|
Ok that went as I expected... if say an F5 is not an option what else would you recommend?
|
# ? Mar 25, 2014 01:56 |
|
|
# ? May 28, 2024 04:06 |
|
nzspambot posted:Ok that went as I expected... if say an F5 is not an option what else would you recommend? Throw a tantrum until you get enough money for F5. Citrix Netscaler is another possibility, but I have no experience with them.
|
# ? Mar 25, 2014 02:02 |
|
ruro posted:Throw a tantrum until you get enough money for F5. Citrix Netscaler is another possibility, but I have no experience with them. Very good; how does Barracuda sit with people these days?
|
# ? Mar 25, 2014 02:06 |
|
I use A10s at work if you have any questions. Though those are just for HTTP/S traffic and some email stuff.
|
# ? Mar 25, 2014 02:08 |
|
At a past job we ran some old-rear end EOL load balancers from Coyote Point. They were... adequate. Kind of a poo poo UI but I will say they were rock-solid. Years of uptime with no issues.
|
# ? Mar 25, 2014 02:21 |
|
nzspambot posted:Very good; how does Barracuda sit with people these days? They make anti-spam appliances with a lot of wrong-headed design decisions that result in tons false-positives... and you want them to load balance for you?
|
# ? Mar 25, 2014 03:32 |
|
If you want to load balance on the cheap consider HA proxy with keepalived.
|
# ? Mar 25, 2014 04:31 |
|
Oh yeah, A10 has a VM appliance ( I think F5 does too ) called SoftAX which you can use for "cheap" if you don't need FPGA's and hardware SSL and poo poo. You should be able to download a 30 day trial from their site. e: It's call vThunder now: http://www.a10networks.com/vThunder_trial/ doomisland fucked around with this message at 04:39 on Mar 25, 2014 |
# ? Mar 25, 2014 04:35 |
|
1000101 posted:If you want to load balance on the cheap consider HA proxy with keepalived. Yep that was on my radar 12 months ago; already did a POC with 1.5 and SSL /verynice Thanks for the feedback as well
|
# ? Mar 25, 2014 05:49 |
|
I use A10s and they're pretty good. Would've rather had a NetScaler or an F5, but the A10s were cheaper and they work. e: if you want REALLY cheap then I've also used Kemps and well they're a pain but they work.
|
# ? Mar 25, 2014 08:36 |
|
We have 10 Netscaler MPX-10500's, 8 F5 8900's, and 4 F5 3900's and the guys that control the Netscaler's want to throw them in the ocean every time they log into an F5. The ease of use / configuration on the F5's is amazing compared to the clunky java app the Netscaler uses. We will be migrating off the Netscaler environments to the F5's the first chance we get.
|
# ? Mar 25, 2014 13:58 |
|
If someone suggests Cisco ACE stab them. Riverbed Stingray is also worth considering, especially if your environment already has some of their Cascade stuff implemented which you can integrate into. But otherwise F5 is a solid choice.
|
# ? Mar 25, 2014 15:33 |
|
chestnut santabag posted:If someone suggests Cisco ACE stab them. In other news I've finally had enough of government and am going back to ISP land, yay.
|
# ? Mar 26, 2014 01:53 |
|
nzspambot posted:I guess this is a good place for this: I'm pretty sure F5 are the standard for load balancers in the same way that Cisco was the standard for routers back in the day. go with F5. ruro posted:In other news I've finally had enough of government and am going back to ISP land, yay. Take me with you, ISP land is where I want to go.
|
# ? Mar 26, 2014 16:57 |
|
One of our Nexus 5ks restarted over the weekend. Any ideas what this means?pre:Reset Reason for this card: Image Version : 5.2(1)N1(4) Reset Reason (LCM): Unknown (0) at time Wed Mar 26 11:30:34 2014 Reset Reason (SW): Unknown (0) at time Sat Mar 22 06:17:30 2014 Service (Additional Info): Reset Reason (HW): uC reset code: 0x0100 ADM1066 Power Good Triggered Reset at time Sat Mar 22 06:17:30 2014
|
# ? Mar 26, 2014 18:04 |
|
sudo rm -rf posted:One of our Nexus 5ks restarted over the weekend. Any ideas what this means? Give this a look: https://tools.cisco.com/bugsearch/bug/CSCue71612
|
# ? Mar 26, 2014 18:27 |
|
zenthursdays posted:Give this a look: https://tools.cisco.com/bugsearch/bug/CSCue71612 Thanks, looks like that matches my issue pretty well.
|
# ? Mar 26, 2014 20:32 |
|
Quick question: What technology is required for a server to have a completely redundant link across two separate switches sharing a common core switch or uplink? I'm talking about having a single bonded interface composed of two or more physical links connected to two separate switches, but to other servers in the network you have a single IP. Is this possible with LACP/PortChannel or does it require more advanced technology?
|
# ? Mar 26, 2014 22:20 |
|
Wicaeed posted:Is this possible with LACP It's pretty much exactly what LACP is for. Our Brocade FCX TOR switches won't allow cross stack LACP but I believe other (good) switches allow this.
|
# ? Mar 26, 2014 22:27 |
|
Multichassis LACP seems to be what you're looking for.
|
# ? Mar 26, 2014 22:32 |
|
nzspambot posted:I guess this is a good place for this:
|
# ? Mar 27, 2014 05:34 |
|
Wicaeed posted:Quick question: What technology is required for a server to have a completely redundant link across two separate switches sharing a common core switch or uplink? Is this server an ESXi server? If not and you want to use LACP your switches you're plugging into will need to support some form of MLAG/MCEC. On Cisco Nexus that'll be vPC. On some catalyst platforms it's going to be called VSS. edit: I say some catalyst platforms because not every catalyst switch supports VSS.
|
# ? Mar 27, 2014 08:11 |
chestnut santabag posted:If someone suggests Cisco ACE stab them. gently caress Cisco ACE. Rest in peace you pieces of poo poo. I'm so glad my lead cannot purchase any more of these travesties. Death to modules.
|
|
# ? Mar 29, 2014 18:57 |
|
dont change my name posted:gently caress Cisco ACE. Rest in peace you pieces of poo poo. WRT modules it seems to come and go in waves. ASA SM is selling pretty well. Although most folks I've spoken with do seem to prefer the 5585X.
|
# ? Mar 31, 2014 00:24 |
|
Tremblay posted:WRT modules it seems to come and go in waves. ASA SM is selling pretty well. Although most folks I've spoken with do seem to prefer the 5585X. After having used both ACE and WISM modules I just prefer separate devices, but that could just be the ACE modules leaving a sour taste in my mouth after all the random reboots.
|
# ? Mar 31, 2014 01:24 |
|
I've used the CMM modules, and they were fine. I guess I'd say that my only qualm with those was that there was not a convenient upgrade path for those once they decided they were done making them, at least not one that was obvious. If you have your head in the sand anyways about the technology, which I did at that time (newbie).
|
# ? Mar 31, 2014 13:27 |
|
I've gotten access at my job to a lab used by the networking crew to practice their certs. It's only via telnet though and the lab has been explicitly set up just to practice CCNA stuff but it appears whoever else has been using it has been practicing enabling passwords and secrets on the devices. Is it possible for me to reset passwords via telnet?
|
# ? Apr 7, 2014 23:54 |
|
ZergFluid posted:I've gotten access at my job to a lab used by the networking crew to practice their certs. It's only via telnet though and the lab has been explicitly set up just to practice CCNA stuff but it appears whoever else has been using it has been practicing enabling passwords and secrets on the devices. Is it possible for me to reset passwords via telnet? Nope. Password resets require physical access (usually by ignoring the config while booting).
|
# ? Apr 7, 2014 23:59 |
|
ragzilla posted:Nope. Password resets require physical access (usually by ignoring the config while booting). The directions say that I'm supposed to be accessing the lab out of band through a terminal server router. It appears that this terminal server is connected through all the devices in the lab via console ports.
|
# ? Apr 8, 2014 00:07 |
|
ZergFluid posted:The directions say that I'm supposed to be accessing the lab out of band through a terminal server router. It appears that this terminal server is connected through all the devices in the lab via console ports. Try reloading and pressing 'Ctrl+Break' to get into ROMMON before it boots.
|
# ? Apr 8, 2014 00:31 |
|
less than three posted:Try reloading and pressing 'Ctrl+Break' to get into ROMMON before it boots. You can't reload from User-Exec mode.
|
# ? Apr 8, 2014 00:37 |
|
Whoops. The line vty/enable passwords were written on the sheets of paper I was given, I just didn't notice. The routers/switches in this lab have had an uptime of 4 years, meaning this gear has barely been used for its intended purpose. ZergFluid fucked around with this message at 04:18 on Apr 8, 2014 |
# ? Apr 8, 2014 04:16 |
|
Lab gear was probably the least important part of studying for the CCNA - it was fun to get under the hood a bit but boring. The question sims did alright. Anyone here running Unity connection and can comment about it's grammar for speech enabled directory handlers? It doesn't seem to be so great, and . . .there's nothing you can do with the voice engine, it looks like?
|
# ? Apr 8, 2014 20:23 |
|
I've been doing network engineering for nearly 18 years now. Got called by another team troubleshooting an old 5510 that would not communicate upstream at all. In the process of going through, fixed about 30 different misconfigs between the 2 devices. Still no good communication. It would talk upstream, but the interface showed 0 input at all. Upstream could see it's MAC, and populated the ARP table, and everything looked solid from that side. Then I shut the interface to see what would happen. Upstream device still said up/up, not terribly odd, seen that before on badly communicating interfaces. ASA's interface, that I had shut, was in Admin Down, Protocol UP status. I have never seen a down/up status in 18 years. I have been told for forever that this was just not possible. I told them their firewall was either cursed, senile, or just broken interface and to get a new one. But I'm not sure how to dispose of this one, does it require a wooden stake, or just to be burned at a stake? Also, am I alone in seeing this mythical interface status?
|
# ? Apr 8, 2014 23:04 |
|
Slickdrac posted:I've been doing network engineering for nearly 18 years now. Got called by another team troubleshooting an old 5510 that would not communicate upstream at all. In the process of going through, fixed about 30 different misconfigs between the 2 devices. Still no good communication. It would talk upstream, but the interface showed 0 input at all. Upstream could see it's MAC, and populated the ARP table, and everything looked solid from that side. ASA's are weird and do that. Basically if the interface has a good configuration and you issue a "shut," it will report "admin down/up." I don't know the exact criteria for when it will and won't report the "up" part, but I believe it's on par with the normal "up/up" status.
|
# ? Apr 8, 2014 23:28 |
|
So, I get what inside local and inside global are, but I haven't been able go find a clear and succient definition of "outside local" and "outside global." Help?
|
# ? Apr 9, 2014 17:48 |
|
ZergFluid posted:So, I get what inside local and inside global are, but I haven't been able go find a clear and succient definition of "outside local" and "outside global." Help? http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/4606-8.html Outside local and outside global are going to be the same address 99% of the time. The only time it won't is if (for some reason) you're NATting a public IP address (outside global: 8.8.8.8) to an inside address (outside local: 192.168.88.88).
|
# ? Apr 9, 2014 18:39 |
|
Makes sense! Thanks!
|
# ? Apr 11, 2014 01:29 |
|
Is Spiceworks as useful as it looks? The training lab I admin for needs some sort of network monitoring solution, and spiceworks seems pretty interesting. We basically have nothing but cisco equipment (switches, telepresence, spv), which is why I'm asking you guys.
|
# ? Apr 11, 2014 14:59 |
|
|
# ? May 28, 2024 04:06 |
|
sudo rm -rf posted:Is Spiceworks as useful as it looks? The training lab I admin for needs some sort of network monitoring solution, and spiceworks seems pretty interesting. We basically have nothing but cisco equipment (switches, telepresence, spv), which is why I'm asking you guys. Haven't used it myself before, but from what I can see there is certainly better out there depending on your requirements. If you want something for free and know your way around unix then you can use Nagios / Cacti. It does require a decent amount of time to setup though. PRTG is a good paid solution for Windows http://www.paessler.com/ has a 10 node limit freeware version. Solarwinds has also been solid as well in my experience if you've got the budget.
|
# ? Apr 14, 2014 05:23 |