|
I'm taking a programmatic config course, and Cisco mentions both NETCONF and RESTCONF, is there more market acceptance or desirability between the two? Edit: I guess the REST portions are just a subset of NC functions, so it's just a choice on how to access the device. I'm just not educated enough to understand why you would want to use the web interface vs SSH or vice versa. Dalrain fucked around with this message at 23:10 on Jan 3, 2019 |
#
?
Jan 3, 2019 22:09
|
|
|
|
| # ? Apr 25, 2024 10:27 |
|
|
Dalrain posted:I'm taking a programmatic config course, and Cisco mentions both NETCONF and RESTCONF, is there more market acceptance or desirability between the two? If the device has a (REST) API you can access it over https, i.e. Arista devices, if the device doesn't have an API, say most Junos/Cisco devices, you'll use NETCONF via ssh.
|
|
#
?
Jan 4, 2019 19:23
|
|
|
Fortinet devices have a REST API apparently however you need to pay for a subscription to their developer program to get the doco 
|
|
#
?
Jan 5, 2019 15:21
|
|
|
I’m a bit worried about the future of collaboration. Most companies have switched to VoIP systems long ago, so new installs are uncommon. There are only so many upgrades and refreshes in the world. What do I need to learn in terms of technology to someday work at a provider? Is it more routing and hardware and less voice coded work? What protocols do they typically use? I have heard from a friend at one of the big providers that IS-IS is common.
|
|
#
?
Jan 5, 2019 15:45
|
|
|
Pile Of Garbage posted:Fortinet devices have a REST API apparently however you need to pay for a subscription to their developer program to get the doco I've seen quite a few decent integrations with Fortinet devices and various OSS/BSS systems over the years so while it does sound a bit annoying I'm guessing the support you get with it is probably quite good. We have a few integrations in production and it works great and allows lower level staff to apply basic firewalling, application filtering etc to a customer service. I wasn't involved in their development though.
|
|
#
?
Jan 7, 2019 05:11
|
|
|
Bigass Moth posted:I’m a bit worried about the future of collaboration. Most companies have switched to VoIP systems long ago, so new installs are uncommon. There are only so many upgrades and refreshes in the world. What do I need to learn in terms of technology to someday work at a provider? Is it more routing and hardware and less voice coded work? What protocols do they typically use? I have heard from a friend at one of the big providers that IS-IS is common. Why do you want to work at a provider specifically? Yes providers will run IS-IS on the voice network, I've never seen an enterprise copy that design.
|
|
#
?
Jan 7, 2019 12:40
|
|
|
I’m just keeping my options open. I’m in an area where one of the big providers has a large presence, so they could be a potential employer if I ever move on.
|
|
#
?
Jan 7, 2019 13:03
|
|
|
I am definitely not a licensing hardware guy so please forgive my ignorance. Is the only difference between DNA Essentials and Advantage is that I can make a device a layer 3 switch? Besides some like obscure inventory benefits for whatever DNA is? I feel like I'm missing something major, and also feel like Cisco is jumping in full steam ahead to the byzantine world of Microsoft licensing.
|
|
#
?
Jan 7, 2019 20:49
|
|
|
Collaboration is becoming a service and an app rapidly. Design and application of those pieces, integration into other services , API and reporting work, etc will be probably the way to go to stay on the top edge of it. There will always be people to spec, design, implement etc. Personally I’ve been diving into the various Cisco APIs , looking at integration and automation opportunities . Been spending time in the instructional design realm looking at tech application. SP services are a different world but things are changing for sure.
|
|
#
?
Jan 7, 2019 23:02
|
|
|
BaseballPCHiker posted:I am definitely not a licensing hardware guy so please forgive my ignorance. Is the only difference between DNA Essentials and Advantage is that I can make a device a layer 3 switch? Both can do dynamic and static routing. There might be some features missing from Essentials for EIGRP for example but I couldn't tell you what they are. If you were doing full MPLS you'd need Advantage for certain though. We didn't like this DNA garbage and bought the perpetual NX-OS Essentials 'old style' license for our 9300 switches. I've set up VRF Lite on them with EIGRP and OSPF so I know it works. It took us way longer that it should have to get our heads around this DNA nonsense but the takeaway is, unless you have basically nothing and you're starting from scratch - I mean no Wireless and no ISE mainly - it's not worth being on the hook forever. If you've already got an ISE deployment with xxxx amount of base licenses and wireless controllers with licenses it's just not worth it. I suppose if you were doing a refresh you could consider it but even then you're going to be on the hook for a lot of revenue every 3 or 5 or 7 years because even if you stop paying the DNA Essentials for example, your switches keep Essentials features perpetually but you lose all the SDN access and you lose your wireless and ISE licenses. Your licensing costs will go through the roof and you still have to pay up front for the hardware as well. The backend appliance for their new management software for the Catalyst switches is like £20k on it's own.
|
|
#
?
Jan 8, 2019 00:58
|
|
|
Is there a way to change the throughput of a BDI interface on a ASR 920? I have a BDI on a 2x10Gbps portchannel, but every BDI interface only appears as a 1Gbps interface and traffic stats confirm that max throughput is 1Gbps.code:Filthy Lucre fucked around with this message at 23:50 on Jan 10, 2019 |
|
#
?
Jan 10, 2019 21:51
|
|
|
Any recommendations for getting through, studying for, and completing the CCENT? My manager and I agreed it's time to have me start in on this, have yet to get the confirmation from our HR/Business people, but rest assured it's a happening thing. Currently I am a Tier 2 Voice/Data Network Admin, so we do lots of troubleshooting, interface configurations, equipment installation help with our Field Engineers and things along those lines. I've been in this position for 8 months now, but I am certain there will be a considerable amount of raw technical information that ultimately hasn't been part of my practical experience. Just looking for resources, suggestions, and things to consider about all this. Not super worried about being able to comprehend this all, but I do want to make the best of it.
|
|
#
?
Jan 12, 2019 16:49
|
|
|
Lord Rupert posted:Any recommendations for getting through, studying for, and completing the CCENT? My manager and I agreed it's time to have me start in on this, have yet to get the confirmation from our HR/Business people, but rest assured it's a happening thing. Currently I am a Tier 2 Voice/Data Network Admin, so we do lots of troubleshooting, interface configurations, equipment installation help with our Field Engineers and things along those lines. Are you planning on going for the CCNA R&S afterwards? I found Wendell Odom's books very helpful for learning the material, and the practice exams at Boson very closely mimic the actual exam. If it's a work-driven request, see if you can get some time and spare equipment to lab out the materials you learn about. e. Wait, this isn't the cert thread. Go here Actuarial Fables fucked around with this message at 18:21 on Jan 12, 2019 |
|
#
?
Jan 12, 2019 18:15
|
|
|
Actuarial Fables posted:Are you planning on going for the CCNA R&S afterwards? Rad, I'll go bug the fine folks over there! Ideally I would finish it up and get the other part of the CCNA afterwards, as this is driven by management but I am way more than on board with it. We'll likely have some Network Engineer openings once we get through our NGN Upgrade, as we have some real old-timers currently seeing that through.
|
|
#
?
Jan 12, 2019 22:46
|
|
|
Anybody had a chance to work with the ISR 900-series?
|
|
#
?
Jan 25, 2019 12:54
|
|
|
We have a bunch of isr920s we use as 10g cpe w/ l3 routing. They're fine, although the licensing is annoying and enforced. Bug reports on newer IOS versions are pretty hilarious too.
|
|
#
?
Jan 25, 2019 13:37
|
|
|
Isr 900 series doesn't have a 10g port. Do you mean asr920?
|
|
#
?
Jan 25, 2019 16:53
|
|
|
Apex Rogers posted:Isr 900 series doesn't have a 10g port. Do you mean asr920? Ack yep those. I'll go back to Juniper land now, which is the normal home base.
|
|
#
?
Jan 26, 2019 00:55
|
|
|
FYI, the NCS4200s are a dumpster fire. Bad enough to get us moved to CAP with 3 units installed. I miss the 15454s more every day.
|
|
#
?
Jan 26, 2019 03:09
|
|
|
FatCow posted:FYI, the NCS4200s are a dumpster fire. Bad enough to get us moved to CAP with 3 units installed. This doesn't surprise me in the slightest. Cisco has really gone down the toilet.
|
|
#
?
Jan 26, 2019 09:30
|
|
|
So this may be, I dunno, orthogonal to the thread or whatever: but why are community colleges cutting the number of Cisco classes they require (from 4 to 2 generally, meaning the graduates are only doing the first half of the CCNA R&S). I’ve noticed this over the course of the last five years. Is this just a result of more stuff getting put into the  ?
|
|
#
?
Jan 26, 2019 13:01
|
|
|
Schadenboner posted:So this may be, I dunno, orthogonal to the thread or whatever: but why are community colleges cutting the number of Cisco classes they require (from 4 to 2 generally, meaning the graduates are only doing the first half of the CCNA R&S). I’ve noticed this over the course of the last five years. Is this just a result of more stuff getting put into the  -EATING MILLENNIALS ARE KILLING CISCOAnd it’s illegal
|
|
#
?
Jan 26, 2019 13:37
|
|
|
Schadenboner posted:So this may be, I dunno, orthogonal to the thread or whatever: but why are community colleges cutting the number of Cisco classes they require (from 4 to 2 generally, meaning the graduates are only doing the first half of the CCNA R&S). I’ve noticed this over the course of the last five years. Is this just a result of more stuff getting put into the Not the case here, up to CCNP is offered.
|
|
#
?
Jan 26, 2019 18:54
|
|
|
Woof Blitzer posted:Not the case here, up to CCNP is offered. Around here (Metro-Milwaukee/South-Eastern Wisconsin) the Networking AASes previously required 4 semesters of Cisco, they all seem to be down to two now. A lot of them still offer all four (although now that they're not required I'd imagine that enrollment is down) but they don't require it. I don't think I've seen the CCNP offered at the CC level, where are you?
|
|
#
?
Jan 26, 2019 19:13
|
|
|
We do CCNP stuff at community colleges in NC, back when I did it it used to be part of an optional track of the Networking AAS; if you followed 'standard' path you'd just do the CCNA stuff and shore it up with I guess Windows/Linux sysadmin courses or whatever.
|
|
#
?
Jan 26, 2019 19:55
|
|
|
Schadenboner posted:Around here (Metro-Milwaukee/South-Eastern Wisconsin) the Networking AASes previously required 4 semesters of Cisco, they all seem to be down to two now. St. Louis
|
|
#
?
Jan 26, 2019 20:14
|
|
|
Sheep posted:We do CCNP stuff at community colleges in NC, back when I did it it used to be part of an optional track of the Networking AAS; if you followed 'standard' path you'd just do the CCNA stuff and shore it up with I guess Windows/Linux sysadmin courses or whatever. Woof Blitzer posted:St. Louis Wisconsin officially complete poo poo at community colleging?!? 
|
|
#
?
Jan 26, 2019 20:34
|
|
|
So I'm a huge dipshit If I don't want whether a route is originating from within the same ASN or not to be a deciding factor in whether or not to use it, can I just change the AD of iBGP to be 20, the same as eBGP without loving everything up? this is irrelevant Basically, what I've got is this where the best carrier to go over is dependent on which device you're talking to which I don't really like. Here you can see in the first output we're preferring the route with the giant metric of 178100 , even though there is a 0 metric possibility, because the seemingly worse option is originated over eBGP code:code:quote:7) Prefer eBGP over iBGP paths. code:Nope there isn't. uh now what. I'd really rather not throw more Source IP routing at this Methanar fucked around with this message at 06:15 on Feb 2, 2019 |
|
#
?
Feb 2, 2019 04:23
|
|
|
Separate questionscode:Kind of unfortunate that ones part of the path selection process. I can probably overwrite that attribute as I receive the routes, but ehh. Is there really not a safer way of playing with the internet than blindly setting AS-path prepending or similar and then watching your links and hoping you don't send 11g over a 10g connection? What about when I start setting policy-based routing statements, do I really just yolo it and hope I do it right on the first try? I'm not really sure how you build a test environment for The Internet. Like okay I just read about all this so I understand. I could overwrite the origin attribute on all advertisements received through cogent by doing this. code:code:Is it just a normal and fine thing for most people for different BGP speaking routers to have different world views if they make it past the first 7 steps of bgp path selection? Methanar fucked around with this message at 05:40 on Feb 2, 2019 |
|
#
?
Feb 2, 2019 04:25
|
|
|
Methanar posted:words of problem 1 Obviously I don't know what your topology looks like but this should not be a major issue as you can still control the outgoing traffic using the regular bgp mechanisms within your AS, as obviously once you get off the border routers it's all iBGP internally and admin distance no longer plays a part in path selection. The only case where this would be a problem is if your networks are all routed off your border routers, in which case the solution is the one you already mentioned in which you have to use the same administrative distance for iBGP and eBGP - this eliminates the ability to use MED for path selection however, so you need to either configure localpref in your network or work with your providers to setup some shared community strings. Methanar posted:Separate questions The most accepted and well supported method of managing active/active connection incoming traffic via BGP is as-path prepending, yes. It sounds like you have a fairly standard problem of trying to balance your traffic from your networks out via a variety of peers - by using as-path prepending, you can influence the inbound traffic and localpref you should be able to influence the outgoing traffic and everything will remain deterministic and pretty much set in stone (unless one of your ISP's clears as-path or something). Not sure why you would need PBR...
|
|
#
?
Feb 2, 2019 06:57
|
|
|
When you accept the routes, you can use communities or as-path "* 174" and then set a local-preference to ensure that say, routes originated by Cogent take the Cogent route, and everything else takes the HE. Assuming I understand your problem correctly.
|
|
#
?
Feb 2, 2019 16:57
|
|
|
At Seattle Central they used to require three CCNA classes for an AS and an additional three CCNP classes as part of the BAS track but they recently dropped the CCNP in favor of more cloud type stuff. We worked on things like open daylight and NSX in the last one that I took.
|
|
#
?
Feb 2, 2019 18:59
|
|
|
Methanar posted:BGP rambling Do you have any flow visibility? I like pmacct, but there's a lot out there. It would give you some actual to data to make forwarding decisions rather than spray and pray 
|
|
#
?
Feb 4, 2019 16:25
|
|
|
Methanar posted:Here you can see in the first output we're preferring the route with the giant metric of 178100 , even though there is a 0 metric possibility, because the seemingly worse option is originated over eBGP Metric is relative. Metric doesn't mean poo poo between carriers. It's not even part of the decision-making flow for routes from 2 different carriers (1 caveat, below). What you have is 2 paths with the same AS_PATH length, which makes them basically identical. It's going to be a toss-up either way. It could be ORIGIN, it could even be the IP address of the dang interface that picks which one is used. Two paths with the same AS_PATH length are always going to be a coin toss, unless you make a decision via routing policy. You can use something like the Metric System (described here): https://www.nanog.org/meetings/nanog45/presentations/Monday/Roisman_bgp_metric_N45.pdf Which is where you turn on always-compare-med (which DOES compare metric from different carriers) and then set the metrics yourself as you like. Or you can have some policies with localpref. Whatever you choose to do, the only time that matching AS_PATH does something you want is when you configure it to. Methanar posted:
This is common. Again, especially with something like the Metric System, you just wipe + replace the ORIGIN and METRIC values from the carrier since they rarely mean anything outside of MED (which even then, is carrier specific). Methanar posted:Is there really not a safer way of playing with the internet than blindly setting AS-path prepending or similar and then watching your links and hoping you don't send 11g over a 10g connection? As mentioned, you can look at traffic stats to get an idea of where your traffic goes and where it comes from, and then figure out which of your ISPs would handle what traffic. A good example is taking your top 1000 or top 10000 prefixes by traffic (recorded with a flow monitoring tool), then run them through your routing tables and see what the best path is. Here's a talk with some of that, where 15000 routes was 98% of Spotify's traffic: https://www.youtube.com/watch?v=o1njanXhQqM
|
|
#
?
Feb 4, 2019 17:34
|
|
|
Schadenboner posted:So this may be, I dunno, orthogonal to the thread or whatever: but why are community colleges cutting the number of Cisco classes they require (from 4 to 2 generally, meaning the graduates are only doing the first half of the CCNA R&S). I’ve noticed this over the course of the last five years. Is this just a result of more stuff getting put into the That's loving weird. Seems like positions I see that used to use CCNA as the base requirement are now requiring CCNP. I definitely wouldn't recommend going light on Cisco training.
|
|
#
?
Feb 5, 2019 06:03
|
|
|
Nor would I recommend CCNP if you’re not doing network architecture and support work, of a Cisco nature. Though the bleed of these concepts into modern service hosting environments is a thing, it’s still not necessary to the average tech worker. Imo anyways.
|
|
#
?
Feb 6, 2019 00:30
|
|
|
In some ways I think it would be nice if Cisco would do a “CCNA Cloud” or something. Where they rip out 80% of the layer 1-2 and IGP content to spend a ton of time on BGP, since that is the only routing protocol that matters in a public cloud environment. And steal some IPSec VPN content from the CCNA Security. Like, we are moving all of our poo poo into AWS right now. I do not care about hiring someone who can tell me all the different spanning tree protocols or the differences between EIGRP and IS-IS. It will never matter. It would also give us comedy when the cert holders’ companies decide to move back on-prem, and they build the whole data center as a flat /8 in the default VLAN with no STP configured 
Docjowles fucked around with this message at 01:47 on Feb 6, 2019 |
|
#
?
Feb 6, 2019 01:45
|
|
|
Eh, even if STP isn’t a concern in a modern datacenter environment, it’s still important to understand why it exists, and when you use it. It’s pretty fundamental to the difference between an L2 and L3 environment. Plus even in AWS the concept of a VLAN still exists and if you ever do a direct connect it’s important to understand what a tagged frame is and what a MAC address looks like.
|
|
#
?
Feb 6, 2019 04:41
|
|
|
All the fancy SDN poo poo too uses the same networking concepts as well. There are several blogs and posts I've reading where people are amazed by things such as IPTables and dynamic routing.
|
|
#
?
Feb 6, 2019 04:45
|
|
|
|
| # ? Apr 25, 2024 10:27 |
|
|
My ~* Cloud CCNA *~ curriculum would probably have STP in an appendix, and it would only cover Rapid-PVST because it is both modern and simple. Which is all you need to do an AWS direct connect to your colo. VLANs are important and get to be part of the surviving content, too.
|
|
#
?
Feb 6, 2019 05:02
|
|