|
My Telia link does about 30% of the traffic I see coming in from Zayo or Hurricane Electric.
|
#
?
May 3, 2016 22:15
|
|
|
|
| # ? Apr 25, 2024 03:29 |
|
|
FatCow posted:Is Telia a decent US transit provider? They have some agressive pricing. I've had them in my mix for about 6 months now, no complaints. -edit- Can't compare them to HE since I peer them, but Telia does about equal to AT&T/VZB/NTT in my mix, they do run about half what Zayo does. Nobody comes close to Level3 (if I didn't like them so much I'd try to push some away). ragzilla fucked around with this message at 22:27 on May 3, 2016 |
|
#
?
May 3, 2016 22:20
|
|
|
Can anybody explain why switches exist that let you have more than one VLAN untagged on a port and then have you set the PVID separately? Is this a hangover from stuff that didn't really support dot1q or is there a legitimate reason for it?
|
|
#
?
May 3, 2016 23:07
|
|
|
Two weeks ago I opened up my circuit spreadsheet provided to me by Frontier and cancelled one of my branch circuits using the listed circuit ID. Turns out Frontier provided the wrong circuit ID at turn up and I ended up running three branches over a pathetically small backup VPN all day today. Before you ask, the town is in a twilight zone where frontier is more or less the only way to get in and out of town without paying ludicrous prices.
|
|
#
?
May 4, 2016 00:16
|
|
|
ragzilla posted:I've had them in my mix for about 6 months now, no complaints. The initial mix will be XO/NTT/Telia wit Telia replacing Cogent. I'll likely replace XO with Level 3 down the road, if they would ever decide that my 6 figure a month voice spend justifies good HSIP pricing.
|
|
#
?
May 4, 2016 01:49
|
|
|
FatCow posted:The initial mix will be XO/NTT/Telia wit Telia replacing Cogent. I'll likely replace XO with Level 3 down the road, if they would ever decide that my 6 figure a month voice spend justifies good HSIP pricing. I've always had good luck with just collecting every quote I can, anonymizing it and throwing out the spreadsheet to the carriers. If you show them they're not competitive they usually find a way to make it work, especially if you're buying in major colos.
|
|
#
?
May 4, 2016 03:05
|
|
|
ragzilla posted:I've always had good luck with just collecting every quote I can, anonymizing it and throwing out the spreadsheet to the carriers. If you show them they're not competitive they usually find a way to make it work, especially if you're buying in major colos. *looks up networks adjacent to your ASN, fills in blanks* At least that is what I'd do. Also Tata can be decent in the US, depends on who you're targeting obviously.
|
|
#
?
May 4, 2016 04:41
|
|
|
You wildly overestimate the ability of sales droids.
|
|
#
?
May 4, 2016 13:55
|
|
|
Thanks Ants posted:Can anybody explain why switches exist that let you have more than one VLAN untagged on a port and then have you set the PVID separately? Is this a hangover from stuff that didn't really support dot1q or is there a legitimate reason for it? My guess would be for some situation where you have two devices connected to the switch port, like VoIP situations. Cisco switches have a designated voice VLAN command, but other vendors may not.
|
|
#
?
May 4, 2016 14:00
|
|
|
Voice VLANs are tagged. I would guess it's just lovely software that lets you insert commands that probably breaks poo poo.
|
|
#
?
May 4, 2016 14:15
|
|
|
I've had them for almost two years now and have had close to zero issues. We have a somewhat special config and they've been totally flexible - 100gig-e handoff, they let us add vlans and peering sessions to other AS's at will. Last year they wouldn't do BFD, but I asked them again last week and they do and happily set it up on many of our sessions. Transit is clearly reaching commodity, probably sanity check things like DDoS options (blackhole or just allowing them to quickly apply an ACL).
|
|
#
?
May 4, 2016 14:39
|
|
|
FatCow posted:Is Telia a decent US transit provider? They have some agressive pricing. We use them as one prong of our global anycast backbone and they seem fine. Cogent is the other. ate shit on live tv fucked around with this message at 22:16 on May 4, 2016 |
|
#
?
May 4, 2016 22:13
|
|
|
I have been tearing my hair out over trying to get a fibre link up between two switches - an HP 2920 and a lovely ex-3com HP (1910) which is due to be replaced but until then is causing me problems. Has anyone seen a fibre strand die but the link stay up and only work in one direction? The stats from the 2920 for the transceiver show: code:code:Looking at the far-end switch the only entry in the MAC table is the laptop that is directly plugged in. The only explanation I can think of for this is that the far-end switch is able to send that information to my 2920, but can't receive anything back in the other direction. But I've never seen a link do that - it's either up or down. What the gently caress is going on?
|
|
#
?
May 10, 2016 21:15
|
|
|
Does the switch on the other side also show Rx power? I've definitely seen fiber pairs with one side misconnected or broken and it looks up on one side. I don't think it could happen if you're using autonegotiation (which is built into and can't be disabled with 10G, but can with 1G) but I could be wrong.
|
|
#
?
May 10, 2016 21:27
|
|
|
The far end is unfortunately poo poo and doesn't display that information. I am getting the guy on-site to make up LC loopback cable to test the SFPs out with. Edit: Lol, took another look at the interface stats as opposed to just the SFP stats code:So this looks like mystery solved. Thanks for the autoconfigure suggestion, I probably wouldn't have looked at the interface stats without being nudged in that direction. Thanks Ants fucked around with this message at 21:47 on May 10, 2016 |
|
#
?
May 10, 2016 21:29
|
|
|
Thanks Ants posted:The far end is unfortunately poo poo and doesn't display that information. I am getting the guy on-site to make up LC loopback cable to test the SFPs out with. Yeah, Tx drops sound like a failing port ASIC or maybe optic to me. I don't think that there's any way to detect problems with the physical medium from the Tx side so I would definitely be looking at hardware first with this.
|
|
#
?
May 10, 2016 23:08
|
|
|
SFPs have the transmit fail all the time, unfortunately. Swap em and you'll know if that's the case. Swap strands to check if your fiber is any good.
|
|
#
?
May 11, 2016 02:58
|
|
|
It was a dead port - using the shared copper port shows a ton of Tx errors as well. Moved the SFP to 46 and everything came up as it should have. RMA time!
|
|
#
?
May 11, 2016 14:41
|
|
|
If you're in a campus environment where generally each building has its own VLAN and network range, how do you do VLAN assignment for devices that roam between buildings? Testing this now. In my head I'd do different network policies on the NPS server based on the IP of the switch sending the RADIUS request, but is there a better way? KS fucked around with this message at 23:00 on May 16, 2016 |
|
#
?
May 16, 2016 22:58
|
|
|
KS posted:If you're in a campus environment where generally each building has its own VLAN and network range, how do you do VLAN assignment for devices that roam between buildings? Testing this now.
|
|
#
?
May 16, 2016 23:30
|
|
|
Well, currently the Building A vlan is not extended to the building B access switches. I guess there's nothing really stopping me from doing that, but making device groups for "home VLANs" seems like a pain to maintain.
|
|
#
?
May 17, 2016 00:57
|
|
|
Is this some network infrastructure being moved a lot? Could create a management vlan that spans buildings or just create a larger IP range for your radius key. Or route more with an igp and have the requests come from the devices loopback address. Lots of things you could do, it's just not clear what exactly you're doing and why.
|
|
#
?
May 17, 2016 01:05
|
|
|
When I first started at this company 7 years ago, they had outsourced their WAN management. The company that did it used "redistribute connected" on any OSPF process. All across the internet I see people using "redistribute connected" on their ospf processes. Is this a normal thing? The first thing I did when we got rid of the outsourced management was remove redistribute connected, set passive-interface default, and specify the networks that should participate in OSPF. It seems lazy and quite frankly dumb to do that unless you have a really good reason for it. Am I right, or am I just anal?
|
|
#
?
May 17, 2016 04:55
|
|
|
adorai posted:When I first started at this company 7 years ago, they had outsourced their WAN management. The company that did it used "redistribute connected" on any OSPF process. All across the internet I see people using "redistribute connected" on their ospf processes. Is this a normal thing? The first thing I did when we got rid of the outsourced management was remove redistribute connected, set passive-interface default, and specify the networks that should participate in OSPF. It seems lazy and quite frankly dumb to do that unless you have a really good reason for it. Am I right, or am I just anal? It's the easy way to get all your networks into OSPF, otherwise you've got to passive-interface/network statement all of your networks into the RIB, which could be "better" than having a bunch of externals, but a lot more work than is absolutely necessary.
|
|
#
?
May 17, 2016 05:02
|
|
|
adorai posted:When I first started at this company 7 years ago, they had outsourced their WAN management. The company that did it used "redistribute connected" on any OSPF process. All across the internet I see people using "redistribute connected" on their ospf processes. Is this a normal thing? The first thing I did when we got rid of the outsourced management was remove redistribute connected, set passive-interface default, and specify the networks that should participate in OSPF. It seems lazy and quite frankly dumb to do that unless you have a really good reason for it. Am I right, or am I just anal? You're right about default passive-interface, as someone could perform a blackholing/spoofing attack if they plugged into a non-passive network. If your only connections are to other devices you control though it doesn't seem like a big deal. Redistributing connected shouldn't really be an issue unless you have such a large network or such low-end devices that scaling and performance is a real concern. You could make an argument for only advertising what needs to be advertised, but I would say that unless there's a reason not to advertise everything you should try to keep the config simple and maintainable with a simple redistribute over having lots of network statements. Even in the case where you don't want to advertise everything, you could still make the case that redistributing connected through a route-map makes for a more maintainable configuration. Eletriarnation fucked around with this message at 05:08 on May 17, 2016 |
|
#
?
May 17, 2016 05:06
|
|
|
doesn't that lead to hosed up routing metrics though? My initial problem was that I was unable to have a backup VPN at a given site, because all my routes were external. edit: my network is lots of small branches, so a given router generally has 5 networks to advertise.
|
|
#
?
May 17, 2016 05:30
|
|
|
adorai posted:doesn't that lead to hosed up routing metrics though? My initial problem was that I was unable to have a backup VPN at a given site, because all my routes were external. What platform are you using for backup VPN? If IOS just use VTI with high OSPF cost. If anything else use floating 250 admin distance static routes.
|
|
#
?
May 17, 2016 13:34
|
|
|
adorai posted:doesn't that lead to hosed up routing metrics though? My initial problem was that I was unable to have a backup VPN at a given site, because all my routes were external. Yes, you're hitting on the correct reason you want to avoid lazy redistribute connected. They will all be "injected" as external, and depending on your metric type, the paths won't be calculated correctly for internal use. (E1 vs. E2) Passive and network statements are by far preferred for a "professional" OSPF environment. Of course, if you've only got 5 devices and will literally never grow or have enterprise needs, it probably won't come up as an issue. Probably.
|
|
#
?
May 17, 2016 16:31
|
|
|
I tend to redistribute summaries. If 10.244.0.0/16 is a specific location I create a null route for that /16 and re-distribute that. Then when the traffic gets there it'll usually find a more specific route to get where it needs. I'm generally more lazy about that kind of thing though. I also break my networks up into nice and easily summarized networks.
|
|
#
?
May 18, 2016 03:12
|
|
|
Dalrain posted:Yes, you're hitting on the correct reason you want to avoid lazy redistribute connected. They will all be "injected" as external, and depending on your metric type, the paths won't be calculated correctly for internal use. (E1 vs. E2) Passive and network statements are by far preferred for a "professional" OSPF environment. Yeah, that's true. You can set the metrics in a route-map if you're doing it that way instead of just redistributing everything blind, but that's arguably more work than just using network statements.
|
|
#
?
May 18, 2016 03:20
|
|
|
1000101 posted:I also break my networks up into nice and easily summarized networks. This is pretty smart.
|
|
#
?
May 18, 2016 03:26
|
|
|
http://blogs.cisco.com/enterprise/ccna-routing-switching-certification-for-the-new-digital-landscape was studying for CCNA R/S and this came up in my feed. think i'm going to take the updated version instead.
|
|
#
?
May 18, 2016 15:06
|
|
|
Looks like I get a chance to head down to SJC-12 and work on some beta integration with our product and Cisco. That'll be fun, haven't been on Cisco's campus since they announced IPv6 to a room of network engineers who couldn't have cared less about it.
|
|
#
?
May 18, 2016 19:09
|
|
|
DigitalMocking posted:Looks like I get a chance to head down to SJC-12 and work on some beta integration with our product and Cisco. That'll be fun, haven't been on Cisco's campus since they announced IPv6 to a room of network engineers who couldn't have cared less about it. When was that, 1999 or something?
|
|
#
?
May 19, 2016 03:45
|
|
|
doomisland posted:When was that, 1999 or something? Yeah, right around there, height of the bubble madness, I was working at a startup in Palo Alto.
|
|
#
?
May 19, 2016 19:25
|
|
|
Our aging Barracuda web filter finally died. We were just going to replace it with a new one, but the company owner decided we needed to buy a Cisco product for reasons. So we bought an ASA-5506-X with FirePower. It was supposedly the lower-end "entry-level" product. We don't have a dedicated IT staff (75-person company). I have enough experience with Cisco stuff to know I don't have the expertise to manage their stuff properly. We were assured up and down that it was easy to manage, web interface yada yada. We can't get the thing working. The URL-based filtering doesn't work. We've opened numerous support requests with Cisco and none of the techs can actually get it working properly. There's a lot of "well it should be working lets upload the configuration so we can analyze it on our end" followed by lots of nothing. My short questions are: Is this typical for this product? Does anyone have any insight into this product line? Did we clearly buy something way more than we needed and are trying to shoehorn it into some role it's not meant for?
|
|
#
?
May 20, 2016 17:03
|
|
|
It should have come with ASDM, or if you register it you can download. AFAIK the web UI for actually managing the non-Firepower stuff hasn't made it to the lower-end boxes yet.
|
|
#
?
May 20, 2016 17:05
|
|
|
Veth posted:We don't have a dedicated IT staff (75-person company)  Do you have an MSP handling stuff, or?
|
|
#
?
May 20, 2016 18:03
|
|
|
Collateral Damage posted:
Nope, although it's probably only 40 actual users at most. Undoubtedly, we're way off the "Best Practices" path, but day-to-day the three of us who share the IT burden manage OK. Cisco stuff is way over our heads, unfortunately. It'd be a massively off-topic derail to enumerate the IT WTFs, to be honest. Let's just say that paranoia and "I know a guy who said we need..." heavily influence decision making here.
|
|
#
?
May 20, 2016 18:37
|
|
|
|
| # ? Apr 25, 2024 03:29 |
|
|
Veth posted:Our aging Barracuda web filter finally died. We were just going to replace it with a new one, but the company owner decided we needed to buy a Cisco product for reasons. So we bought an ASA-5506-X with FirePower. It was supposedly the lower-end "entry-level" product. Hire a consultant to come in and configure it. My experience is that firepower itself is pretty lame, but people seem to like it. It wasn't too hard to configure with my 5515-x. It's probably better than the old IPS/IDS modules but it's not the perfect solution I was hoping for. Good luck getting it working, if I were you I would've stuck with the barracuda.
|
|
#
?
May 20, 2016 18:39
|
|
