|
NANOG60 in Atlanta has blown up as far as attendance. When I registered mid-January there was only 180 attendees, now there is 447. Agenda looks pretty good if anyone is still on the fence: https://www.nanog.org/meetings/nanog60/agenda I'm most looking forward to the Beer-n-Gear
|
# ? Jan 28, 2014 14:24 |
|
|
# ? May 31, 2024 19:40 |
|
It's not Cisco-related, but there's no general "enterprise networking" thread. Juniper Firefly launched today, which is pretty awesome-sounding. I'd love to try it out if I had a support account. It's being advertised as a "cloud services security" solution, but it's basically an SRX-series in a VM. It's about time Juniper released an officially-supported virtual router.
|
# ? Jan 28, 2014 20:42 |
|
QPZIL posted:It's not Cisco-related, but there's no general "enterprise networking" thread. I've been using Firefly for about a year know (when it was just vSRX). It's awesome for a home lab environment. I suggest turning them into Packet Mode routers (no security stuff) for practicing routing protocols, etc. Also, in VMWare, I suggest limiting their CPU aggressively (maybe to a few hundred MHz) to let you stack a lot of them on one box (they don't need all that CPU). It looks like the new download is a few code revs newer (still 12.1), much more chatty at the console during boot (gives info on every loaded module and driver info instead of being completely quiet), and has no license associated with it (so it shouldn't expire!).
|
# ? Jan 28, 2014 21:13 |
|
But apparently I can't download it because I don't have a service contract
|
# ? Jan 28, 2014 21:23 |
|
QPZIL posted:It's about time Juniper released an officially-supported virtual router. Cisco released an officially supported virtual router? QPZIL posted:But apparently I can't download it because I don't have a service contract That is available without a service contract?
|
# ? Jan 29, 2014 00:47 |
|
I won't post any here but the email I got from our Juniper partner rep said: "And we invite you and your customers to download the software for test drives" so I can't imagine you'd have a hard time talking to your Juniper rep to get a d/l.
|
# ? Jan 29, 2014 00:57 |
|
You could sign up for an "eval account" if you'd rather not talk to your rep for some reason. The link is on the right of this page: http://www.juniper.net/support/downloads/?p=junosvfirefly-eval#sw
|
# ? Jan 29, 2014 01:04 |
|
SamDabbers posted:You could sign up for an "eval account" if you'd rather not talk to your rep for some reason. The link is on the right of this page: I like the cut of your jib. Grabbing to play
|
# ? Jan 29, 2014 01:20 |
|
H.R. Paperstacks posted:NANOG60 in Atlanta has blown up as far as attendance. When I registered mid-January there was only 180 attendees, now there is 447. Last minute NANOG attendee registrations is pretty typical. Most people reserve the hotel and then go "oh gently caress i need to register" the week before they leave. Sad to miss Atlanta but I look forward to Seattle though~
|
# ? Jan 29, 2014 01:40 |
|
H.R. Paperstacks posted:Cisco released an officially supported virtual router? Well, I mispoke. I should have said switch - the Nexus gear can be virtualized. SamDabbers posted:You could sign up for an "eval account" if you'd rather not talk to your rep for some reason. The link is on the right of this page: Thanks!
|
# ? Jan 29, 2014 01:40 |
|
H.R. Paperstacks posted:Cisco released an officially supported virtual router? I think there are VMs for the ASR1001 router and some Nexus switch.
|
# ? Jan 29, 2014 02:05 |
|
The NX-OS virtual machine called "Titanium" is what I was thinking of.
|
# ? Jan 29, 2014 02:36 |
|
inignot posted:I think there are VMs for the ASR1001 router and some Nexus switch. CSR1000V (cloud services router). IOS-XE VM. Licensed based on throughput.
|
# ? Jan 29, 2014 02:47 |
|
SamDabbers posted:You could sign up for an "eval account" if you'd rather not talk to your rep for some reason. The link is on the right of this page: Thanks!
|
# ? Jan 29, 2014 04:47 |
|
ragzilla posted:CSR1000V (cloud services router). IOS-XE VM. Licensed based on throughput. Huh... Cisco sells VM routers? Nice to know!
|
# ? Jan 30, 2014 12:58 |
|
So we recently replaced an old Juniper SSG with an ASA 5515-X. I've got everything working like it used to except one item. I have two internal web servers that need to be externally and internally accessible on external IPs. Since that's two of the same task, I'll just talk about one. WAN1: 10.1.1.15/32 WAN2: 10.2.2.77/29 Inside: 10.3.3.1/24 web server: 10.3.3.10 config: code:
Cisco support has been very slow and seemingly unknowledgeable. Originally the tech told me I couldn't do this at all on an outside IP that isn't on WAN1, until I sent him the Cisco doc showing exactly what I'm trying to do. Most recently he recommended this: code:
Any idea how to accomplish this?
|
# ? Jan 30, 2014 15:20 |
|
Is there a decent "NX-OS for IOS admins" reference guide somewhere? Not in terms of basics, I'm figuring this stuff out bit by bit just slamming "?" and honestly a lot of it is similar enough, but I'd love something to read.
some kinda jackal fucked around with this message at 15:31 on Jan 30, 2014 |
# ? Jan 30, 2014 15:29 |
|
Erwin posted:Any idea how to accomplish this? Heading off to work, so I didn't scrutinize the Cisco-provided NAT statement. What you are describing can be accomplished by hairpin NAT and an inside<>inside NAT statement (assuming the server and hosts both reside on the inside interface). By default, the firewall blocks traffic returned through to the interface it received traffic on, so you need to enable "same-security-traffic permit intra-interface" in addition to the NAT statement.
|
# ? Jan 30, 2014 17:01 |
|
Martytoof posted:Is there a decent "NX-OS for IOS admins" reference guide somewhere? Not in terms of basics, I'm figuring this stuff out bit by bit just slamming "?" and honestly a lot of it is similar enough, but I'd love something to read. http://petespacket.com/2012/11/15/cisco-nx-osios-configuration-fundamentals-comparison/ Erwin posted:So we recently replaced an old Juniper SSG with an ASA 5515-X. I've got everything working like it used to except one item. I have two internal web servers that need to be externally and internally accessible on external IPs. Since that's two of the same task, I'll just talk about one. Try changing your nat statement to this: nat (inside,WAN2) static 10.2.2.79 dns I haven't tested it but I believe that is the same as the old DNS alias command Sepist fucked around with this message at 17:11 on Jan 30, 2014 |
# ? Jan 30, 2014 17:06 |
|
Erwin posted:So we recently replaced an old Juniper SSG with an ASA 5515-X. I've got everything working like it used to except one item. I have two internal web servers that need to be externally and internally accessible on external IPs. Since that's two of the same task, I'll just talk about one. You need two commands for hairpin/u-turn NAT: First, to allow the traffic to leave on the same interface it arrived on (required regardless of NAT): same-security-traffic permit intra-interface Another to NAT: nat (inside,inside) source dynamic any interface destination static 10.2.2.79 10.3.3.10 madsushi fucked around with this message at 19:02 on Jan 30, 2014 |
# ? Jan 30, 2014 18:58 |
|
Yup, his suggestions didn't work because intra-interface != inter-interface (my fault when I typed it). It's working now. Thanks for the suggestions.
|
# ? Jan 30, 2014 19:47 |
Can someone give me a detailed honest assessment of the Nexus line? We have 5010's, 7010's, 5596's and 2148's and what have you and I am simply not impressed with the Nexus. What am I missing about the Nexus that I should reconsider? Edit: also we've been considering moving off of 12.2 SP train to 15.1 on 6500's Anyone else move to 15.1? How is it? z0rlandi viSSer fucked around with this message at 02:02 on Jan 31, 2014 |
|
# ? Jan 31, 2014 01:53 |
|
dont change my name posted:I am simply not impressed with the Nexus. It's a good switch, I like vPC and it has a price that is reasonably low. fake edit: I checked amazon and you can get 32 ports for under $10k. http://www.amazon.com/Cisco-Nexus-5548P-UP-Chassis/dp/B004YWLDVU
|
# ? Jan 31, 2014 02:35 |
I guess I just really hate the feature licensing nickle and diming that Cisco does on the nexus. The coolest thing the nexus line has (along with ASR1000) is OTV. I just am not feeling NX-OS. Maybe we have a poo poo install with Cisco engineers who don't know how to do things right. I dunno.
|
|
# ? Jan 31, 2014 02:51 |
|
dont change my name posted:I guess I just really hate the feature licensing nickle and diming that Cisco does on the nexus. dont change my name posted:The coolest thing the nexus line has (along with ASR1000) is OTV. I just am not feeling NX-OS. Maybe we have a poo poo install with Cisco engineers who don't know how to do things right. I dunno. My vote for coolest feature is FabricPath/TRILL. I want MRPVSTP++ in the data center to die a slow and agonizing death.
|
# ? Jan 31, 2014 04:17 |
|
dont change my name posted:Edit: also we've been considering moving off of 12.2 SP train to 15.1 on 6500's
|
# ? Feb 1, 2014 00:22 |
|
Anyone know what the skinny is on VIRL? Is this going to be an open product that joe shmoe off the street can give Cisco money for, or is it going to require strict licensing or what? Because from the little I know about it, it's got me salivating. A lot. Getting to play with IOS-XR is so exciting to me for some reason
|
# ? Feb 2, 2014 17:58 |
|
Cenodoxus posted:My vote for coolest feature is FabricPath/TRILL. Is that what Cisco will call its own version of TRILL? The first time I heard Cisco's name for port aggregation I thought it was meant as a joke.
|
# ? Feb 2, 2014 19:00 |
|
Existenzangst posted:The first time I heard Cisco's name for port aggregation I thought it was meant as a joke. Are you talking about PortChannel? Also, here's a dumb question - if I get a terminal server that has all RJ45 ports on the back, can I connect to my Cisco console ports via standard Ethernet? Or do I need a rolled cable? I feel dumb for asking, I should know this. I've just never been in the situation before.
|
# ? Feb 4, 2014 18:05 |
|
QPZIL posted:Are you talking about PortChannel? Depends how it's pinned out- if it's pinned out as Cisco you'll need rollovers.
|
# ? Feb 4, 2014 18:17 |
|
ragzilla posted:Depends how it's pinned out- if it's pinned out as Cisco you'll need rollovers. Ah, I did some Googling and figured it out. I have a Cyclades TS3000 48-port (!!!) Terminal Server on the way to me, and looks like I'll just be crimpin' up some cables when it gets here. Easy enough from the looks of it: code:
|
# ? Feb 4, 2014 19:35 |
|
QPZIL posted:Are you talking about PortChannel? For any of you who have worked in IOS-XR, it is now called a Bundle-Ethernet, oh, and you can't use shorthand when trying to go to the interface in config mode code:
|
# ? Feb 4, 2014 20:12 |
|
Wow, that's pretty... bad. It'd be nice to at least be able to type "int bund2" or something, I can't imagine "bund" would be that ambiguous.
|
# ? Feb 4, 2014 20:21 |
|
I wish!code:
|
# ? Feb 4, 2014 20:41 |
|
Bundle-POS sure sums it up alright.
|
# ? Feb 4, 2014 21:09 |
|
Is there a golden standard for patch panels and racks that you guys shoot for? We're gonna be grabbing a couple racks and need to get a bunch of patch panels eventually.
|
# ? Feb 4, 2014 21:41 |
|
sudo rm -rf posted:Is there a golden standard for patch panels and racks that you guys shoot for? We're gonna be grabbing a couple racks and need to get a bunch of patch panels eventually. Are you looking for a brand or a way of putting the rack together? E: Whatever fits your budget. Our data centre and secondary cores use APC racks, Tyco for copper and fibre. Our distribution closets are mixed Tyco or Belden, depending upon the nature of the project at the time. Offices with a lot of drops (24 to 48) have their own Hubbell cabinets with a fibre feed. Yeast Confection fucked around with this message at 22:10 on Feb 4, 2014 |
# ? Feb 4, 2014 21:47 |
|
We used chatsworth for relay, and now are into some sort of wrightline cabinets. The vendors seem to have new datacenter gimmicks every week regarding angled patch panels, sliding patch panels, wire management, etc. We usually run Panduit for everything, but Siemen is out there too, whatever suits the installation.
|
# ? Feb 4, 2014 21:52 |
|
QPZIL posted:Ah, I did some Googling and figured it out. I have a Cyclades TS3000 48-port (!!!) Terminal Server on the way to me, and looks like I'll just be crimpin' up some cables when it gets here. For super simple/fast crimping, get a spoil of Ribbon Cable. It's flat and you don't even have to strip anything, just crimp right through the jacket.
|
# ? Feb 4, 2014 22:07 |
|
|
# ? May 31, 2024 19:40 |
|
Ashley Madison posted:Are you looking for a brand or a way of putting the rack together? I guess brands. We just got in two 5548s we're going to use as a collapsed core with 2k fabric extenders in an EoR position. Right now we don't have any patch panels and literally run our copper from switch to server for each instance. As you can imagine it's a bit of a mess and I'm trying to do everything that I can to make the lab/data center as standardized and efficient as possible.
|
# ? Feb 4, 2014 23:00 |