|
Don't forget to set the archive path!
|
#
?
Jul 29, 2014 23:05
|
|
|
|
| # ? May 29, 2024 18:08 |
|
|
adorai posted:Juniper and everyone else who has a commit function got it right. IOS just plain loving sucks for making live changes. BRB bouncing all your BGP sessions. e: JUNOS supremacy. Except logging, I like my router to at least pretend that it isn't a *nix box underneath.
|
|
#
?
Jul 30, 2014 02:16
|
|
|
adorai posted:Mind blown. Um hell yeah. I think I'm going to have to play around with this some on my workbench before I start using it.
|
|
#
?
Jul 30, 2014 05:31
|
|
|
FatCow posted:I like my router to at least pretend that it isn't a *nix box underneath. I want it to be more *nix based because the tool sets are endless.
|
|
#
?
Jul 30, 2014 12:52
|
|
|
It would be nice to be able to use things like grep & awk on the router cli. If someone is dumb enough to no out a bgp process; is the additional step of commit confirm going to accomplish anything? Unless it explicitly tells them they are doing something dumb (and I can't remember if junos does that or not), they are just going to blindly type two commands instead of one.
|
|
#
?
Jul 30, 2014 14:57
|
|
|
inignot posted:It would be nice to be able to use things like grep & awk on the router cli. Junos has the ability for most things like that, even while in the junos CLI, you can use "grep" instead "match" since it is really just an alias, just like "except" is an alias to "grep -v". IOS has include / exclude, but they really need to add the ability to chain them for the instances of "sh run | inc xyz | exc abc". But that might be different in IOS-XR and forward. inignot posted:If someone is dumb enough to no out a bgp process; is the additional step of commit confirm going to accomplish anything? Unless it explicitly tells them they are doing something dumb (and I can't remember if junos does that or not), they are just going to blindly type two commands instead of one. 'commit confirm' in junos will still allow you to do stupid things, it just makes it easier to recover from them. There are sanity checks for things like removing a prefix list and it still be referenced elsewhere in the config and stops you from committing but there is nothing stopping you from doing "delete protocols bgp" and it not passing the commit check. Although you can "protect" stanzas in the configuration to prevent any modifications, but depending on how you do user authentication and levels of configuration changes, that really doesn't help either.
|
|
#
?
Jul 30, 2014 15:53
|
|
|
Grep exists in NX-OS. Plus, everyone doesn't use Notepad as there sanity check tool before committing things to production in Cisco land?
|
|
#
?
Jul 30, 2014 16:34
|
|
|
That's why change windows exist. Bounce a BGP session? W/e it's a maintenance window. I do pride myself on never disrupting anything in all the changes I've done though. Only time I came close was turning up a new wan tunnel and forgetting that EIGRP used to automatically summarize along classful boundaries. I noticed pretty quickly, and was able to add "no auto-summary" to the EIGRP process before too many people noticed.
|
|
#
?
Jul 30, 2014 17:10
|
|
|
Powercrazy posted:Is there a VPN tunnel or some other type of encryption? (I assume so given the Microwave Link) Lots of Packets plus CPU intensive policies, QoS, Encryption, Encapsulation, Inspection etc, will cause Control Plane outages. Well we ran some tests with iperf and discovered that the microwave link (which is outsourced - they handle our connections in and do a decent job) has been upgraded to 100mbps  This is the first I've heard of it, so I suppose maybe with that stealthy upgrade the link is now too much for my little router to handle. It's maxing out on CPU (which I was able to see after I ran a #scheduler interval 500 allowing my session to stay alive during the event) when rsync runs without a --bwlimit=<kbps>.Now my question is this: is this (that is - the control plane failing to accept connections when we are at or close to 100% bandwidth utilization) normal behavior? When you say a lot of CPU intensive policies, I'm not sure how to find out if things like QoS, Encapsulation or Inspection are running. Is there an easy way to find out from my interface information? Here: code:
|
|
#
?
Jul 30, 2014 18:10
|
|
|
Spudalicious posted:is this (that is - the control plane failing to accept connections when we are at or close to 100% bandwidth utilization) normal behavior? Yes. If you're running your traffic through a policy that shunts to CPU*, then it will start failing when the CPU peaks out. *QoS, NAT on old Cisco routers, ACLs by IP address... There's lots of corner cases where CEF doesn't catch it, especially when doing VLANs on routers via switch-card interfaces. Per this page: http://www.cisco.com/c/en/us/products/collateral/routers/sr-500-series-secure-routers/qa_c67-485432.html quote:Performance Honestly, check out a Ubiquiti Edgerouter (8-port) or Edgerouter PoE (5-port). It's got 5-8 gigabit routed ports and enough CPU to route & NAT 3-4gb/sec of traffic. The 5-port version's only $175. If you VLAN everything over to a switch trunk you can even use the 3-port version (Edgerouter Lite) which is ~$100 or so. CrazyLittle fucked around with this message at 19:56 on Jul 30, 2014 |
|
#
?
Jul 30, 2014 19:38
|
|
|
CrazyLittle posted:Yes. If you're running your traffic through a policy that shunts to CPU*, then it will start failing when the CPU peaks out. Thanks for pointing this out! I totally missed that performance bit on that page. I appreciate your recommendation on the edgerouter. I use some other ubiquiti products for wireless access points and such. I do however work for a nonprofit, and they usually ask that I make sure that there's no other options when it comes to upgrading hardware. Just for shits and giggles, what would be the best way to ensure that all of the CPU utilizing activities are turned off on the SR520 for maximum throughput?
|
|
#
?
Jul 30, 2014 21:10
|
|
|
Spudalicious posted:they usually ask that I make sure that there's no other options when it comes to upgrading hardware. Even when the manufacturer of the hardware says it won't perform to the level required? Just give them that link CrazyLittle posted.
|
|
#
?
Jul 30, 2014 21:20
|
|
|
SamDabbers posted:Even when the manufacturer of the hardware says it won't perform to the level required? Just give them that link CrazyLittle posted. I'm sure if I took that to them they would understand, I'm just curious what kind of performance I can eke out of this thing given optimal configuration.
|
|
#
?
Jul 30, 2014 21:37
|
|
|
inignot posted:It would be nice to be able to use things like grep & awk on the router cli. You can do whatever heck you like from a bash shell on Arista switches. I think the underlying OS is Fedora. I <3 Arista.
|
|
#
?
Jul 30, 2014 23:12
|
|
|
Spudalicious posted:I'm sure if I took that to them they would understand, I'm just curious what kind of performance I can eke out of this thing given optimal configuration. There's a pretty easy way to find out:
A Cisco 2811 is only good for 80mbit/sec or so, with nearly zero features enabled in config.
|
|
#
?
Jul 31, 2014 03:25
|
|
|
inignot posted:It would be nice to be able to use things like grep & awk on the router cli. This is why I like RANCID for config collection and management. Puts the most recent version of all your devices in the same directory so when you get question like "where does 10.20.30.0/24 live? or How many VPN tunnels do we have running out of all of our sites" it's just a quick grep away.
|
|
#
?
Jul 31, 2014 05:31
|
|
|
This is a really dumb one, but I have a device that isn't getting along with my USB-Serial adapter and since my old laptop broke the only other thing I have with a serial port is my 2970 switch. Is there any way I can use its Console port as a serial terminal while connected over telnet? edit: I guess side question since networking types do tend to use them a lot, any recommendations on a better adapter than my Prolific-based Dynex? wolrah fucked around with this message at 13:37 on Aug 1, 2014 |
|
#
?
Aug 1, 2014 13:33
|
|
|
wolrah posted:edit: I guess side question since networking types do tend to use them a lot, any recommendations on a better adapter than my Prolific-based Dynex? FTDI chipset-based adapters work really well. I also have an old Belkin/Tripp-Lite USA19HS adapter that's been rock solid for about 10 years, and I think they still sell them.
|
|
#
?
Aug 1, 2014 14:18
|
|
|
wolrah posted:This is a really dumb one, but I have a device that isn't getting along with my USB-Serial adapter and since my old laptop broke the only other thing I have with a serial port is my 2970 switch. Is there any way I can use its Console port as a serial terminal while connected over telnet? Airconsole. http://www.get-console.com/shop/en/16-airconsole
|
|
#
?
Aug 1, 2014 16:20
|
|
|
wolrah posted:Is there any way I can use its Console port as a serial terminal while connected over telnet? If your switch has an AUX port, it can be used as a serial terminal.
|
|
#
?
Aug 1, 2014 17:19
|
|
|
Cool concept, but no way to use it without their software is a no-go. I understand there isn't really a standard serial-over-LAN protocol that carries RTS/CTS and the like for applications that really need a full virtual serial port, but many of the potential uses would be satisfied by a simple SSH (or Telnet if you want to be lazy and insecure) session. Them being proud over "full 5v" RS-232 is a bit concerning as well, given that the spec is 3 to somewhere between 15 and 25 volts and most sources I've read about why cheap adapters don't work with some devices is the adapter only delivering 5v from USB rather than the 12v that a native PC serial port usually provides. I have a battery-powered wireless bridge running OpenWRT that has a USB port though, so I will steal the basic idea and use that with a USB adapter. As far as that goes it does look like the FTDI chips are the current favorite. No such luck on using the switch's console port right now in a pinch though, it seems? I found I have some 1841s around as well, those have an AUX port, is that useful for this?
|
|
#
?
Aug 1, 2014 17:28
|
|
|
SamDabbers posted:FTDI chipset-based adapters work really well. I also have an old Belkin/Tripp-Lite USA19HS adapter that's been rock solid for about 10 years, and I think they still sell them. FTDI stopped supporting the old chipset because of chip counterfeiters. The current chip is the FTDI FT232RL, and it's got Win8 x64 driver support so I bought a bunch of these cables: http://www.ebay.com/itm/370761532032 Otherwise if you have an old cable and a new laptop either install a 32-bit virtual machine in VM Player and then pass that cable device through to the guest OS, or install a 32-bit O/S so you can get old-driver support for the cable.
|
|
#
?
Aug 1, 2014 17:30
|
|
|
less than three posted:If your switch has an AUX port, it can be used as a serial terminal.
|
|
#
?
Aug 1, 2014 22:52
|
|
|
I received one of these as a gift but have never used it because I didn't bother to see how it works with a standard PC running Linux (vs a touchscreen phone with a special app). Looks like one can use `socat` to make it work which may be acceptable. http://www.routereflector.com/2013/08/serial-over-wifi-the-airconsole-adapter/
|
|
#
?
Aug 1, 2014 22:57
|
|
|
falz posted:I received one of these as a gift but have never used it because I didn't bother to see how it works with a standard PC running Linux (vs a touchscreen phone with a special app). Looks like one can use `socat` to make it work which may be acceptable. Interesting, looks like I was wrong and there is sort of a standard for serial over LAN in the form of an experimental RFC (2217). Now this thing is a lot more appealing, since it costs pretty much the same as my bridge and a USB-serial adapter. I'll still stick with the homebrew option since I have half the parts already, but I will certainly be telling coworkers about this rather than trying to talk them through OpenWRT.
|
|
#
?
Aug 2, 2014 00:53
|
|
|
You should definitely be able to use the AUX port on an 1841 for this. Try this guide: http://ciscofaq.blogspot.com.au/2005/05/how-to-i-reverse-telnet-out-my-aux.html?m=1 Its the same principle using an old router with a bunch of async lines as a console server, except with only one line (the AUX port).
|
|
#
?
Aug 2, 2014 02:15
|
|
|
I carry around one of these routerboards for my console access http://routerboard.com/RB411AR Wireless, Serial, Ethernet if you need to do a large TFTP/SCP transfer as well and no special drivers required for whatever machine you have at the time. For lengthy troubleshooting session as well you can plug it into the network and not have to work inside the too cold or too hot comms room 
|
|
#
?
Aug 4, 2014 01:16
|
|
|
hanyolo posted:This is why I like RANCID for config collection and management. Puts the most recent version of all your devices in the same directory so when you get question like "where does 10.20.30.0/24 live? or How many VPN tunnels do we have running out of all of our sites" it's just a quick grep away. the only thing I hate about rancid is not having an integrated web front end
|
|
#
?
Aug 4, 2014 02:33
|
|
|
Bluecobra posted:I think the underlying OS is Fedora. I <3 Arista. Lol what? Fedora?
|
|
#
?
Aug 4, 2014 02:34
|
|
|
Powercrazy posted:That's why change windows exist. Bounce a BGP session? W/e it's a maintenance window. I was lead analyst for a WAN that spanned >60% of the globe. I never had anything go down in three years on my shift that was not a device failure. 
|
|
#
?
Aug 4, 2014 02:36
|
|
|
z0rlandi viSSer posted:the only thing I hate about rancid is not having an integrated web front end Well, ViewVC does alright for viewing the configs. You still have to edit the files manually.
|
|
#
?
Aug 4, 2014 04:07
|
|
|
z0rlandi viSSer posted:the only thing I hate about rancid is not having an integrated web front end I never thought I'd see the day when an engineer unironically said they want a web interface for something
|
|
#
?
Aug 4, 2014 05:35
|
|
|
I use a TRAC sever to browse my RANCID configs and it's good enough to see what's going on and get diffs from older versions if needed
|
|
#
?
Aug 4, 2014 05:42
|
|
|
Can I ask NSX poo poo here or should someone spawn off a new thread? I'd like to just say gently caress it; and help some one with SDN HW, SAN, and Newtwork. But IDK if it is useful. Maybe I should just make a thread called; "Virtualizating v3: Yeah you can virtualize that too!" Dilbert As FUCK fucked around with this message at 06:31 on Aug 4, 2014 |
|
#
?
Aug 4, 2014 06:26
|
|
|
z0rlandi viSSer posted:the only thing I hate about rancid is not having an integrated web front end Because it's too hard to install either of the two supported web front-ends? z0rlandi viSSer posted:Lol what? Arista switches run a top a Fedora installation. Juniper is doing this on the QFX product line where the OS is running inside a Linux KVM guest.
|
|
#
?
Aug 4, 2014 14:00
|
|
|
Dilbert As gently caress posted:Can I ask NSX poo poo here or should someone spawn off a new thread? Maybe just wait until someone asks a question about those technologies and respond to them? I'm sure a braindump/effort post wouldn't be frowned upon if you feel like regurgitating some stuff.
|
|
#
?
Aug 5, 2014 00:49
|
|
|
Woo, MPLS bitches.code:
|
|
#
?
Aug 6, 2014 17:47
|
|
|
FatCow posted:Woo, MPLS bitches. I just set that up (l3vpn) earlier this year too. Pretty satisfying to see it work with minimal effort (if you already had/have an mpls enabled core).
|
|
#
?
Aug 6, 2014 18:40
|
|
|
When you create a VRF, which part of the rd makes the route table unique? So if I have pre:ip vrf VRF1 rd 10:10 ip vrf VRF2 rd 10:11
|
|
#
?
Aug 7, 2014 18:19
|
|
|
|
| # ? May 29, 2024 18:08 |
|
|
Filthy Lucre posted:When you create a VRF, which part of the rd makes the route table unique? IIRC it's the same weird syntax sometimes used for 4 byte AS numbers where it's two 2 byte numbers with a colon in between. That means 10:10 and 10:11 are unique routing tables.
|
|
#
?
Aug 7, 2014 18:26
|
|