|
ruro posted:TCAM/CAM utilisation may be an issue for service providers, but I'd be surprised if that was an issue for anybody else. Shouldn't be, since by design IPv6 addressing and allocation is constructed entirely around the idea of using summary addresses for everything. If nothing else, it should reduce the size of routing tables.
|
#
?
Aug 19, 2013 23:09
|
|
|
|
| # ? May 29, 2024 18:53 |
|
|
ruro posted:Either you have a great memory for numbers or I have a terrible one. I can generally remember down to region and perhaps site if it's an important one It probably helps that a large number of my customers are on one of three ISPs, so in general simply remembering which of those they're on tells me the first two octets. Beyond that I guess its just using it regularly. I have to think about my own phone number, but I can log in to a router in a Lockheed building in Akron off the top of my head. quote:The internal draft IPv6 addressing standard they have where I work at the moment is easier for me to remember than the IPv4 standard as there are sufficient 'fields' to use for pertinent information, e.g.: <routing prefix>:site/cust id:building:level:level-net:host or <routing prefix>:dc num:cust id:cust-net:device-type:host. That's not a bad idea, if you have appropriate standardization as it sounds like you do. This is certainly what's nice about IPv6 giving us a lot of space to do arbitrary things with numbers. psydude posted:Shouldn't be, since by design IPv6 addressing and allocation is constructed entirely around the idea of using summary addresses for everything. If nothing else, it should reduce the size of routing tables. I had heard routing table size and CAM space discussed so regularly by those complaining about going to IPv6 that I just took it as fact, since it seemed to make sense. My best routers run FreeBSD on Celerons, so I've never had to deal directly with anything CAM-equipped.
|
|
#
?
Aug 19, 2013 23:29
|
|
|
psydude posted:Are any of you running MetroE through AT&T in the DC area? I'm trying to get a general idea of pricing, but their website is very coy and I'm not allowed to talk to sales because I'm a contractor.
|
|
#
?
Aug 20, 2013 01:16
|
|
|
Apparently the Nexus 5K doesn't support LDAP authentication (except via RADIUS) while the Nexus 7K does. I guess it will be the only device on the network still using RADIUS. 
|
|
#
?
Aug 20, 2013 01:20
|
|
|
TCAM space is totally an issue even at large datacenters on IPv4. But going to 128 bits is the least of the problems with IPv6, it's the extension header system that is the biggest problem.
|
|
#
?
Aug 20, 2013 03:11
|
|
|
Ninja Rope posted:TCAM space is totally an issue even at large datacenters on IPv4. RFC6980 makes (in essence) a recommendation that extension headers should not be present on ND traffic (or at the least, not the fragment header). Other than the security issue they pose on the local LAN I'm not aware of any reason to ban them outright? Not like we're going to make forwarding decisions on extension headers.
|
|
#
?
Aug 20, 2013 03:46
|
|
|
Unless you're maintaining state based on some arbitrary bit offset in the extension header in which case the implications are far reaching.
|
|
#
?
Aug 20, 2013 04:41
|
|
|
ragzilla posted:RFC6980 makes (in essence) a recommendation that extension headers should not be present on ND traffic (or at the least, not the fragment header). Other than the security issue they pose on the local LAN I'm not aware of any reason to ban them outright? Not like we're going to make forwarding decisions on extension headers. Maybe not on the headers themselves, but network devices that don't properly process the headers can't find the layer 4 header, should you wish to take action on that (such as drop traffic destined to a specific port). Last I spoke with the vendors, there isn't a hardware-based forwarding solution from Cisco or Juniper that will properly process extension headers.
|
|
#
?
Aug 20, 2013 05:14
|
|
|
Ninja Rope posted:Maybe not on the headers themselves, but network devices that don't properly process the headers can't find the layer 4 header, should you wish to take action on that (such as drop traffic destined to a specific port). Last I spoke with the vendors, there isn't a hardware-based forwarding solution from Cisco or Juniper that will properly process extension headers. Not at wire rate no. It's the same problem we have with option headers in IPv4, you punt to the slow path if you can because the hardware can't deal with variable length headers. In practice, I imagine extension headers in v6 will face the same problem as option headers in v4. They'll be useful inside an AS for their local policy (eg proposed mobile v6 uses) but inter-AS will be limited due to hardware only platforms which will drop the packet, or networks who decide the perceived security headaches aren't worth it.
|
|
#
?
Aug 20, 2013 11:43
|
|
|
Is there a cost effective (like, not hundreds and hundreds of bucks) way to add gigabit Ethernet to this 1841 I have here? My googling seems to suggest no, but I just want to make sure before I give up on the idea entirely.
|
|
#
?
Aug 21, 2013 15:26
|
|
|
moron posted:Is there a cost effective (like, not hundreds and hundreds of bucks) way to add gigabit Ethernet to this 1841 I have here? My googling seems to suggest no, but I just want to make sure before I give up on the idea entirely. 1841, if yours is modular and not a fixed chassis, uses HWIC, and to get 1GB you'd need: HWIC-1GE-SFP Ebay seems to suggest there are not any < $100+ options.
|
|
#
?
Aug 21, 2013 15:59
|
|
|
moron posted:Is there a cost effective (like, not hundreds and hundreds of bucks) way to add gigabit Ethernet to this 1841 I have here? My googling seems to suggest no, but I just want to make sure before I give up on the idea entirely. If you don't mind 2u, get a used c3825 for <$200.
|
|
#
?
Aug 21, 2013 16:14
|
|
|
routenull0 posted:1841, if yours is modular and not a fixed chassis, uses HWIC, and to get 1GB you'd need: HWIC-1GE-SFP Even if you added a 1gbit hwic to an 1841, the router itself is only rated for 40mbit/sec (75kpps). The 3825 can push 350kpps, which is a healthy 180mbit/sec
|
|
#
?
Aug 21, 2013 16:30
|
|
|
CrazyLittle posted:Even if you added a 1gbit hwic to an 1841, the router itself is only rated for 40mbit/sec (75kpps). The 3825 can push 350kpps, which is a healthy 180mbit/sec Ah poo poo. Well that's too bad. I just have the 1841 lying around from CCNA studying and thought i might set it up instead of the piece-of-poo poo router I have hooked into my DSL modem. I was kinda looking for something with decent gigabit performance though, so never mind. I'm pretty sure the answer is 'no', but are there any Cisco routers offering gigabit and decent performance, but in a more 'home friendly' package than the 3825? Basically i'm thinking small(er), quiet(er), runs IOS and preferably EOL a few years ago so i can get it off eBay for like £200 or less. Kinda like a better 1721, or something. I know this probably doesn't exist, but I'd like to be sure before giving up and buying something from a different vendor.
|
|
#
?
Aug 21, 2013 20:42
|
|
|
Does not exist.
|
|
#
?
Aug 21, 2013 20:46
|
|
|
jwh posted:Does not exist. Figured as much. I guess I'll just wait ten years and then buy a 819 off eBay for peanuts.
|
|
#
?
Aug 21, 2013 21:03
|
|
|
moron posted:... hooked into my DSL modem. I was kinda looking for something with decent gigabit performance though ... Do you really need a GigE interface for a DSL connection? That 1841 you have should rock anything through ADSL2+ speeds, and FastE would not be a bottleneck.
|
|
#
?
Aug 21, 2013 21:22
|
|
|
Yeah I don't understand why you feel the need to get gigabit on your edge router if the WAN connection is under 100Mbps.
|
|
#
?
Aug 21, 2013 21:59
|
|
|
Gap In The Tooth posted:Yeah I don't understand why you feel the need to get gigabit on your edge router if the WAN connection is under 100Mbps. Because Linksys and D-Link told him he needs it. jwh posted:Does not exist. A C7206VXR NPE-G1 would work...
|
|
#
?
Aug 21, 2013 22:10
|
|
|
SamDabbers posted:Do you really need a GigE interface for a DSL connection? That 1841 you have should rock anything through ADSL2+ speeds, and FastE would not be a bottleneck. The answer is you definitely do not need GigE for anything DSL in the real world. VDSL2 technically supports 250mbit/sec down at very short distances, but at even half-kilometer range is only rated for 100mbit/sec. I can't find anyone commercially offering service claiming more than that on a single pair. There's only so much you can ask of voice-grade copper. A warning about home use of an 1841 though, a lot of home devices expect UPnP to be available for getting through NAT. Xbox Live is one of those things. Without properly functioning UPnP you have about a 50/50 shot of online play working at all, and if you have roommates/family also trying to use their own at the same time its an absolute guarantee that someone will be disappointed. I used an 1841 for about a year and immediately swapped it out for OpenWRT (later pfSense) when I got back in to gaming.
|
|
#
?
Aug 21, 2013 22:18
|
|
|
wolrah posted:The answer is you definitely do not need GigE for anything DSL in the real world. I think a lot of the push for "gig on router" at the SOHO level comes from marketting gibberish by D-Link, where all they've done is slap a gigabit switch-on-chip onto the side of their "gamer router" broadcom router. Of course you can accomplish the exact same thing by plugging in any off-the-shelf gigabit switch into one of the Fast Ethernet ports of the 1841, but that's not as glamorous. That's also where my annoyance at routing-on-switches comes from. You can have a decent switch paired with a decent router for less money, or you can try to combine the two in one and end up with compromises.
|
|
#
?
Aug 21, 2013 22:28
|
|
|
CrazyLittle posted:You can have a decent switch paired with a decent router for less money, or you can try to combine the two in one and end up with compromises. Annoyingly this isn't entirely true. For average home users it is of course, but for the slightly geekier user the (which I assume is most posting in this thread) switch-in-router tends to be better on any platform where open alternative firmwares are available. Those switch-on-a-chips tend to have a variety of basic management features which aren't exposed in the official software. They of course exist the same in the standalone home switches, but without any interface (see http://spritesmods.com/?art=rtl8366sb for someone actually doing something about that). It's a minor point, but to those who care its very nice. There is no cheaper managed switch than a hacked home router, especially if you happen to need one in a hurry making retail availability a factor. That said I do a best of both worlds with a standalone pfSense attached to hacked routers operating solely as switches.
|
|
#
?
Aug 21, 2013 22:56
|
|
|
Gap In The Tooth posted:Yeah I don't understand why you feel the need to get gigabit on your edge router if the WAN connection is under 100Mbps. Sorry, perhaps I should have explained better - I wasn't going to hook my lovely DSL connection into the gigabit port (I mentioned that purely to illustrate that I'll be using it in my primary home network rather than in an isolated test lab). I was planning on trunking multiple vlans into it, and didn't want to be constrained by a 100mbit port, as the rest of my switches are 2960Gs.
|
|
#
?
Aug 21, 2013 23:00
|
|
|
I'm thinking of using a SRX210 with the DOCSIS 3 module as a modem at home. Good idea or bad idea?
|
|
#
?
Aug 22, 2013 03:06
|
|
|
good idea just use the Junos CLI and not J-web. J-web sucks and it's pretty embarrasing Juniper after ALL THESE YEARS of having SRX you have lovely J-Web when Cisco has ASDM and Palo-Alto has PAN-OS.
|
|
#
?
Aug 22, 2013 03:26
|
|
|
Uhh who would use J Web in any serious fashion? We disable it on all our switches and routers as well.
|
|
#
?
Aug 22, 2013 03:28
|
|
|
That's what im saying.
|
|
#
?
Aug 22, 2013 03:37
|
|
|
Has anyone had a look at the 6800ia switches? They look like they'd be a nice replacement for our 4948e top of rack switches as they can be stacked and act like a nexus 2k when connected to a 6800 or a 6500 with sup 2t if I'm understanding the product page correctly. Alas we can't afford to replace our 6500s with Nexus  .
|
|
#
?
Aug 22, 2013 09:50
|
|
|
Flash z0rdon posted:That's what im saying. I think doomisland was trying to fan the flames of the gui vs cli holywar, which was won many years ago by the minions of the all mighty cli. ALL HAIL #
|
|
#
?
Aug 22, 2013 13:44
|
|
|
ScreenOS may be the only exception to the cli > webui rule.
|
|
#
?
Aug 22, 2013 14:43
|
|
|
F5 and Palo Alto come to mind, too.
|
|
#
?
Aug 22, 2013 14:59
|
|
|
Stonesoft and Sonicwall.
|
|
#
?
Aug 22, 2013 15:01
|
|
|
falz posted:ScreenOS may be the only exception to the cli > webui rule. Cisco WLC.
|
|
#
?
Aug 22, 2013 15:37
|
|
|
ruro posted:Has anyone had a look at the 6800ia switches? They look like they'd be a nice replacement for our 4948e top of rack switches as they can be stacked and act like a nexus 2k when connected to a 6800 or a 6500 with sup 2t if I'm understanding the product page correctly. Alas we can't afford to replace our 6500s with Nexus If most of your traffic is north/south it would be a side-grade I suppose. The current release units have few 10G ports and act like a 2k FEX in that they send all data up to the parent switch. You would also need a WS-6509 card along with the 2T sup to support it.
|
|
#
?
Aug 22, 2013 16:55
|
|
|
bort posted:F5 and Palo Alto come to mind, too. Palo Alto's web UI is insanely powerful. Not to say I don't drop to CLI on a regular basis for advanced stuff, but the capability to name/search/sort objects/traffic is really, really good in the Palo web gui.
|
|
#
?
Aug 22, 2013 17:05
|
|
|
For policy work there's really no choice with Palo Alto, since all the configuration files are XML, and god knows how those things are organized. They're huge. Also, god forbid you get one of them corrupted (I speak from experience).
|
|
#
?
Aug 22, 2013 18:39
|
|
|
So, IPv6... I understand that it's basically code:Local addresses just have FDXX as the prefix (/16), so would it be feasible to use FD00:1::/32, FD00:2::/32, etc. as my subnets? Or should I be fully-qualifying them as /64 prefixes e.g. FDAA:AAAA:AAAA:1::/64? Or can I prefix down even smaller, since I can't imagine having 0xFFFFFFFFFFFFFFFF hosts in one subnet? So: FD00::1:/112, FD00::2:/112, and so on? I guess IPv6's focus is supposed to be more on global addressing, and not working as a solution for smaller, private addressing, but it's just something I'm curious about. Since I work in a large organization, I work a lot with 10.x.x.x and 192.168.x.x networks, so that's the last piece of the puzzle for me to wrap my brain around with regards to v6 
|
|
#
?
Aug 22, 2013 21:53
|
|
|
/\ /\ there are RFC4193 addresses which begin with fc00::/7 as well as the link local addresses you're discussing. I think RFC4193 addresses will be able to be routed if you and a peer agree on it, but will probably be filtered at the border by ISPs. ior posted:Cisco WLC. Pet peeve: code:config ap syslog host global <ip> Who decided to have APs log to broadcast? bort fucked around with this message at 22:09 on Aug 22, 2013 |
|
#
?
Aug 22, 2013 21:59
|
|
|
QPZIL posted:So, IPv6... fc00::/7
|
|
#
?
Aug 22, 2013 22:05
|
|
|
|
| # ? May 29, 2024 18:53 |
|
|
You can also have multiple IPv6 addresses per interface, so yeah.
|
|
#
?
Aug 22, 2013 22:52
|
|