|
Elem7 posted:I have what seems like a dumb question but no one I've asked in person seems to know the answer and nothing obvious came up Googling it. At what point does Cisco actually stop releasing updated firmware versions for a switch? Here's Cisco's policy on end of support. Check out number 4. https://www.cisco.com/c/en/us/products/eos-eol-policy.html
|
#
?
Dec 5, 2017 15:30
|
|
|
|
| # ? Apr 20, 2024 01:30 |
|
|
Thanks Ants posted:SRXs are pretty inexpensive so you must be close to saving no money once your time has been accounted for. On the plus side, that group was so blatantly incompetent they don't have responsibility for our branch offices anymore, on the down side, my group is now responsible for branch offices :/
|
|
#
?
Dec 5, 2017 17:34
|
|
|
Does anybody know if the HP switches (Aruba 2920) that use SFF-8644 connectors on their stacking cables would work with SAS cables that use the SFF-8644 connectors? I have the proper cables on order but we have cables with the same connectors on in stock. I would just try it and see but if it blows the stacking module out I will make myself unpopular.
|
|
#
?
Dec 6, 2017 00:12
|
|
|
Sepist posted:Here's Cisco's policy on end of support. Check out number 4. I did find and read that policy already and it really doesn't answer the question, unless of course the answer really is something along the lines of "Cisco releases new compatible software for old switches even after their own policies say they shouldn't be because it's low effort on their part to do so" with the implication they could stop whenever they please. Seems like depending on who I ask I get a shrug or a reference back to their policy even when going to our VAR. Thanks anyways, I think that's as much as answer as I'll get.
|
|
#
?
Dec 6, 2017 02:42
|
|
|
I'm kind of curious, can you give specific examples? I'm a lot more familiar with the more modular router platforms where the base system may be supported for a decade or more, but I'm wondering if there might be other models than the ones you describe which run the same or very similar images and are earlier in their life cycles.
|
|
#
?
Dec 6, 2017 06:30
|
|
|
Cisco does have a problem with not announcing software EoL consistently on platforms where there are multiple "supported" versions - but with bug fixes going generally to later releases. Sometimes they do but not always. Also depending on the customer and the defect severity sometimes they will post minor update releases but their policy more or less says they are not obligated to do so. Sometimes upgrading is still a bad thing if you land in new bugs or loose features or something. Or if it breaks the equipment. But the old school of "only upgrade when you really have to if it works fine now" is pretty much no longer good practice.
|
|
#
?
Dec 6, 2017 12:49
|
|
|
Cisco software isn't good enough to have safe harbours anymore. Every version fixes two bugs, and adds two more.
|
|
#
?
Dec 6, 2017 22:08
|
|
|
abigserve posted:Cisco software isn't good enough to have safe harbours anymore. Every version fixes two bugs, and adds two more. Extended support trains are pretty good once you get to release 4, that gives you a year or two before you need to look at going to the next extended support.
|
|
#
?
Dec 7, 2017 04:29
|
|
|
Does anyone know what the gently caress is going on with Vyatta these days? I went to download the latest OS image from Brocade (we have support) as I usually do, but it's gone and the product is labeled End-of-support and End-of-engineering. Nothing is available to download. Apparently the IP was sold to AT&T this summer, but I can't find any way to get anything Vyatta-related from them yet. Is it just in limbo now?
|
|
#
?
Dec 7, 2017 18:25
|
|
|
It's AT&T so they probably have a plan for supporting existing customers that looks a lot like "lol go gently caress yourself".
|
|
#
?
Dec 7, 2017 18:55
|
|
|
Thanks Ants posted:It's AT&T so they probably have a plan for supporting existing customers that looks a lot like "lol go gently caress yourself". This is more or less my expectation, yes
|
|
#
?
Dec 7, 2017 18:59
|
|
|
Docjowles posted:Does anyone know what the gently caress is going on with Vyatta these days? I went to download the latest OS image from Brocade (we have support) as I usually do, but it's gone and the product is labeled End-of-support and End-of-engineering. Nothing is available to download. Apparently the IP was sold to AT&T this summer, but I can't find any way to get anything Vyatta-related from them yet. Is it just in limbo now? Thanks Ants posted:It's AT&T so they probably have a plan for supporting existing customers that looks a lot like "lol go gently caress yourself". Brocade got acquired by Broadcomm who split up the company and sold off the pieces. AT&T bought Vyatta (IP and team) as part of their internal efforts to build out their SDN offerings. IE "Brocade vRouter" is going dark for internal use by AT&T. Perhaps a handful of Brocade's biggest customers w/ shared customer relationships with AT&T got some sweetheart insider contracts but that's pure speculation. Everyone else is simply getting dumped. AT&T has no plans to offer licensing or support for Vyatta. Your next closest option is going to be VyOS, or perhaps the Ubiquiti Edgerouter Infinity.
|
|
#
?
Dec 7, 2017 19:42
|
|
|
Better yet, take the money you've been paying to Brocade and support the VyOS project with paid support. https://vyos.io/professional-services/
|
|
#
?
Dec 7, 2017 20:02
|
|
|
If you have a support contract then surely somebody has an obligation to continue to support the product, or credit you back for the term that you can't use? Or is this a "yeah try suing AT&T if you want" moment?
|
|
#
?
Dec 7, 2017 20:23
|
|
|
I just set up VyOS on a VM in my home lab to handle all the network traffic for both my lab and general household use. I was pretty impressed with how easy it was and totally think that it would be worth considering an enterprise support contract if it fits your needs. Depending on how quickly you need to update you might want to wait until 1.2 which I believe will change the routing daemon being used away from quagga or whatever it was that vyatta used.
|
|
#
?
Dec 7, 2017 22:45
|
|
|
Does anybody know anything about Netgate's SCLR / TNSR products? They've put two more or less empty PDFs on their website, there's no press releases and nothing on YouTube/blogs etc. that I can see. Looks like pfSense is growing up but that's purely a guess.
|
|
#
?
Dec 7, 2017 22:56
|
|
|
Thanks Ants posted:Does anybody know anything about Netgate's SCLR / TNSR products? They've put two more or less empty PDFs on their website, there's no press releases and nothing on YouTube/blogs etc. that I can see. Looks like pfSense is growing up but that's purely a guess. It's related to the project that's been referred to as "pfSense 3.0" by the Netgate staff. It's apparently based on Linux and DPDK for extremely high speed routing.
|
|
#
?
Dec 7, 2017 23:33
|
|
|
Would you say it's worth keeping an eye on?
|
|
#
?
Dec 7, 2017 23:58
|
|
|
96 Port Hub posted:I just set up VyOS on a VM in my home lab to handle all the network traffic for both my lab and general household use. I was pretty impressed with how easy it was and totally think that it would be worth considering an enterprise support contract if it fits your needs. Depending on how quickly you need to update you might want to wait until 1.2 which I believe will change the routing daemon being used away from quagga or whatever it was that vyatta used.
|
|
#
?
Dec 8, 2017 01:21
|
|
|
adorai posted:Basically my entire organizations network is built on VyOS. Using free, VM based routing has made DR planning (for IT systems) a breeze. We were also using VyOS in prod up until the middle of this year when I built a homegrown solution based on FRR. Easier to build into our configuration management and automation pipeline as well. For reference we're doing about 20Gbps of internet traffic.
|
|
#
?
Dec 8, 2017 01:45
|
|
|
pctD posted:We were also using VyOS in prod up until the middle of this year when I built a homegrown solution based on FRR. Easier to build into our configuration management and automation pipeline as well. For reference we're doing about 20Gbps of internet traffic.
|
|
#
?
Dec 8, 2017 02:48
|
|
|
Thanks Ants posted:If you have a support contract then surely somebody has an obligation to continue to support the product, or credit you back for the term that you can't use? Or is this a "yeah try suing AT&T if you want" moment? They waited out pretty much everyone's support terms and/or did not renew contracts before the sale 96 Port Hub posted:I just set up VyOS on a VM in my home lab to handle all the network traffic for both my lab and general household use. I was pretty impressed with how easy it was and totally think that it would be worth considering an enterprise support contract if it fits your needs. Depending on how quickly you need to update you might want to wait until 1.2 which I believe will change the routing daemon being used away from quagga or whatever it was that vyatta used. Vyatta 5 used Quagga, Vyatta 6.x moved over to ZebOS VyOS uses Quagga EdgeOS uses ZebOS. CrazyLittle fucked around with this message at 03:00 on Dec 8, 2017 |
|
#
?
Dec 8, 2017 02:51
|
|
|
CrazyLittle posted:They waited out pretty much everyone's support terms and/or did not renew contracts before the sale Yeah, I remember reading somewhere that VyOS was trying to move away from it but I can't find it from my phone right now. I haven't been able to really push VyOS much, I can certainly saturate all my links but I only have 1GBs on my home network. What was your hardware like when you couldn't push it above 8? What was your hardware like at 20?
|
|
#
?
Dec 8, 2017 03:35
|
|
|
Thanks Ants posted:Would you say it's worth keeping an eye on? I don't play at the levels that at least TNSR seems to be designed for, so I'm not the best judge, but I've been following the work from just a personal curiosity level and it seems like they're going big with this stuff. If you have a need for software-controlled routing at >10G speeds you'll probably find it interesting. Where SCLR fits in is less clear to me at the moment. The other day Jim Thompson (co-owner of Netgate) gave a presentation about "The future of pfSense" at a conference for one of the high speed data libraries they're building on. The video hasn't been released as of the last time I looked but I assume it has relevant information.
|
|
#
?
Dec 8, 2017 04:03
|
|
|
SD-WAN chat, though I think it was probably from the other thread. How are people utilising it when they also want IPv6? Does it just involve a lot of NAT or is there a cleverer way to handle this? Or are they getting an allocation from ARIN/RIPE/whatever and multihoming?
|
|
#
?
Dec 8, 2017 08:45
|
|
|
96 Port Hub posted:What was your hardware like when you couldn't push it above 8?
|
|
#
?
Dec 9, 2017 01:58
|
|
|
Can I stack a SG350X switch and a SG350XG switch?
|
|
#
?
Dec 11, 2017 02:18
|
|
|
wolrah posted:I don't play at the levels that at least TNSR seems to be designed for, so I'm not the best judge, but I've been following the work from just a personal curiosity level and it seems like they're going big with this stuff. If you have a need for software-controlled routing at >10G speeds you'll probably find it interesting. Where SCLR fits in is less clear to me at the moment. I think largely you'll find that the more open-source x86-based architecture routers will eventually be replaced by SDN solutions but it's a way off. There are companies out there that are building highly-programmable network processors that are designed to manipulated off-box via a standard interface, which should solve the same use cases while being able to forward traffic in the tbps.
|
|
#
?
Dec 11, 2017 03:19
|
|
|
anthonypants posted:Can I stack a SG350X switch and a SG350XG switch? I checked the data sheet and this line seems to imply so: quote:With 10G copper ports on SG350XG switches, you can easily and cost-effectively enable 10G connections to servers and network storage devices with standard RJ45 Ethernet cable. You can also connect your SG350X access switches to the SG350XG aggregation with 10G SFP+ fiber connections, building a high-performance backbone to speed up the overall operation of your network. At first I was a bit confused because the stacking I'm more familiar with is the old Catalyst 2/3/4k kind with rear stack cables, but as far as I can tell these use the normal 10G ports. Eletriarnation fucked around with this message at 04:11 on Dec 11, 2017 |
|
#
?
Dec 11, 2017 04:03
|
|
|
Eletriarnation posted:I checked the data sheet and this line seems to imply so: quote:Any port of the switch can be used for stacking. The switch can only be stacked with the Cisco 350 series switches without Mesh topology.
|
|
#
?
Dec 11, 2017 04:24
|
|
|
anthonypants posted:Can I stack a SG350X switch and a SG350XG switch? You can for sure, a client of ours has pre-existing stack of 2 or 4 that are 50/50 of these.
|
|
#
?
Dec 11, 2017 07:01
|
|
|
abigserve posted:I think largely you'll find that the more open-source x86-based architecture routers will eventually be replaced by SDN solutions but it's a way off. There are companies out there that are building highly-programmable network processors that are designed to manipulated off-box via a standard interface, which should solve the same use cases while being able to forward traffic in the tbps. Last I spoke with the Fastly folks they're getting 3Tbps in 3 racks at 60kVA. Netflix is doing even better since their content is more static.
|
|
#
?
Dec 11, 2017 15:39
|
|
|
This is probably fine, right? https://bgpmon.net/popular-destinations-rerouted-to-russia/ ¯\_(ツ)_/¯
|
|
#
?
Dec 13, 2017 10:42
|
|
|
Ha. Way to go Russia.
|
|
#
?
Dec 13, 2017 15:48
|
|
|
Have there been any advancements in load-balancing specifically SSL Termination/Offload? Currently we do around a million connections per/second (not unique connections, as most clients will trigger multiple connections) and around 70-80% of those connections are https. Our loadbalancers are in Direct Return mode as there is no way that I know of without paying $TEXAS money handle all of those connections. Or at least that was the case 5 years ago. As a result we are doing all SSL termination on the servers themselves. Our webservers are running tomcat/nginix and can typically handle around 8,000 cps for http, and around 3,500cps for https Since we have somewhere around 400 webservers and we are projected to grow another 30-40% this year if there were a way to not not have to terminate SSL on the servers themselves that would save us from having to purchase another 100-200 servers, which is a huge amount of money saved. We've looked into f5 and they claim they can do around 400k SSL cps with their BIG-IP i5800, but I feel that is too low for our peak traffic and I'm afraid of what will happen if we exceed the LBs. What are other people doing for large amounts of SSL traffic?
|
|
#
?
Dec 27, 2017 16:47
|
|
|
F5s are a horrible capital step function. Distributed nginx or apache is the way to go. There is some religion surrounding event driven vs. kernel interrupt.
|
|
#
?
Dec 27, 2017 17:11
|
|
|
ate poo poo on live tv posted:Have there been any advancements in load-balancing specifically SSL Termination/Offload? I can tell you from experience that what happens when you exceed your configured maximum SSL TPS on an F5 (afaik the max value an F5 will take is a license thing and a hardware thing) is that the connections just start getting dropped. It does tell you it’s doing it in the logs at least.
|
|
#
?
Dec 27, 2017 18:23
|
|
|
tortilla_chip posted:F5s are a horrible capital step function. Distributed nginx or apache is the way to go. There is some religion surrounding event driven vs. kernel interrupt. What do you mean by "distributed nginx," Is this an architecture thing, or a product like nginx amplify? I'm not super familiar with what that would look like, on either an application or network level. Any white papers or anything you can link?
|
|
#
?
Dec 27, 2017 19:11
|
|
|
https://www.youtube.com/watch?v=TLbzvbfWmfY This presentation is a pretty decent starting point. E: https://www.youtube.com/watch?v=zrSvoQz1GOs&t=1486s and here's a bit of the religious debate. tortilla_chip fucked around with this message at 20:58 on Dec 27, 2017 |
|
#
?
Dec 27, 2017 20:39
|
|
|
|
| # ? Apr 20, 2024 01:30 |
|
|
ate poo poo on live tv posted:Have there been any advancements in load-balancing specifically SSL Termination/Offload? Single F5's are not good at SSL TPS, even with their accelerator cards. You'd ideally want to distribute traffic regionally to maximize any sort of SSL TPS. Whether that's multiple regions with F5's or nginx. No single point is going to scale well with SSL TPS. e: Alternately use a CDN to handle the brunt of SSL and then pipeline the traffic from the CDN to your load balancer to minimize SSL TPS on that. Prescription Combs fucked around with this message at 22:02 on Dec 27, 2017 |
|
#
?
Dec 27, 2017 21:57
|
|