|
F5 pretty much dominates the traditional load balancer space. If there's a feature you want, they probably have it, and if not, you can probably script it in an iRule. Though it may be gated behind a comically expensive license.
|
#
?
Apr 6, 2019 03:35
|
|
|
|
| # ? Apr 24, 2024 05:06 |
|
|
Didn’t f5 just buy Ngingx?
|
|
#
?
Apr 6, 2019 04:35
|
|
|
jaegerx posted:Didn’t f5 just buy Ngingx? Yes.
|
|
#
?
Apr 6, 2019 04:38
|
|
|
nullfunction posted:The first thing we tried was sectioning off the IP space and directing traffic based on source, but we found that it disproportionately affected mobile as people would go on and off WiFi and the change in address would cause them to hit the other datacenter and kick them because their session wasn't valid in that DC. It also lead to a fairly lopsided load pattern which was undesirable. I think you're on the right track, cookie based persistence would work. You could also have the GSLB route clients to a redirect point which then redirects them to a non-gslb page (closest to the node they were directed to).
|
|
#
?
Apr 6, 2019 09:14
|
|
|
nullfunction posted:Out of curiosity, is there a better solution? Here's our scenario:
|
|
#
?
Apr 6, 2019 10:19
|
|
|
Yea, plus they seem to have some design limitation that breaks routing past the load balancer, or at least that's my interpretation to why stick sessions are not enabled.
|
|
#
?
Apr 6, 2019 12:54
|
|
|
Sepist posted:Yea, plus they seem to have some design limitation that breaks routing past the load balancer, or at least that's my interpretation to why stick sessions are not enabled. It's only on the outside that we needed stickiness -- once the traffic was inside a given datacenter, it was distributed among many hosts inside horizontally. A lot of work had been done up to that point to make the application scale horizontally and allow us to get rid of internal stickiness. Session state can't cross DC boundaries for a couple of reasons that I wish I could go into. Vulture Culture posted:What's the point of active/active if you can't go beyond 50% capacity in either datacenter in the first place? This is dramatically overcomplicated for what's, in truth, an active/passive solution. Both DCs were sized to take the full load in the event of a long term outage but I agree with the rest of this 100% and am happy to be working on other things. For what it's worth, it has far better failure characteristics than it used to. 
|
|
#
?
Apr 6, 2019 21:54
|
|
|
One client I worked with did exactly that, had two active data centers sized so that one could handle all the load by itself so if one went down the other could keep everything going, and then split traffic so that each one had %50 of the workload at all times. They were a large hospital network so uptime was a very big deal for them.
|
|
#
?
Apr 6, 2019 22:13
|
|
|
hihifellow posted:One client I worked with did exactly that, had two active data centers sized so that one could handle all the load by itself so if one went down the other could keep everything going, and then split traffic so that each one had %50 of the workload at all times. They were a large hospital network so uptime was a very big deal for them. Uptime is one of those things that's generally pretty easy to solve by throwing money at it. The biggest problem area is large portions of the internet infrastructure in the U.S. being owned by single companies, like that bigass CenturyLink router that took a poo poo and hosed over the internet for a couple of days a couple months ago.
|
|
#
?
Apr 7, 2019 06:17
|
|
|
As a NOC engineer with a CCNA, what's a good way for me to start learning with cloud infrastructure/moving things into the cloud? I see that the AWS certs are nice for getting interviews, but how would I go about getting actual hands on experience? Obviously I won't last long in an interview without it, and I also want to get a feel for the career path in general to make sure it's right for me. e: if anyone here has a job in either of the fields I mentioned, I'd love to hear about what you actually do everyday at your job. Umbreon fucked around with this message at 08:40 on Apr 8, 2019 |
|
#
?
Apr 8, 2019 08:38
|
|
|
Umbreon posted:As a NOC engineer with a CCNA, what's a good way for me to start learning with cloud infrastructure/moving things into the cloud? I see that the AWS certs are nice for getting interviews, but how would I go about getting actual hands on experience? Do you want to stay into the networking part or do want to go into the cloud engineer area? You can open an AWS account and start following tutorials that can be done in the free tier. Otherwise you can do things pretty cheap as long as you turn stuff off when you’re done with them. Always use the infra as code idealogy so you can build things exactly the same way and burn them when you’re done.
|
|
#
?
Apr 8, 2019 11:45
|
|
|
LochNessMonster posted:Do you want to stay into the networking part or do want to go into the cloud engineer area? I'm still trying to figure that out. I love networking a ton, but being a cloud engineer sounds extremely interesting. Are there any positions that would benefit from having both skillsets?
|
|
#
?
Apr 8, 2019 14:40
|
|
|
Umbreon posted:I'm still trying to figure that out. I love networking a ton, but being a cloud engineer sounds extremely interesting. Are there any positions that would benefit from having both skillsets? Hybrid is getting more common as companies realize that there are workloads best for the cloud and workloads that a better on premise. Being able to integrate the two, and knowing when to apply which solution are important skills.
|
|
#
?
Apr 8, 2019 14:57
|
|
|
Umbreon posted:I'm still trying to figure that out. I love networking a ton, but being a cloud engineer sounds extremely interesting. Are there any positions that would benefit from having both skillsets? Cloud doesn't negate the need for networking or network security. Your network configs and ACLs become more code based, and applied via API. There's definitely a need for crossover engineers but it's not the biggest job market. Otherwise being a network engineer with cloud knowledge is a huge benefit as most companies are at least thinking about cloud platforms at this point.
|
|
#
?
Apr 8, 2019 15:14
|
|
|
Umbreon posted:I'm still trying to figure that out. I love networking a ton, but being a cloud engineer sounds extremely interesting. Are there any positions that would benefit from having both skillsets? Pretty much any non-junior person doing cloudy poo poo has to have some understanding of networking, and everybody ideally would understand network security. The quantity of work to be done on the networking front is low relative to owned hardware, but in AWS-land someone still has to define subnets, decide how to peer networks together, control security groups, and the like. I'm on an SRE team of 12 people, and caring about networking is like, a part time thing for one person. In general agreement with Judge Schnoopy—there is work to do, and the skillset is valuable, but it's going to be hard to find a job that only does networking.
|
|
#
?
Apr 8, 2019 15:20
|
|
|
Comradephate posted:In general agreement with Judge Schnoopy—there is work to do, and the skillset is valuable, but it's going to be hard to find a job that only does networking.
|
|
#
?
Apr 8, 2019 15:26
|
|
|
I'm at an PaaS that is exploring workloads in the cloud, and I've had to translate and lift network security configs from on-site systems to Azure. The whole thing is code based because nobody wants to hand configure azure networking / net security rules. I haven't had any previous cloud training to get here and the cloud responsibilities don't make up anybody's full time job, but I can see it getting there. I'm sure hiring efforts in the future will favor engineers with cloud experience no matter what their role is. The whole company will have some small part in integrating with the cloud, no exception.
|
|
#
?
Apr 8, 2019 15:34
|
|
|
So I've spent pretty much my entire life working lovely jobs (the IT portion only being for the last 10 or so) for evil and just generally bad companies with outright hostile culture, overbearing bosses, and the occasional literal threat of violence because that's pretty much how all my jobs went since I entered the workforce and I literally didn't know that there could actually be anything better. I seriously thought that people talking about "good" workplaces was just generally accepted as a coping mechanism to help them live with the hellscape that is employment. I mean in the last 20 years, I've had a knife pulled on me by a coworker, people screaming directly into my ear loudly enough that it hosed up my balance for a bit, a supervisor that repeatedly asked to "borrow" my girlfriend at the time, company meetings about who to vote for and which church to attend (loving lol), and open threats of being fired on a whim and at literally any moment. It was not good and I fully accept that I was quite likely mentally ill for thinking it was normal. Now I'm working in the public sector and... it's different. Shockingly so. I have never been screamed at even once. I have next to zero supervision, and the very concept of "ASAP" makes people that have been here for a while start to bleed from the ears. My boss has even outright said that it's nearly impossible to get fired here unless you somehow screw up so badly that you end up with a nemesis somewhere in upper management. I've been here a year, and I'm still having a hard time transitioning to people being... well, genuinely nice. Sincere "thank yous" almost make me mist up a little bit. There have even been hugs (it's a school system so I figure that's just a weird thing that teachers do). I can put in time off by saying "hey I could use some time off" and nobody says "WHY!?!?!?!". And also the concept where it's totally fine for it to take a month or so for things to get fixed (usually). I love it, but I also have this giant creeping dread that it's some sort of trick, and the rug is going to get yanked out from under me at any moment. I've kind of had it at other jobs, but it was usually the result of some sort of specific threat, and here there's no evidence of anything of the sort. Is there any trick to managing that? Is it something that just kind of fades over time away from a hosed-up workplace? I could also use any suggestions on entry-level basic time management because not having outright dictatorial levels of structure and supervision here is SO WEIRD.
|
|
#
?
Apr 8, 2019 17:01
|
|
|
The trick is that it's impossible to get fired, so over time the most capable people will quit because superlative people do not want to work somewhere that rewards mediocrity. But I mean, beyond that, it's probably fine. As you said, you've just worked at a ton of horrible places, and now you are working at a regular place. Given that you've been there an entire year and you're still waiting for the other shoe to drop, I unironically suggest therapy. For me the honeymoon period of a job ends after 3 months or so. If you still think it's great to work there but are still worried it's secretly going to be a nightmare, talk to a pro about dealing with those feelings, because they are not normal feelings that everyone has to deal with. E: also my first comment wasn’t just to be a dick and isn’t a direct judgement of you or your coworkers. What I was ineptly working towards was that for many people, that would be seen as the negative thing about the job. If it’s working for you, then it seems like you found a really good fit. Comradephate fucked around with this message at 17:59 on Apr 8, 2019 |
|
#
?
Apr 8, 2019 17:23
|
|
|
Comradephate posted:Given that you've been there an entire year and you're still waiting for the other shoe to drop, I unironically suggest therapy. For me the honeymoon period of a job ends after 3 months or so. If you still think it's great to work there but are still worried it's secretly going to be a nightmare, talk to a pro about dealing with those feelings, because they are not normal feelings that everyone has to deal with. I was going to post much the same thing. Your past jobs sound traumatic enough that it might be very helpful to talk to someone professionally. The stuff you posted is super hosed up and not normal or acceptable in any way. In terms of time management, this book was helpful to me: https://www.amazon.com/Time-Management-System-Administrators-Working-ebook/dp/B0026OR2WM/
|
|
#
?
Apr 8, 2019 17:40
|
|
|
Definitely see a therapist. I was thinking the same thing as Docjowles. It sounds like you've gone through some fairly traumatic stuff.
|
|
#
?
Apr 8, 2019 17:42
|
|
|
Thanks! Yeah, I was kind of wondering about professional help. There's a lot more to this story that I kept out for brevity that would also almost definitely support your suggestions. I'm mostly just glad to finally come around to realizing that all that stuff isn't normal.
|
|
#
?
Apr 8, 2019 18:07
|
|
|
Thomas A. Limoncelli wrote a book a time management...  I guess I shouldn't be surprised?In other news, the Edge Chromium browser is basically chrome. Extensions work as expected... I guess I won't need to install Chrome ever again?
|
|
#
?
Apr 8, 2019 18:09
|
|
|
Tab8715 posted:Thomas A. Limoncelli wrote a book a time management... I want Facebook to make a huge investment in the Mozilla Foundation so that the three big browser choices are Facebook, Google and Microsoft.
|
|
#
?
Apr 8, 2019 18:11
|
|
|
The Fool posted:I want Facebook to make a huge investment in the Mozilla Foundation so that the three big browser choices are Facebook, Google and Microsoft. I would actually prefer this to the current world where there is effectively one browser choice, and it is created by the largest advertising firm in the world.
|
|
#
?
Apr 8, 2019 19:14
|
|
|
The Fool posted:I want Facebook to make a huge investment in the Mozilla Foundation so that the three big browser choices are Facebook, Google and Microsoft. At that point I would actually set up a System 7 VM and run Netscape 3.0.4 for daily use.
|
|
#
?
Apr 8, 2019 19:28
|
|
|
Bring back Safari for Windows 
|
|
#
?
Apr 8, 2019 19:30
|
|
|
So it appears that the director of infosec got phished and his office 365 account was privileged. The attacker had access to his account for more than a month and has been reading the email of every important person in our company. The attacker only tipped off the game when he created outlook rules to auto forward email outside the company that flagged a defined alert. My infrastructure team has been hard at work gathering all the data. Of course we did a full 90 day dump of the non-owner report. Do you think people stopped reading email that wasn't their own after my previous rampage? Nope. 2 brave souls wanting to find new jobs I suppose. Folks, please go into https://protection.office.com/alertpolicies and define your alert policies beyond the default. Leaders, if you tell your teams to do it please hold their hand and follow up. Don't be me and believe your middle managers who tell you its complete.
|
|
#
?
Apr 8, 2019 19:33
|
|
|
Sickening posted:the director of infosec got phished Sounds more like three people that need to be finding new jobs.
|
|
#
?
Apr 8, 2019 19:38
|
|
|
The Office 365 default of just letting people grant permission to third-party applications to view all their Office 365 data probably wants to be changed as well. It's called "Integrated Apps". https://docs.microsoft.com/en-us/office365/admin/misc/integrated-apps?view=o365-worldwide
|
|
#
?
Apr 8, 2019 19:39
|
|
|
Sirotan posted:Sounds more like three people that need to be finding new jobs. I sat in a leadership meeting the first week of Jan where he was very concerned with phishing attempts. He was even advocating for punishment for people who fall for company run phishing campaigns. Feels great.
|
|
#
?
Apr 8, 2019 19:40
|
|
|
Not a director, but we had a guy come by our offices after our last phishing campaign spouting garbage along the lines of "What kind of idiot falls for these things?" Guess who put their username and password in?
|
|
#
?
Apr 8, 2019 19:44
|
|
|
My hobby: putting the infosec director's username into the lovely fake phishing emails they periodically send out to catch people.
|
|
#
?
Apr 8, 2019 19:53
|
|
|
Docjowles posted:My hobby: putting the infosec director's username into the lovely fake phishing emails they periodically send out to catch people. Brilliant, I’m so stealing this.
|
|
#
?
Apr 8, 2019 19:58
|
|
|
Docjowles posted:My hobby: putting the infosec director's username into the lovely fake phishing emails they periodically send out to catch people. unless the campaign is run by a dummy, they use unique links and/or unique embedded images in the email to identify which emails were opened, so they'd see that the email sent to Docjowles resulted in credentials for not Docjowles being entered into the fake website.
|
|
#
?
Apr 8, 2019 20:13
|
|
|
Comradephate posted:unless the campaign is run by a dummy well, you see...
|
|
#
?
Apr 8, 2019 20:15
|
|
|
Fun Fact: When you use the tor browser and use it to sign on to your azure/office365 account, it flags you for risky behavior in azure. We have someone who is showing up to be signed in for no less than 20 countries in the last few days. After investigating the ip addresses and seeing them to be tor exit points, he gets explain why he is using his work account on tor browsers. Is there really not a browser out there that gives the same benefits as the tor browser but doesn't sound shady as gently caress? We now have people freaking out over the "dark web".
|
|
#
?
Apr 8, 2019 20:24
|
|
|
wait, what is his stated reason? that seems crazy.
|
|
#
?
Apr 8, 2019 20:38
|
|
|
LochNessMonster posted:Reason is most likely because she wants her numbers look good by running the department/team with less staff than budgeted. This hardly ever works out since you either overwork your staff or they stop caring and start slacking off. Fortunately she just wanted a couple of days to get her feet under her. All 3 positions are in process of being approved today. Separate question for you folks: I recently took over our Cell phone management. I'm going to book with a US broker to take over the north american phone nonsense, are there any companies that do this kind of brokerage work for international phones? DigitalMocking fucked around with this message at 20:42 on Apr 8, 2019 |
|
#
?
Apr 8, 2019 20:40
|
|
|
|
| # ? Apr 24, 2024 05:06 |
|
|
Sickening posted:Fun Fact: When you use the tor browser and use it to sign on to your azure/office365 account, it flags you for risky behavior in azure. We have someone who is showing up to be signed in for no less than 20 countries in the last few days. After investigating the ip addresses and seeing them to be tor exit points, he gets explain why he is using his work account on tor browsers. No one should use the Tor browser at work.
|
|
#
?
Apr 8, 2019 20:41
|
|