU because of Powercrazy posted:So for like 3 years you never saw an XFP on any "core routing" equipment, however they would still use Xenpaks and X2's which are both significantly bigger than the XFP
|
|
#
?
Mar 7, 2012 21:20
|
|
|
XFPs were standardized in 2002, and were in ONS gear since like '04. The board cost consideration makes sense though. But you still didn't see any XFPs until the ES20 cards. I don't think they were on the SIP/SPAs that the 7600 used until after the ES20 cards.
|
|
#
?
Mar 7, 2012 22:20
|
|
|
I'm going to pretend this is the Enterprise Networking thread with my next question. I'm in the process of requesting resources from ARIN. We're going to be setting up some colo's with their own internet connections, etc. Failover to the colo's will be handled via DNS. Each site will have unique IP addresses and will require ASN's as we'll have multiple ISP's coming in. Should I request multiple /24's (one for each site) and a corresponding ASNs, or should I request a /22 with a single ASN's (is this even possible) and broadcast the /24's from each location using the single ASN? Sorry for what seems to be a noob question, but my google-fu is weak apparently when it comes to this.
|
|
#
?
Mar 12, 2012 18:23
|
|
|
CaptainGimpy posted:I'm in the process of requesting resources from ARIN. We're going to be setting up some colo's with their own internet connections, etc. Failover to the colo's will be handled via DNS. Each site will have unique IP addresses and will require ASN's as we'll have multiple ISP's coming in. Request the /22 (or whatever size block you need to give you enough /24s for your sites) with a single ASN - From what you are describing I don't see why you would need different ASNs, and getting a single larger block is more flexible in the future than separate /24s. That being said - do you really need your own IP addresses? If your colos are multi-homed (e.g., you are getting transport from multiple different ISPs) and you want to run BGP with them, you will need an ASN from ARIN, but you don't necessarily need your own IP block. You can just have one of the ISPs delegate you a /24 (the smallest subnet that you can announce to the public internet via BGP) for each of the colos and you can announce it via BGP to all of the ISPs you are connected to. It should be pretty easy to get ARIN to give you an ASN if you have orders with multiple ISPs at the same location, but it may be much harder to justify your IP resource request, so I'd go that route if you just want to get going.
|
|
#
?
Mar 12, 2012 18:46
|
|
|
markus876 posted:Request the /22 (or whatever size block you need to give you enough /24s for your sites) with a single ASN - From what you are describing I don't see why you would need different ASNs, and getting a single larger block is more flexible in the future than separate /24s. From my reading it was possible that each of these colo customers could be paying for management/consultancy, but operating as their own entity. An example would be one of our clients who wanted to set up shop, but needed to work with us to get their ASN and PI block. I suppose the deciding factor would be whether these customers may want to take their IPs elsewhere in the future.
|
|
#
?
Mar 12, 2012 18:49
|
|
|
If you can get it go with provider independent addresses. A single /22 that you can divide into /24's should be sufficient. Even though IPv4 space is "exhausted," I didn't have a problem getting 2 /20's when I was setting up our Global Datacenters.
|
|
#
?
Mar 12, 2012 18:54
|
|
|
Powercrazy posted:If you can get it go with provider independent addresses. A single /22 that you can divide into /24's should be sufficient. I don't know if it's different between RIPE and ARIN, but with RIPE at least I think this wouldn't fly, since you can't sub-assign PI space.
|
|
#
?
Mar 12, 2012 18:57
|
|
|
You can sub-divide to a /24 unless there is something else you are referring to?
|
|
#
?
Mar 12, 2012 19:25
|
|
|
Thanks for the quick responses. Markus876, the biggest reason for needing address space is the mobility it provides with ISPs coupled with the fact that some of our "customers" and other internal forces are dead set on using IPs instead of DNS(which I should have included in the 1st post). We're preparing a move off our current ISP and the amount of work that it is taking to get prepared for that is what drove me to investigating getting our own address range (not interested in doing the same work again). Colo's will contain different group companies, etc. We have a /22 with our current provider and we're at about 80% utilization and will continue that, so utilization requirements aren't a concern. I'm going to work a little closer with one of our colo's to look into other creative options, but the info provided unmuddied some waters. Again, thanks for the help.
|
|
#
?
Mar 12, 2012 19:30
|
|
|
Powercrazy posted:You can sub-divide to a /24 unless there is something else you are referring to? We may be at crossed purposes here, if you're speaking technically then yes, of course. However I mean with regards to following the procedure of registration of the space with the RIR - we have some PI space and we are not 'allowed' to sub-assign it to our customers, it can only be used in blocks for devices owned by our company, or individual IPs can be assigned to customer devices. In this situation it wouldn't be in line with RIPE's rules (as I say, I dunno about ARIN) to sub-assign it into /24s for separate customers.
|
|
#
?
Mar 12, 2012 19:42
|
|
|
Anjow posted:In this situation it wouldn't be in line with RIPE's rules (as I say, I dunno about ARIN) to sub-assign it into /24s for separate customers. We technically own the companies, but they will be renting compute from us. It's all space dollars and buckets, but the /24's would be physical locations not company specific and the hardware is all owned by the parent company, so there should be no issues there. Good information to know though.
|
|
#
?
Mar 12, 2012 19:47
|
|
|
It sounds fine then. I'm always told that ARIN are way more relaxed than RIPE anyway, I just don't know in exactly what ways.
|
|
#
?
Mar 12, 2012 20:04
|
|
|
Gonna do some training in the next six or so months. Global Knowledge provides the course. Some of my options include: IPv6 fundamentals NAC Plus ICOMM - Introduction to Cisco Voice and UC Administration QoS = Implementing Cisco Quality of Service CVoice - Implementing Cisco Unified Communications Voice over IP and QoS I'm curious on some of the higher level courses. I can't tell you the finer details on OSPF and EIGRP off the top of my head, but I'm very familiar with the concepts and what I don't know I can generally figure out or know where/how to look it up. In that regard, the routing class isn't my first choice. A coworker has recently done the routing course as well, and another has done firewall and BGP. So I'd also like to keep it diverse. What I've been doing lately is VOIP and QoS. Which is kind of how my role has been lately. Wouldn't hurt to get a finer idea as to I'm doing instead of constantly bugging you gents. What I'd like to know is what "Cisco Unified Communications Voice over IP and QoS" means. If it means what I think it means, like voice vlans, qos policies, queues, best hardware, etc and how different it is from the straight up QoS course. Specifically, though, what is "Unified Communications" and "UC Administration"? I certainly don't want to go into a course that just teaches me about Cisco's IP phones and whatever their Broadsoft competition is. I have no idea what NAC is other than it has something to do with authentication and applying browsing policies in an office environment. I just know one of the most intelligent Cisco guys I know spiels on and on about it and we were thinking of hiring him temp to do something with a NACs solution. EDIT Optical seems more like WAN/Transport. Zuhzuhzombie!! fucked around with this message at 20:44 on Mar 12, 2012 |
|
#
?
Mar 12, 2012 20:35
|
|
|
Anjow posted:It sounds fine then. I'm always told that ARIN are way more relaxed than RIPE anyway, I just don't know in exactly what ways. They are [way more relaxed than RIPE these days], but I figured I would at least suggest that they consider getting space from their ISPs first.. If you already have the 80% util. on the /22, combined with a bunch of contracts with multiple ISPs at different locations I think you should be able to get an allocation from ARIN relatively painlessly. RE sub-assigning blocks to customers, I think that depends on how much of a service provider you are being classified as. Sounds like it doesn't matter much either way with your company structure, but I don't think you'd have problems even if it did.
|
|
#
?
Mar 12, 2012 23:48
|
|
|
I took QoS last spring and while there was a definite Voice bend to it, since so much of what everyone does in QoS is with Voice, but there was an indepth look into the various queuing strategies for Cisco switches. Although, I wish that they had updated information about the 3750's or the 2960's. There was a definite 12.2 and 12.4 look to the class, not much on 15 or NXOS. It was a fun class, especially since I have a better understanding now of how the thresholds work between L2/L3.
|
|
#
?
Mar 13, 2012 14:16
|
|
|
Someone please tell me there's a bunch of Cisco stencils hiding somewhere that actually have magnets (connection point, don't know the exact term, used to omnigraffle). Because if there aren't, I'm going to hurt a puppy.Bluecobra posted:I wonder if they are eventually going to drop the PowerConnect line in favor of Force10. evil_bunnY fucked around with this message at 17:42 on Mar 13, 2012 |
|
#
?
Mar 13, 2012 17:39
|
|
|
evil_bunnY posted:Someone please tell me there's a bunch of Cisco stencils hiding somewhere that actually have magnets (connection point, don't know the exact term, used to omnigraffle). Because if there aren't, I'm going to hurt a puppy. Half the ones I've found do, half don't and those that do have fuckall for consistency of location (sometimes on each port, sometimes in the middle). Basically it sounds like you've got alot of puppy hurting to do.
|
|
#
?
Mar 13, 2012 17:44
|
|
|
Fatal posted:Half the ones I've found do, half don't and those that do have fuckall for consistency of location (sometimes on each port, sometimes in the middle). Basically it sounds like you've got alot of puppy hurting to do. Sorry for the rant. If you have magnetized-ports cisco stencils, please share 
|
|
#
?
Mar 13, 2012 18:22
|
|
|
I've given up on stencils long, long ago. Now I do everything by hand with the fundamental tools (line, arc, rectangle). Yeah it takes forever, but it looks very pretty when it's done.
|
|
#
?
Mar 13, 2012 20:40
|
|
|
I may not have thought this through adequately. If I've got an MPLS xconnect set up and the ends are like this: Device 1: encapsulation dot1q 100 xconnect 1.2.3.4 12345 encapsulation mpls Device 2: encapsulation dot1q 100 xconnect 4.3.2.1 12345 encapsulation mpls If I change device 1 to 'encapsulation dot1q 200' can it effectively change the 802.1q tag on the frames that are passed? Or will it just not work? I should clarify that I don't need to actually accomplish this, I'm just interested.
|
|
#
?
Mar 13, 2012 20:51
|
|
|
Yes that will work and the dot1q rewrite will occur bidirectionally.
|
|
#
?
Mar 13, 2012 21:08
|
|
|
jwh posted:Yeah it takes forever, but it looks very pretty when it's done. just don't have the time to set it up, and I'd go crazy when I want to move a NIC and none of the connections follow. E: now that I think about it, groups and primitive shapes with magnets would work great in omnigraffle. evil_bunnY fucked around with this message at 22:46 on Mar 13, 2012 |
|
#
?
Mar 13, 2012 22:44
|
|
|
evil_bunnY posted:Sorry for the rant. If you have magnetized-ports cisco stencils, please share Try the cisco ones! I know the 3750x and the 2960s have magnetized per port, although why you would want to use that is beyond me since the port density is going to make you go insane.
|
|
#
?
Mar 13, 2012 22:57
|
|
|
Fatal posted:Try the cisco ones! I know the 3750x and the 2960s have magnetized per port, although why you would want to use that is beyond me since the port density is going to make you go insane.
|
|
#
?
Mar 13, 2012 23:01
|
|
|
Zuhzuhzombie!! posted:What I'd like to know is what "Cisco Unified Communications Voice over IP and QoS" means. I'm assuming it is emulating Cisco's CVOICE exam & course: http://tools.cisco.com/GlobalLearningLocator/courseDetails.do?actionType=executeCourseDetail&courseID=5620 aquaticrabbit fucked around with this message at 03:39 on Mar 14, 2012 |
|
#
?
Mar 14, 2012 03:37
|
|
|
evil_bunnY posted:Look at the pricing and weep. Not going to happen anytime soon.
|
|
#
?
Mar 14, 2012 05:50
|
|
|
|
| # ? May 31, 2024 17:43 |
|
|
evil_bunnY posted:If I had known this yesterday my storage switches would be labelled "pretend this is a nexus" I can't understand why people want the actual device graphic. Just stick with simple Rectangles and circles for Routers/Switches.
|
|
#
?
Mar 14, 2012 08:01
|
|