|
QPZIL posted:Bundle-POS sure sums it up alright. We should just call it by the IEEE standard (802.3ad) - Aggregated Ethernet (like Juniper does).
|
# ? Feb 5, 2014 03:33 |
|
|
# ? May 30, 2024 20:38 |
Agreed.
|
|
# ? Feb 5, 2014 05:42 |
|
dont change my name posted:Can someone give me a detailed honest assessment of the Nexus line? We have 5010's, 7010's, 5596's and 2148's and what have you and I am simply not impressed with the Nexus. Vpc is a pretty rad feature as is fex. One of my customers manages 480 access ports from one pair of 5ks. I will say the 5010 is kind of lovely (it's an into product) but the 5500 series is decent for layer 2. What sorts of issues are you having? Could you describe your design a bit? Also for the person looking for an ios to nxos primer: http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_NX-OS/IOS_Comparison_Tech_Notes 1000101 fucked around with this message at 08:45 on Feb 5, 2014 |
# ? Feb 5, 2014 08:41 |
|
So I have to buy an HSEC license to get >85mbps bidirectional IPSEC on an ISR G2 now? That's a bit irritating.
|
# ? Feb 5, 2014 22:16 |
Welcome to Cisco.
|
|
# ? Feb 6, 2014 01:49 |
|
ruro posted:So I have to buy an HSEC license to get >85mbps bidirectional IPSEC on an ISR G2 now? That's a bit irritating. $100 for the base model, which should get at minimum 100mbps of IPsec throughput. The higher end model which I believe is priced around $350 has more than double the cpu, but don't know how that will impact offloaded IPsec. Either way, it's going to be cheaper than cisco.
|
# ? Feb 6, 2014 02:33 |
|
I hate /24's for user segments, or as it is now, citrix segments. Why do people insist on /24s? If you have lots of employeers, say in the thousands, especially with virtualized desktops, why not just make a /22, or even a /20 for all of the virtual desktops?
|
# ? Feb 6, 2014 18:30 |
|
I use /22s but I always wonder: how many nodes/subnet is too many?
|
# ? Feb 6, 2014 20:47 |
|
Powercrazy posted:I hate /24's for user segments, or as it is now, citrix segments. Why do people insist on /24s? /24s are the golden standard because it lets people ignore the first 3 octets and only have to understand the last octet. Once you start moving into /23 and above (or below, depending on how you look at it), you have to start thinking about multiple octets at once, and I would wager the majority of network admins have no idea how to do the binary/math work in their head.
|
# ? Feb 6, 2014 20:56 |
|
Wouldn't a /22 make for a really chatty wire? I guess you'd have to strictly control the broadcast domain.
|
# ? Feb 6, 2014 21:00 |
|
Martytoof posted:Wouldn't a /22 make for a really chatty wire? I guess you'd have to strictly control the broadcast domain. I don't know, I think a lot of the fear around bigger subnets is not as relevant today (with 1Gbps as the standard edge port and multi-gig between switches). I wouldn't want to do a /22 spanning a WAN, but for one LAN, I don't think the traffic would be that significant. Basically I think it comes down to network admins being able to go "10.10.10.x is workstation, 10.10.20.x is printers, etc" and having that be really easy. Which is a good point, since being able to remember the exact subnet of any site/service is pretty handy for most admins.
|
# ? Feb 6, 2014 21:14 |
|
Well for remote sites, /24s make sense. For a huge homogenous group of hosts having multiple /24s is pointless, wasteful, and confusing. And yea broadcast storms aren't really a concern anymore unless you are talking multiple GBs of broadcasts causeing link saturation issues, cpu use wise, it wouldn't even register. ate shit on live tv fucked around with this message at 21:39 on Feb 6, 2014 |
# ? Feb 6, 2014 21:34 |
|
We use /23's
|
# ? Feb 6, 2014 22:34 |
|
I agree the old "200 nodes per segment" isn't relevant anymore, but nobody I know would fill a /16 with workstations. /22 seems to be the defacto "big network" but I was just wondering if that was based in anything other than "we outgrow /24s too quickly."
|
# ? Feb 6, 2014 22:55 |
|
We use anywhere from /19 to /24 within the same subnet depending on what device you're looking at. I started this job in a mess.
|
# ? Feb 6, 2014 22:58 |
|
I'd probably use /24s or smaller for desktops/phones. I'm an advocate of using l3 links to my access switches though.
|
# ? Feb 6, 2014 23:09 |
|
I am in the process of re-organizing our network. Biggest segment will be a /23 for that sites phones, but there will most likely be only 210ish devices on there. Looking back, I could probably make that a /24...bort posted:/16 After I left my old job they needed to expand a scope and didn't really know what they were doing, so the two /23 scopes went into a giant /16....
|
# ? Feb 7, 2014 00:08 |
|
At each branch office, which usually has about 10 PCs, 5 Printers, and 10 phones (as a ballpark) we assign multiple /24 subnets, one for PCs and printers and one for phones. In addition, we assign /29 or /30 subnets for firewalling other devices off. For example, an ATM or outdoor digital sign will have it's own /30 with a firewall. This prevents someone who breaks into an outdoor cabinet from gaining access to the rest of our network. For servers we have traditionally assigned /24 subnets. We use /21 for our VDI and Citrix server subnets. Finally, we use /32 and /30 subnets for our VPN tunnels, which connect using GRE tunnels that use loopback IPs as their endpoints.
|
# ? Feb 7, 2014 00:24 |
|
A previous admin with not much networking experience settled on /19 for no apparent reason. For a 30 person office (ok, maybe 100 IP related devices total, MAYBE). When it came to setup a branch office, he used the next available /19. Fortunately he left so when the new admin came to setup the next branch, for 3 people, I asked him to use something more reasonable. So we have 172.16.32.0/19, .64/19 and .96/24 for our 3 offices. When 172.16.32.0/23, .2/24 and .3/24 would have been ample. It's not hurting anyone, it just hurts my head a little wondering why he'd think we'd ever need 8000+ hosts on a single network (for our size organisation), or even why that'd be a good idea in any event.
|
# ? Feb 7, 2014 04:21 |
|
He was planning for the internet of things.
|
# ? Feb 7, 2014 04:39 |
|
/23. First half is for static IPs and DHCP reservations, and additional pool capacity if push comes to shove. Doesn't stop our server guys from making their dynamic IP static and disrupting the next person to get issued that IP though.
|
# ? Feb 7, 2014 06:10 |
|
Look at you all with your fancy well-designed networks. I was still having to move from flat class A address space to CIDR prefixes on one network at my last job. I tried using VLSM on a smaller network I designed, but it kept confusing the helpdesk so I just went back to /24 for everything because gently caress it.
|
# ? Feb 7, 2014 08:37 |
|
All it takes is one good-sized acquisition and your well-designed network is a giant bus wreck.
|
# ? Feb 7, 2014 14:15 |
|
So I'm pretty loving excited. I got to do this for the first time on a nexus device today.code:
|
# ? Feb 7, 2014 21:35 |
|
I can't wait to do the same thing on a VIRL vm
|
# ? Feb 7, 2014 21:51 |
|
Martytoof posted:I can't wait to do the same thing I hope there's a way for me to use VIRL stuff without taking out a mortgage or something
|
# ? Feb 7, 2014 21:53 |
|
If the Personal edition isn't crippled all to hell then it should be pretty affordable. Assuming this dude isn't full of poo poo.
|
# ? Feb 7, 2014 21:58 |
|
Back to / chat, I've worked with customers with more than 10 /24s per site for data access (they didn't understand the concept of VLSM) and on the other end of the spectrum customers breaking down their network using a single /16 per site (ranging from 200-2000 users per site). With /16 they carved out different services using the 3rd octet & DHCP reservations, all on the same logical segment. Never underestimate the creativity of somebody with no concept of modern subnetting
Fatal fucked around with this message at 02:24 on Feb 8, 2014 |
# ? Feb 8, 2014 02:20 |
|
I've been places were each area had their own data and printer vlans. Mostly /24s. It seems useless at first but its handy knowing where something is via its ip address
|
# ? Feb 8, 2014 16:17 |
|
With Private addressing a lot of what we did was to keep it simple for the admins when working between the two large active/active datacenters. Site1 - 192.168.0.0/19 Site1 - OOB - 172.16/16 Site2 - 192.168.96.0/19 Site2 - OOB- 172.17/16 EDIT: I should note that the /19s are segmented into /24s mostly, the datacenters aren't one big /19. This allows systems to just increment their hostname scheme and IP address by 100 and easily tell what site it is. For OOB, the 3rd and 4th octet match their production. Site1 System1 - 192.168.7.10 System1 OOB - 172.16.7.10 Site2 System101 - 192.168.107.10 System101 OOB - 172.17.107.10 Admins can quickly identify where the system is located by either the hostname or IP. We don't run DHCP for various DoD reasons and we don't have wifi or BYOD on the network so everything is statically addressed and maintained in DNS / phpIPAM. Wasteful? Sure. Am I worried about it or a merger/acquisition? No one is buying the DoD anytime soon Does this simple layout allow my team to focus efforts on other things, rather than having to explain to admins subnetting and other networking subjects they are bound to screw up? Absolutely! H.R. Paperstacks fucked around with this message at 20:50 on Feb 8, 2014 |
# ? Feb 8, 2014 18:05 |
Congrats. You "get" it.
|
|
# ? Feb 8, 2014 19:16 |
|
Martytoof posted:If the Personal edition isn't crippled all to hell then it should be pretty affordable. Assuming this dude isn't full of poo poo.
|
# ? Feb 9, 2014 05:33 |
|
This isn't really Cisco-specific but I do have a networking question. My company is moving offices and I'm wiring it up for the first time but I don't really know what I'm doing. I need at least 4 ports of 802.3t PoE for the 4 ubiquiti 802.11ac access points plus a shitload more normal PoE ports for phones. I think I'm getting a Netgear GS728TP-100NAS switch, plus a bigass CyberPower OL1500RTXL2U UPS (power is poo poo here and this will power a couple mac mini servers, router, modem, etc) Plus a Tripp-Lite floor-standing rack and a patch panel. Does that sound OK? What do you do for all the super short cables you need to hook everything up? Seems overkill to make all those cables by hand? Edit: Derp, looks like you can buy a pack of 1ft patch cables. Marvel fucked around with this message at 09:14 on Feb 10, 2014 |
# ? Feb 10, 2014 09:05 |
|
Marvel posted:This isn't really Cisco-specific but I do have a networking question. Seems like a decent setup. Are you doing the cabling for the drops too, or is a cabling contractor taking care of that? Marvel posted:What do you do for all the super short cables you need to hook everything up? Seems overkill to make all those cables by hand? Buy all your cables from Monoprice.
|
# ? Feb 10, 2014 16:38 |
|
SamDabbers posted:Seems like a decent setup. Are you doing the cabling for the drops too, or is a cabling contractor taking care of that? My friend and I already muddled through the cabling this weekend. It only cost me 4 hours and a pizza so if I screwed something up I can redo it. I'm thinking of using a little PC Engines WRAP board running pfSense for the router (already on-hand). My upstream connection is pretty terrible so it won't be pushing too many packets. It apparently can do the QoS for the phones.
|
# ? Feb 10, 2014 17:05 |
|
Marvel posted:My friend and I already muddled through the cabling this weekend. It only cost me 4 hours and a pizza so if I screwed something up I can redo it. I'm thinking of using a little PC Engines WRAP board running pfSense for the router (already on-hand). My upstream connection is pretty terrible so it won't be pushing too many packets. It apparently can do the QoS for the phones. Unless your office is stuck on <10Mbit DSL, that WRAP board is likely not powerful enough. You're already using UniFi APs, and an EdgeRouter Lite will blow the WRAP board out of the water for about $100.
|
# ? Feb 10, 2014 17:29 |
|
SamDabbers posted:Unless your office is stuck on <10Mbit DSL, that WRAP board is likely not powerful enough. You're already using UniFi APs, and an EdgeRouter Lite will blow the WRAP board out of the water for about $100. Awesome, that looks like a good deal. I'll get one of those.
|
# ? Feb 10, 2014 18:49 |
|
Fatal posted:Back to / chat, I've worked with customers with more than 10 /24s per site for data access (they didn't understand the concept of VLSM) and on the other end of the spectrum customers breaking down their network using a single /16 per site (ranging from 200-2000 users per site). With /16 they carved out different services using the 3rd octet & DHCP reservations, all on the same logical segment. Never underestimate the creativity of somebody with no concept of modern subnetting Literally related to CIDR notation, we had a client once tell us that printers had to be assigned IPs between 192.168.1.2 and 1.24. When pressed on this, we found out the people on the phone with us were looking at a note that said 192.168.0/24
|
# ? Feb 10, 2014 19:35 |
|
Started to run out of DHCP leases on our wireless again, this is with 20 /22 networks being given out. Anyone have any pro/cons of either just adding more /22s or consolidating into /21 or /20s? The only benefit I can really think of is neatness of config. This is 6x WiSM2s and ~2k APs fwiw.
|
# ? Feb 11, 2014 02:23 |
|
|
# ? May 30, 2024 20:38 |
|
Ran into a wierd thing on a Cisco 6500. I have some Etherchannels and one of them looks something like this on the sh etherchannel summary screen 115 Po115(SD) LACP 115 Po115A(SU) LACP Te5/4(P) Te5/5(P) Te6/4(P) Te6/5(P) Po115 is down Po115A is up Where did that interface come from?
|
# ? Feb 11, 2014 18:14 |