|
Also the demo spark bots don't work very well which doesn't help. Both Zork bots don't work worth a poo poo. The furniture bot does if you want to shop for office furniture.
|
#
?
Sep 7, 2017 23:08
|
|
|
|
| # ? Jun 10, 2024 18:25 |
|
|
If a provider keeps making mistakes when configuring their managed routers for certain services it would imply they don't perform any sort of config management, and backups of configurations if they exist are likely to be contained inside Word files and shoved on a network share. Is that a fair assumption to make? On a related note, do ISPs usually proactively manage the software builds on their CPE devices, or do they just sit around running whatever they shipped out with until they get decommissioned? I just realised I've never seen any sort of maintenance notification for that sort of work. Even my home broadband router gets updates pushed to it.
|
|
#
?
Sep 8, 2017 00:43
|
|
|
Eh I got a decent number of maintenance notifications when I was a network engineer at a bank with 100+ branches, so I imagine at least a few of those were code upgrades. Our provider was AT&T though and afaik, they were one of the first to do automation way back before the terms SDN or Openflow existed.
|
|
#
?
Sep 8, 2017 00:51
|
|
|
Can any of you tell me about sd-wan? Skip the marketing buzz about "separating control from data planes". I understand that in general, it would allow me to aggregate a number of WAN links, such as commodity internet, 4g lte, and metro ethernet or MPLS, and use policies to prefer certain links for certain types of flows. My questions are: 1) what's the "best" solution, if I define best as something that will be supported for years to come and won't pull money out of my budget so fast that I turn inside out? 2) is there an open source sd-wan solution that isn't poo poo? 3) is this poo poo all hype that I probably shouldn't even bother with? My branches all use xendesktop anyway, so the reality is that most of them are good to go with less than 10mbps of metro ethernet. If you don't know me from other threads, I am a hater of most things "cloud" and all the loving sd-wan providers use the word cloud in every goddamn marketing material even if the only cloud thing about them is they use the internet. edit: also my network is 99% OSPF and I hate redistributing routing protocols unless absolutely necessary, so for instance "cloud"genix sd-wan pisses me off because they only talk about eBGP, so gently caress them. edit2: I have 60 some branch offices, most of which have 5 or less tellers or personal bankers aka low bandwidth users. adorai fucked around with this message at 01:43 on Sep 8, 2017 |
|
#
?
Sep 8, 2017 01:40
|
|
|
SD-WAN means whatever the provider advertising it to you wants it to mean. To someone like Meraki it means not having to buy MPLS and abstracting away the hassle of creating a poo poo ton of VPN tunnels that can fail between physical links. To some of our suppliers it means the ability to change bandwidth allocated to certain VLANs in realtime just by moving a slider in a portal. To Fortinet it seems to mean "this is where you set up load balancing and failover now"  .
|
|
#
?
Sep 8, 2017 02:22
|
|
|
falz posted:We have a handful of these in production but fortunately most have been pulled. Previous eng opted to try to move org from J to brocade when he started and yeah, not a good idea. bad news, it's 08.0.30g and I am about to patch up to the latest .30p release Yeah these things kind of loving suck and I am eagerly planning to decomm them this year. I have no idea why anyone would be willingly moving toward Brocade for ethernet in recent years. These were installed like 5 years ago but are now predictably falling over. The super slow SSH login is annoying but not even like my top 5 Brocade gripes
|
|
#
?
Sep 8, 2017 05:56
|
|
|
Yeah the jackass that went TOWARDS brokeaids just wanted to be different or something. We're a full Juniper shop, QFX5100 existed already then, he just had used junos for the firs time and hated it. He's a baby and thank god he now works at a quickie mart instead of doing net eng stuff. Anyhow, SSH is faster in 8.0.10 but its still slow. A few years back I we were running 8.0.30 and I contacted support about something and they basically said ZOMG why are you running that, go to 8.0.10. I think since then they actually started publishing a recommended OS version document, but I don't think it gets updated frequently. Some of the Issues we've had with them: * Spontaneous reboot when a few people logged in (3? not reproduceable) * LACP issues on 2x10g when traffic levels hit about 2gbps. fix: disable one LACP member * Running layer3 and doing east/west routing w/ OSPF, super mysterious packet issues. fix: stop routing on them except for management * Nothing is documented well, like internal CoS traffic originating from device. Have to resort to their internal engineers posting to foundry-nsp lists * Can't have ipv6 snmp community name the same as v4 community. Support didn't understand why we'd want them to be the same. at least we can all call them broke-broke or brokeAIDS in jest.
|
|
#
?
Sep 8, 2017 14:39
|
|
|
Bigass Moth posted:To the other VOIP guys out there, are you seeing much work with Spark or newer tech? Anything with immersive telepresence? We do some with my company but most seem to stick with CUCM/Unity/IM&P bread and butter. We're in the process of setting it up internally, and I'm involved in developing a classroom-based Spark Room Kit Plus system for classroom-to-classroom distance learning. If you don't currently have infrastructure for that kind of thing, I can see it being appealing. Partycat posted:They have some work to get done yet on services interoperability with on prem and external resources . Preferably without it costing $99999999999 to kit it out. This is part of what's holding us up on implementing it more widely.
|
|
#
?
Sep 8, 2017 15:34
|
|
|
Can someone explain to me like I'm a child what the difference is between regular Cisco licensing and their new "smart licenses". Our Cisco reseller is asking us to setup a new "Smart Account ID" which of course is not your CCID.
|
|
#
?
Sep 8, 2017 17:44
|
|
|
falz posted:Yeah the jackass that went TOWARDS brokeaids just wanted to be different or something. We're a full Juniper shop, QFX5100 existed already then, he just had used junos for the firs time and hated it. He's a baby and thank god he now works at a quickie mart instead of doing net eng stuff. To be fair, Juniper switching is a pain in the rear end because groups can't really be dynamically assigned, and it's difficult to determine which vlans are allowed on each interface without checking 3-4 different places.
|
|
#
?
Sep 8, 2017 18:58
|
|
|
GreenNight posted:Can someone explain to me like I'm a child what the difference is between regular Cisco licensing and their new "smart licenses". Our Cisco reseller is asking us to setup a new "Smart Account ID" which of course is not your CCID. Regular licensing, you pay for a license to put on a router or firewall. That license is for the device to allow it to work. No longer using that device, then the license is no longer useful and gets thrown out with the device, you may not transfer it. Smart licensing, you pay for a license to put on a router or firewall. That license will allow the device to work. No longer using that device, you can reclaim the license back into your license pool, you may redistribute it to another router or firewall. It's absolutely worth it for licenses you might have in flux usage where things are deployed and decommed regularly, particularly cloud or virtual devices, but there's some use cases for physical gear as well. The primary problem with it is that it's drat near useless if you have a fairly stagnant environment, the whole benefit is in being able to reuse licenses. But that's how they make their real money, so any new equipment is going to require completely "new" licenses anyway. Slickdrac fucked around with this message at 19:31 on Sep 8, 2017 |
|
#
?
Sep 8, 2017 19:28
|
|
|
That's a much better answer than our reseller. Thank you.
|
|
#
?
Sep 8, 2017 19:31
|
|
|
Thanks Ants posted:On a related note, do ISPs usually proactively manage the software builds on their CPE devices, or do they just sit around running whatever they shipped out with until they get decommissioned? I just realised I've never seen any sort of maintenance notification for that sort of work. Even my home broadband router gets updates pushed to it. The latter. Definitely the latter.
|
|
#
?
Sep 9, 2017 00:40
|
|
|
quote:Dear Valued Customer, So on our fiber connections it appears to happen. Can't say the same for our garbage cable connections for guest networks and what not but they may just not notify us and I don't particularly care either.
|
|
#
?
Sep 9, 2017 00:57
|
|
|
psydude posted:The latter. Definitely the latter. Absolutely code:
|
|
#
?
Sep 9, 2017 03:19
|
|
|
For the love of god Cisco, please finish your AVNU certification process so I can get rid of these loving Extreme switches.
|
|
#
?
Sep 9, 2017 09:54
|
|
|
Slickdrac posted:Regular licensing, you pay for a license to put on a router or firewall. That license is for the device to allow it to work. No longer using that device, then the license is no longer useful and gets thrown out with the device, you may not transfer it. Also talk with your finance people, sometimes they get hung up if you can't associate a licence with a fixed asset. Turning capex into cogs/opex is  .ate poo poo on live tv posted:What kind of SRXs? 1400s. BFD also makes link down failovers take 30s+ to recover. Sheep posted:So on our fiber connections it appears to happen. Can't say the same for our garbage cable connections for guest networks and what not but they may just not notify us and I don't particularly care either. MX convergence times are a bitch.
|
|
#
?
Sep 12, 2017 00:57
|
|
|
Why would plugging in a blank stock configured switch somewhere in the network cause prod to go down? Because it inserts itself somewhere between the primary and secondary STP root bridges and important things. It doesn't have all the necessary VLANs registered in the vlan database.
|
|
#
?
Sep 12, 2017 20:07
|
|
|
Protect those edge ports man
|
|
#
?
Sep 12, 2017 20:38
|
|
|
I didn't think I'd need to be BPDU guarding in my DC Anyway it was my own fault, I'm still not entirely sure what happened. I don't have a good explanation of how core-6 would become a switched transit for things off of core-3 when core-3 has a direct link to the root bridges for MST0 and MST1 code:Methanar fucked around with this message at 21:20 on Sep 12, 2017 |
|
#
?
Sep 12, 2017 21:17
|
|
|
It probably had a more favorable bridge ID and became root.
|
|
#
?
Sep 12, 2017 21:40
|
|
|
Just figured out why. I'm a huge dumbass. That link between core-1 and core-2 is not a switched port. That's L3 point to point for iBGP. I could have used a VLAN there but I had used a real L3 port instead. Don't mind me while I go jump off of a bridge
|
|
#
?
Sep 12, 2017 22:08
|
|
|
Networking equipment always thinks inside its box at different layers. Sometimes it lines up with what you want but other times you get some fun and chaos. I run a LAN for an Intel LANFest event with dumpster hardware. I built a Nortel IST 4G core and then we ended up with a bunch of pokey 3Com edge that can't handle any sort of guard or STP influence. Then our helpers plugged them together like Spiderman or some poo poo. Rate limiting and storm control helped keep it from imploding but man oh man did those league of legends players get mad. Partycat fucked around with this message at 00:39 on Sep 13, 2017 |
|
#
?
Sep 13, 2017 00:37
|
|
|
Methanar posted:Why would plugging in a blank stock configured switch somewhere in the network cause prod to go down? VTP strikes again. Turns out unrelated, but my goal is to exit 2018 with a spanning tree free network. WAN has been there since the start, DCs are a nightmare.
|
|
#
?
Sep 13, 2017 02:34
|
|
|
I finally convinced one the earlier net engineers at my job to keep our server IPMI network separated by an L3 link after the Nth time production went down because of linux boxes with bridge interfaces and two NICs bridging it into the prod vlan. Also a properly configured MSTP environment with loop-guard and root-guard configured where appropriate are so nice. Now there isn't anyway to create a loop without screwing with both the access ports and the uplink ports on two different switches, and then plugging them together WITH a rogue switch in-between. Basically it has to be intentional, accidental loops are blocked. Now just to convince him to stop being lazy and putting SVIs into OSPF processes, because I swear one of our product engineer's is going to turn on OSPF on a server at some point and inject an E2 0 metric default route or some poo poo.
|
|
#
?
Sep 13, 2017 03:18
|
|
|
I am still debating with the "architects" to stop designing bridged VLANs spanning multiple floors, /19 voice VLANs, and using VLAN 1 for management everywhere. They don't seem to be very progressive with their design nor attentive to current practice. We had an eltdown with a "core" VSS 6500 pair being slammed with traffic due to the poo poo NAT WiFi design that was put into place. I don't know many times we have to do things like this before they figure out the 6500 is not a router, and to buy a router if they want to route traffic. The Thunder A10 appliances were not routers either, nor were the 4500X pair in VSS. Putting it in VSS does not do anything to extend the capacity of the appliance on that plane so .... ? The bridged VLAN one is wonderful when someone plugs things together with a device that eats the spanning tree BPDUs and creates a loop. It's great to tank out appliances and building controls in a dozen buildings because it is "Easier" to deal with things per 'router' pair. Layer 3 is too hard I guess.
|
|
#
?
Sep 13, 2017 03:42
|
|
|
Nothing wrong with using vlan 1 anymore. Though I wouldn't want to use it "everywhere" as a single broadcast domain. Also a 6500 seriously?  drat, I wouldn't use that anywhere anymore.
|
|
#
?
Sep 13, 2017 04:57
|
|
|
Honestly STP is outdated at this point and you should just setup an L3 fabric.
|
|
#
?
Sep 13, 2017 07:42
|
|
|
The 6500 platform was such a good platform though in its day - the Cisco product range has gone from " here are a bunch of devices : they will all do what you want " to "here's a bunch of devices. Some of them may do what you want and the others have probably already been obsoleted"
|
|
#
?
Sep 13, 2017 08:30
|
|
|
pctD posted:Honestly STP is outdated at this point and you should just setup an L3 fabric. Does this apply to edge switching as well as datacenter? I am quite out of the loop on this stuff.
|
|
#
?
Sep 13, 2017 11:10
|
|
|
SRND has routed from edge switch to core- presumably you still want to have stp as necessary for edge protection and failover ( looking at you crestron )
|
|
#
?
Sep 13, 2017 12:01
|
|
|
pctD posted:Honestly STP is outdated at this point and you should just setup an L3 fabric. The network I've got is baby's first datacenter deployment. I actually originally did intended to do L3 segments on all over the place, but it just seemed extremely wasteful in terms of public address space and overly complicated for no gain, at least in the idiot way that I was envisioning it. Same reason really for why I decided against setting up some MLAGs in the core rather than just using MST and spreading out my vlan paths to the root. Could you give a brief diagram/explanation of a situation where you WOULD want to replace STP with real routing?
|
|
#
?
Sep 13, 2017 17:40
|
|
|
One really big reason I prefer pushing L3 as far as possible instead of STP is that L3 protocols don't have to shut down ports, they can load balance with ECMP instead. When you have a failure, you still lose some traffic but the backup path is already there and active. Even where you're not using ECMP fast-reroute mechanisms are pretty quick these days if set up properly. e: Of course, you can use something like PVST/MST to load-balance on your backup paths but the granularity and automaticity of it is very different from ECMP. I haven't worked with FabricPath/TRILL so can't comment on whether it fixes those shortcomings. I was involved in testing a couple ideas for a trading floor design a couple years back and we ended up concluding that it worked fine to just push OSPF or iBGP all the way to the edge. Of course, my experience is also way more oriented towards routers so sometimes it's easy to conflate the fact that I prefer or am used to something with the idea of it actually being better. Still, I feel like these days the designs I see tend towards keeping L2 domains as small as possible. Eletriarnation fucked around with this message at 18:05 on Sep 13, 2017 |
|
#
?
Sep 13, 2017 17:45
|
|
|
Methanar posted:Could you give a brief diagram/explanation of a situation where you WOULD want to replace STP with real routing? As soon as the traffic leaves: the physical building, or logical network segment
|
|
#
?
Sep 13, 2017 18:28
|
|
|
Methanar posted:The network I've got is baby's first datacenter deployment. I actually originally did intended to do L3 segments on all over the place, but it just seemed extremely wasteful in terms of public address space and overly complicated for no gain, at least in the idiot way that I was envisioning it. Same reason really for why I decided against setting up some MLAGs in the core rather than just using MST and spreading out my vlan paths to the root. A basic fabric is super simple and I'm not sure why public address space would ever be an issue. Unless you need to span your public subnets across L3 segments, in which case you can use something like VXLAN for that.
|
|
#
?
Sep 13, 2017 22:27
|
|
|
Methanar posted:The network I've got is baby's first datacenter deployment. I actually originally did intended to do L3 segments on all over the place, but it just seemed extremely wasteful in terms of public address space and overly complicated for no gain, at least in the idiot way that I was envisioning it. Same reason really for why I decided against setting up some MLAGs in the core rather than just using MST and spreading out my vlan paths to the root. If you require loops in your network, basically. HPC environments are the most common example of this, but also bigger enterprise deployments or certain storage configurations. Spanning-tree is fine, but your layer 2 topology should be designed with no loops. This means using features like VPC to get multiple uplinks out of everything, and collapsing all your TOR into a core. This has a number of theoretical disadvantages ("won't someone think of the east west traffic?!?!!") and a lot of practical advantages.
|
|
#
?
Sep 13, 2017 23:30
|
|
|
Methanar posted:Could you give a brief diagram/explanation of a situation where you WOULD want to replace STP with real routing? Everywhere. Seriously, L3 underlay network. If you're not buying your refresh equipment to handle a fabric you're loving up. (or poor, soz)
|
|
#
?
Sep 14, 2017 00:13
|
|
|
IPv6 gives you a lot of public addresses 
|
|
#
?
Sep 14, 2017 00:43
|
|
|
I'm tempted to lab out IPv6 everywhere and then implement 464XLAT and see how badly things break.
|
|
#
?
Sep 14, 2017 00:56
|
|
|
|
| # ? Jun 10, 2024 18:25 |
|
|
Maybe my network just isn't big enough then. Today I've got like 110 dedicated pizza box servers and another 70 VMs using 5 vlans, one for internal addressing and one per public subnet. In reality I have 15000 switch ports of crazy custom poo poo but that's mostly isolated away off to the side and natted into one of the four public network vlans as necessary.
|
|
#
?
Sep 14, 2017 00:58
|
|