|
Looks like you saved money too not having any workers
|
# ? Oct 12, 2017 12:48 |
|
|
# ? Apr 19, 2024 07:29 |
|
There is someone at every chair you can see?
|
# ? Oct 12, 2017 13:24 |
|
Oh the black squares are people I thought those were lcd monitors that were off That'll teach me not to zoom in
|
# ? Oct 12, 2017 18:05 |
|
Watched a talk from Barefoot networks (https://barefootnetworks.com/) yesterday out of the NFV World Congress that just wrapped up. The short version: write your own forwarding plane in a high-level language, install it on a switch, it runs at line rate no matter how complicated the program is because it's based on the chip architecture. Then, all those tables (for example, mac tables, IP prefix tables, LFIB...anything you can imagine) and actions (change dstmac, pop vlan, push mpls labels - can be anything because it's defined by you) turn into protobuf declarations which can then be compiled into whatever language you want (Python, C++ at least, I think) and exposed to control-plane software. Holy guacamole. That right there is the next thing as long as they don't make P4 too esoteric.
|
# ? Oct 14, 2017 00:35 |
|
Does anyone have ASR9006s in production? Do they line up to the proper boundaries when you rack them?
|
# ? Oct 17, 2017 23:45 |
|
Yeah, just checked and the ones I have are precisely 10U.
|
# ? Oct 18, 2017 16:52 |
|
This is probably more a security question but it's still tangentially Cisco related: anyone here using Cisco Umbrella for DNS resolution? Is it actually any good beyond what it claims to do and can its efficacy be backed up in reporting? Edit: that's good to know cheers vvv Pile Of Garbage fucked around with this message at 15:36 on Oct 20, 2017 |
# ? Oct 20, 2017 15:00 |
|
They're pretty clear about not supporting IPv6 so I laughed at it and ignored the product.
|
# ? Oct 20, 2017 15:28 |
|
Eletriarnation posted:Yeah, just checked and the ones I have are precisely 10U. Mine are 10U, but they need to be one screw (1/2") off from the proper boundaries in order for the holes in the rails to line up.
|
# ? Oct 21, 2017 03:04 |
|
cheese-cube posted:This is probably more a security question but it's still tangentially Cisco related: anyone here using Cisco Umbrella for DNS resolution? Is it actually any good beyond what it claims to do and can its efficacy be backed up in reporting? I'm on an ipv4 environment so the ipv6 limitation doesn't bother me. Just signed up a few months ago, and yeah it's pretty effective. The filtering is very up to date on malware identification and hardly anything gets through.
|
# ? Oct 21, 2017 19:57 |
|
We're a Cisco Web Security customer and they're EOL'ing it and moving everyone to Umbrella.
|
# ? Oct 21, 2017 23:45 |
|
Judge Schnoopy posted:I'm on an ipv4 environment so the ipv6 limitation doesn't bother me. Just signed up a few months ago, and yeah it's pretty effective. The filtering is very up to date on malware identification and hardly anything gets through. Thanks for the feedback. Our customer's infosec lead acquired a trial subscription for Umbrella so I'll probably be reconfiguring our forwarders next week to try it out.
|
# ? Oct 22, 2017 11:59 |
|
So umbrella is just a renamed opendns?
|
# ? Oct 22, 2017 15:43 |
|
falz posted:So umbrella is just a renamed opendns? Yes.
|
# ? Oct 22, 2017 15:52 |
|
falz posted:So umbrella is just a renamed opendns? New dashboard, but functionally the same yes. We had an on-prem dns filter that was total garbage so umbrella was a huge upgrade. They're also fast and loose with license counts and our reseller said public devices were free, so I was able to roll in our public WiFi for nothing. It's seriously easy to configure compared to any other filter. Took 5 minutes.
|
# ? Oct 22, 2017 16:29 |
|
How can a DNS service not support IPv6? How would there be anything more to it than just "enable IPv6 on your servers, support AAAA records in your backend"?
|
# ? Oct 22, 2017 16:34 |
|
https://support.umbrella.com/hc/en-us/articles/230901268-Umbrella-Roaming-Client-IPv6-Support TL;DR is that if you use the roaming client and your devices join a dual-stack network, then it breaks it.
|
# ? Oct 22, 2017 17:11 |
|
Judge Schnoopy posted:New dashboard, but functionally the same yes. We had an on-prem dns filter that was total garbage so umbrella was a huge upgrade. They're also fast and loose with license counts and our reseller said public devices were free, so I was able to roll in our public WiFi for nothing. BRB changing my local client DNS servers to circumvent. Yeah ok so you could firewall off other DNS servers I guess but that sounds like it would break a bunch of poo poo.
|
# ? Oct 22, 2017 17:23 |
|
falz posted:BRB changing my local client DNS servers to circumvent. DNS is one of the easiest things to block. But more likely it just intercepts DNS requests so unless you are resolving through an IPSEC tunnel or something, the response you get back from any request will be from the Umbrella DNS resolver.
|
# ? Oct 22, 2017 19:09 |
|
The website says it's cloud security so I presume there's no on prem anything, so you have to force client DNS to get there somehow. I would guess that a large number of their Enterprise customers forget that step, dunno.
|
# ? Oct 22, 2017 19:51 |
|
You can have an on prem appliance to do AD integration, but it's basically using Umbrella's DNS servers instead of your ISPs, or Googles, or whatever DNS servers you're forwarding to.
|
# ? Oct 22, 2017 19:59 |
|
ate poo poo on live tv posted:DNS is one of the easiest things to block. But more likely it just intercepts DNS requests so unless you are resolving through an IPSEC tunnel or something, the response you get back from any request will be from the Umbrella DNS resolver. Yeah our ASA redirects dns to the DNS servers, which hits umbrella. I tested manual dns resolution and umbrella caught it all. Point is, my users aren't trying to circumvent it anyway. They just don't want to go to a site and get that full page Microsoft support spam that yells at you through the speakers. Our old filter let that poo poo thought all the time, not even once on umbrella.
|
# ? Oct 23, 2017 00:32 |
|
Judge Schnoopy posted:Yeah our ASA redirects dns to the DNS servers, which hits umbrella. I tested manual dns resolution and umbrella caught it all. Do you put the Umbrella client on laptops? We have like 60 remote users who are morons. Today we use the CWS agent.
|
# ? Oct 23, 2017 04:58 |
|
Just because I've run into this with two customers now, Cisco SpeakerTrack will detect the faces in the portraits and pictures you have hanging on the wall in your conference/meeting/board room, and politely include them in all of the automatic framing/zooming it does with the cameras.
|
# ? Oct 27, 2017 15:19 |
|
n0tqu1tesane posted:Just because I've run into this with two customers now, Cisco SpeakerTrack will detect the faces in the portraits and pictures you have hanging on the wall in your conference/meeting/board room, and politely include them in all of the automatic framing/zooming it does with the cameras. Reminds me of https://www.youtube.com/watch?v=t4DT3tQqgRM
|
# ? Oct 27, 2017 18:51 |
|
n0tqu1tesane posted:Just because I've run into this with two customers now, Cisco SpeakerTrack will detect the faces in the portraits and pictures you have hanging on the wall in your conference/meeting/board room, and politely include them in all of the automatic framing/zooming it does with the cameras. Yes this is the built in trolling feature Add pictures of dear leader to the conference room
|
# ? Oct 28, 2017 01:36 |
|
Looks like we're not idiots. Cisco is sending us new rails.
|
# ? Oct 30, 2017 00:38 |
|
Oh joy, another DDoS. 21Gig UDP, 173M bps, only 15K unique IPs though. e: I think those last numbers are off by an order of magnitude. ate shit on live tv fucked around with this message at 22:08 on Oct 30, 2017 |
# ? Oct 30, 2017 18:14 |
|
Does anyone have reading recommendations for getting up to speed on LTE/EPC environments?
|
# ? Oct 30, 2017 22:05 |
|
Trying to wrap my head around cucm licensing is a clusterfark. We use extension mobility almost exclusively. Owner IDs are set to anonymous on phones, since anyone can log into any phone (and whoever the ownerid gets set to would be able to control the phone from the user portal). We also have a shitload of CUWL Standards for who knows what reason, but everything seems to be borrowing from that pool to use Enhanced and Essential licenses. Should I just get Enhanced & Essential licenses for the future? Or stick with CUWL? Wonder if anyone else has run into this.
|
# ? Nov 9, 2017 17:31 |
|
I'm not sure I'm reading your post right, but check this licensing guide that should be right unless they changed their mind today. https://www.cisco.com/c/dam/en/us/p...g_aag_v5a_1.pdf https://www.cisco.com/c/en/us/products/unified-communications/unified-communications-licensing/index.html Of course this can be different based on your CUCM version, etc.
|
# ? Nov 9, 2017 18:03 |
|
Have any of you ever deployed multi-datacenter ASA clustering, does it..work? One of my friends works in a fairly complex healthcare environment and he was looking for a solution that clustering + zoning solves, however I have not hosed with a multi-datacenter deployment. I would probably just try to solve the underlying problem that requires such an elaborate solution, but we're not their integrator so ¯\_(ツ)_/¯
|
# ? Nov 9, 2017 19:51 |
|
I have something that's perplexing me. I am trying to use tunnels that exist on the "internal" default vrf as my site-to-site link for multi-site BGP that live on my two public VRFs - ISP100, and ISP200. I'm trying to preserve IP space as i have about 18 sites that if I needed two public sets of IPs for my internal tunnel network, it would consume 64 of my c block of addresses. Pictures are worth 1000 words so: The left side is up and running well. The traffic is spread across both and I'm moving data efficiently, but I'm trying to add in the right side so that it links up and if someone reaches the left side bound for 9.9.9.9, they ride the tunnels. The tunnels are DMVPN and multi-site connections are working but linking the VRFs are just throwing my brain for a loop. Obviously numbers have been changed to protect the ignorant. I don't think I want to 'leak' the private routes into the public side... do I?
|
# ? Nov 9, 2017 23:10 |
|
KennyG posted:I have something that's perplexing me. I am trying to use tunnels that exist on the "internal" default vrf as my site-to-site link for multi-site BGP that live on my two public VRFs - ISP100, and ISP200. I'm assuming 9.9.9.9 is in the default vrf, you didn't explicitly state. Is the source of the traffic in the defualt vrf or one of the ISP vrfs? If the former, the route should be in your dynamic routing table. If the latter, you need to leak it.
|
# ? Nov 10, 2017 15:51 |
|
Thinking about this, I think this is my issue. I need to leak that 9.9.9.9 route across the vrfs. Thanks. The 9.9.9.9 should exist across all of them.
|
# ? Nov 10, 2017 16:11 |
|
mythicknight posted:Trying to wrap my head around cucm licensing is a clusterfark. What release are you running? IIRC there was a place you could be at where you could be you'd be eating up a license for the device anonymous (which is correct) and the device profile But that shouldn't be the case any longer
|
# ? Nov 10, 2017 18:12 |
|
I recently got on-site to one of my employer’s data closets to find a spaghetti mess of copper and fiber, and I think I’ll be spending the weekend trying to tame this crap. Can anyone recommend a resource (videos? books?) that teach how to properly loom 2-post racks to make the results not-terrible? I freely admit I’m not a data center guy, I haven’t done pulls and don’t have the experience to do much more than velcro wraps and basic cosmetics. I was curious if there are any special tricks to hiding the slack and so forth, such that future coworkers won’t curse my name as I’m doing for whomever did this total pasta-job.
|
# ? Nov 11, 2017 20:01 |
|
Dalrain posted:I recently got on-site to one of my employer’s data closets to find a spaghetti mess of copper and fiber, and I think I’ll be spending the weekend trying to tame this crap. Can anyone recommend a resource (videos? books?) that teach how to properly loom 2-post racks to make the results not-terrible? If you haven’t done it before I would highly recommend not doing it by yourself. Get someone who knows how to do cable and fiber runs or you may Be in for some pain.
|
# ? Nov 11, 2017 20:18 |
|
Bigass Moth posted:If you haven’t done it before I would highly recommend not doing it by yourself. Get someone who knows how to do cable and fiber runs or you may Be in for some pain. I'll second this; the money you spend on a knowledgeable person is not that high and you'll easily make it back in reduced total man hours.
|
# ? Nov 11, 2017 20:22 |
|
|
# ? Apr 19, 2024 07:29 |
|
Darn, that’s not what I was hoping to hear. I guess since I’m an “individual contributor” with no influence or budget, I may just be up a creek on it. Oh well, at least I have my roll of velcro.
|
# ? Nov 11, 2017 20:34 |