|
Well its finally fixed.... one week later. We had to open multiple tickets, call multiple techs over and over and over again but we FINALLY got someone who knew what they were doing or just got lucky. Apparently it was in their words "An issue with the line card on our core router and cost the traffic." I am beyond pissed. Thankfully we had backup connections to keep these sites somewhat up but we were told for days the issue was on our end. I want to rip into our Comcast rep and tear him to shreds. Myself and my team has spent so much time on this proving it was Comcast. We better be getting a whole lot of service credits for this.
|
# ? Jul 29, 2020 13:28 |
|
|
# ? Apr 18, 2024 12:52 |
|
Run it past your legal department and send them an invoice, gently caress getting credits. I don't see why you can't charge them for all the time spent on the issue after being told "the problem is on your end".
|
# ? Jul 29, 2020 17:06 |
|
Is 'blackhole' a racist term now like blacklisting. "I'm going to blackhole this route" Methanar fucked around with this message at 17:09 on Aug 6, 2020 |
# ? Aug 6, 2020 17:05 |
|
I would say no, as that is in reference to a the astronomy term blackhole which literally appears black due to the absence of light.
|
# ? Aug 6, 2020 17:15 |
|
I'm more of the if you have to ask that question, find a different term.
|
# ? Aug 6, 2020 17:21 |
|
GreenNight posted:I'm more of the if you have to ask that question, find a different term. fortunately you never need to ask because only disingenuous/racist people would refuse to accept the common and logical explanation of the term. its like asking if binary numbers are transphobic, or subnet masks being insensitive to the s&m community, or IP not respecting pronouns, obviously they aren't and there isn't really any value in further conversation about it unless you want to talk about historiography or the evolution of language. (interesting subjects for sure, but so far divorced from "blackholing a route" or master/branch git repositories or IDE drive nomenclature that its obviously an intentional derail.)
|
# ? Aug 8, 2020 08:57 |
|
So I just got a brand new laptop, an MSI GS75 Stealth, and I'm trying to transfer as close to 100% of the data from my old laptop, an MSI GT75VR Titan, as I possibly can. I thought I already knew how to do this: I created a complete clone of the drive onto an external drive with EaseUS ToDo Backup, and then tried to boot to the external drive on the new laptop and clone to its hard drive, but Windows errored when trying to boot. Is the external hard drive faulty? Is there a more elegant way to do what I'm attempting/better software?
|
# ? Aug 13, 2020 16:58 |
|
Sir, this is a Wendys. I have no idea, probably need to disable UEFI secure boot or something dumb like that. Actual Cisco related content. Anyone have any recommendations on YouTube channels, books, etc to get started with Network automation?
|
# ? Aug 13, 2020 17:16 |
|
Oh, oops, sorry. I just saw this as a short questions thread and since there's a hardware one I assumed this was the software one. I'll move this elsewhere.
|
# ? Aug 13, 2020 17:20 |
|
Kirk Byers seems to be a good resource. Every time I try and get through his free beginners course some bullshit project comes up so I can't say if it's actually good or not. He's involved in lots of other stuff though, and the #networktocode Slack is semi-linked to him/netmiko/napalm/nornir/eNMS I think. His website: https://pynet.twb-tech.com/
|
# ? Aug 13, 2020 17:27 |
|
uhhhhahhhhohahhh posted:Kirk Byers seems to be a good resource. Every time I try and get through his free beginners course some bullshit project comes up so I can't say if it's actually good or not. He's involved in lots of other stuff though, and the #networktocode Slack is semi-linked to him/netmiko/napalm/nornir/eNMS I think.
|
# ? Aug 15, 2020 12:59 |
|
We have a Fortinet, but I guess this is a generic networking/failover question: Two internet connections, and the firewall is configured for failover, basically checking if 8.8.8.8 is reachable. Our ISP had an issue last weekend where one of the cards in their core router went down, so certain other networks were not reachable. So maybe 80% of stuff worked still, but we got a few emails about things being down etc. One of them being a cloud-based piece of software that is pretty important to the daily operations (Matrixcare EHR) An order came in from above to have the failover operate on whether we can reach that website. I'm not going to change anything because that's ridiculous and every time that website has a hiccup we're going to switch connections... So just as a brainstorming session, what are some other suggestions? In all honesty, this is something that should have been investigated by the on-call person, and once identified, manually failed over. It's such a rare thing to happen. One time last year we had something similar where a bug or something screwed up a routing table and we had all kinds of goofy poo poo happen, so we just used the other connection until they got it cleared up.
|
# ? Aug 20, 2020 13:44 |
|
Ha do we work together?!? Same thing happened to me a few weeks ago. Basically provider was down enough to impact service but not hard down so that failover switched over. We looked into doing some sort of weighted routing but just couldnt seem to get it right and its so rare that something like that happens that we just moved back to a manual process.
|
# ? Aug 20, 2020 14:13 |
|
Run that business logic in a script off box and have the script execute the failover (and recovery).
|
# ? Aug 20, 2020 14:24 |
|
Bob Morales posted:
Couldn't you just create a static route that sends all traffic to that cloud service over your primary connection and put an SLA on it that checks for reachability, and create a floating static route with the same information for the secondary connection? Put a delay on the SLA with whatever management has deemed an acceptable tolerance level for downtime so it isn't flipping back and forth every time an ICMP echo fails. edit- or what tortilla_chip recommends, since this solution is going to require a script to detect if the IP ever changes and to change the configuration or be manually configured, otherwise the routes will just be ignored. Edit2- this article suggests you can use an http proxy to do the above with no script required https://packetlife.net/blog/2008/dec/15/ip-sla-monitoring-http-proxy/ Cyks fucked around with this message at 20:52 on Aug 20, 2020 |
# ? Aug 20, 2020 16:53 |
|
You should be able to set this up as an SD-WAN target using an HTTP probe to the domain of the cloud application. Just have it check every minute or so, only look for packet loss, set the failure requirement high enough so you aren't flapping the selected path constantly - I assume five minutes of this app being down before the other link is used is a totally acceptable scenario to be in. SD-WAN path selection only affects the things you make rules for, so any existing failover on complete loss of a service won't be affected. Thanks Ants fucked around with this message at 18:35 on Aug 20, 2020 |
# ? Aug 20, 2020 18:31 |
|
Had a longhaul where one side was having low light issues since the start. The circuit had been up for 7 months and we changed the middle part of the path so we had to recheck everything. our Z side router is seeing low light so tech performs "troubleshooting" which was sticking a basic light meter on the end of a 100g. Spent a week setting up a datacenter person to do an actual test with loops and the person coordinating sent out the team to the A side hundreds of miles away. Cool. Spend another week arranging for a tech to go to the other side. They get out there, no real testing equipment, datacenter also doesnt have anything useful to test with so make do with a hard loop at the far panel and read off our router. Light is fine. Email vendor that the issue is on their side. Ignored for 36 hours. Email account manager. Finally get someone out another day or so later to check out the metro fiber since the far end of the local loop is dark fiber across the city. They fine a bad patch, replace it, much better light and a "did this circuit ever work before with this bad fiber" comment from the account manager. Wonderful. 4 days light circuit goes down. Vendor takes two days to say they weren't doing anything, another day to get one of our guys out to the site and the patch cord fell out since it was never in correctly. Link comes back with even better light than before. What a pain in the dick and I'm glad Equinix doesn't have 100g testing/light gen for troubleshooting their own cross connect runs.
|
# ? Aug 20, 2020 19:43 |
|
Equinix managed to lose power on 4 floors of LD8 the other day and took about 18 hours to recover it, saw someone write about how they're just a landlord and the expectations of their performance should be as low as for any other landlord.
|
# ? Aug 20, 2020 19:59 |
|
It's such hit and miss depending on what the local crew is and if they were the people there from before a buyout.
|
# ? Aug 20, 2020 20:37 |
|
Bob Morales posted:We have a Fortinet, but I guess this is a generic networking/failover question: If you were learning the full DFZ from each ISP that probably would've fixed the problem you described naturally (maybe add some dampening if the card is flapping or something like that) without the use of a track object. If you're just learning a default from each one then I don't think the Fortinet has enough knobs to turn where you could use only SLA track objects, you'd have to do like tortilla_chip said and make this logic run elsewhere. E.g., instead of targeting 8.8.8.8 you target the IP(s) of your most important off-net service, but what if the service itself is totally unreachable and you, at best, failed over for nothing (at worst, keeping failing over in a cycle). Depending on how well your NMS tool is integrated with your ticketing system maybe the best short term solution is to just set up multiple tracks to external business-critical services, plus a couple other barometers like 8.8.8.8 or 1.1.1.1, and configure the failure of any of those track objects to create a high-priority alarm+ticket for someone to review and make a judgement call as to whether or not to fail over. Automating the logic of when a failover should occur can be dicey in corner cases, like what if you have an external accounting service that's absolutely critical some days but not others, or if you have external services ABCDE but somehow services ABDE are up on 1, and services BCDE are up on the other, stuff like that.
|
# ? Aug 21, 2020 00:57 |
Bob Morales posted:We have a Fortinet, but I guess this is a generic networking/failover question: SD-WAN! Thanks Ants posted:You should be able to set this up as an SD-WAN target using an HTTP probe to the domain of the cloud application. Just have it check every minute or so, only look for packet loss, set the failure requirement high enough so you aren't flapping the selected path constantly - I assume five minutes of this app being down before the other link is used is a totally acceptable scenario to be in. Yeah you build policies for different applications along with policies for the links themselves. If the SD-WAN detects your HTTP probe fails on circuit A, it can just send that traffic over to circuit B. It's path selection on a per application basis so if application B still worked fine over the crippled link it could keep going that way. The interruption due to things flipping around would only affect the impacted application(s). SD-WAN is real good and if you have any critical poo poo in the or some big horrible WAN with tons of sites you really want it. It makes the functionality you used to get with monstrous weighted track objects linked to IPSLA and PBR something that is manageable by normal humans.
|
|
# ? Aug 26, 2020 23:28 |
|
If I rename a Cisco switch, will that require a switch reboot or can I just enter: oldname# config terminal oldname (config)# switchname newname ...and then save the config and be fine? Also, same question but for a 4-stack of switches. GreatGreen fucked around with this message at 15:44 on Sep 8, 2020 |
# ? Sep 8, 2020 15:10 |
|
GreatGreen posted:If I rename a Cisco switch, will that require a switch reboot or can I just enter: You should see the prompt change to: newname (config)# Right after you enter that command
|
# ? Sep 8, 2020 15:20 |
|
Bob Morales posted:You should see the prompt change to: Thanks! So no reboot requirement, even for a switch stack?
|
# ? Sep 8, 2020 15:28 |
|
GreatGreen posted:Thanks! Not 100% sure on the stack but it should behave the same as a single switch
|
# ? Sep 8, 2020 15:50 |
|
I haven't seen anything that requires a switch to be reloaded other than a software update. Perhaps if you were changing stack topology then you would, but something basic like a hostname won't involve any downtime.
|
# ? Sep 8, 2020 16:29 |
|
Ok cool thanks guys!
|
# ? Sep 8, 2020 16:29 |
|
Thanks Ants posted:I haven't seen anything that requires a switch to be reloaded other than a software update. Perhaps if you were changing stack topology then you would, but something basic like a hostname won't involve any downtime. Yeah, if you are renumbering switches in a stack, you have to reload them. License changes typically also require a reload.
|
# ? Sep 8, 2020 16:37 |
|
GreatGreen posted:If I rename a Cisco switch, will that require a switch reboot or can I just enter: You should regenerate your crypto key after changing the hostname as well, to avoid risk of breaking SSH.
|
# ? Sep 8, 2020 17:40 |
|
Also the command is hostname. SSH won't break.
|
# ? Sep 8, 2020 22:17 |
|
Desktop Support guy here at a medium sized MSP that is a Cisco Meraki shop. Looking to make the jump to sys admin hopefully as part of an in-house IT team. Is the CCNA still a good cert to go for? Since we mostly replace ASAs with MX equipment, the overall vibe at my current company is 'not worth it anymore' -- but MSPs love their own partners and discourage all else. What do you goons think?
|
# ? Sep 21, 2020 20:31 |
|
Otis Reddit posted:Desktop Support guy here at a medium sized MSP that is a Cisco Meraki shop. Looking to make the jump to sys admin hopefully as part of an in-house IT team. Is the CCNA still a good cert to go for? Since we mostly replace ASAs with MX equipment, the overall vibe at my current company is 'not worth it anymore' -- but MSPs love their own partners and discourage all else. What do you goons think? CCNA doesn't hurt, but companies are moving towards more CLOUD EVERYTHING. Companies will still have a LAN of some sort but as people start moving to WFH, servers move to the cloud, networks will get less and less complicated on the LAN side. If you know what kind of equipment you'll be working with, get certified in that (Fortinet NSE or Meraki ECMS or whatever, for example)
|
# ? Sep 21, 2020 20:56 |
|
Otis Reddit posted:Desktop Support guy here at a medium sized MSP that is a Cisco Meraki shop. Looking to make the jump to sys admin hopefully as part of an in-house IT team. Is the CCNA still a good cert to go for? Since we mostly replace ASAs with MX equipment, the overall vibe at my current company is 'not worth it anymore' -- but MSPs love their own partners and discourage all else. What do you goons think? It's a good cert to have for entry level, and whether you get it or not, it's worth studying for as you'll learn good foundational knowledge. To Bob Morales' point, getting cloud certs is more valuable, but personally I would go for the legacy network cert in the CCNA (NP if youre going to go into a SP/MSO/MSP) and cloud certs if I was just starting again.
|
# ? Sep 21, 2020 22:40 |
|
Otis Reddit posted:Desktop Support guy here at a medium sized MSP that is a Cisco Meraki shop. Looking to make the jump to sys admin hopefully as part of an in-house IT team. Is the CCNA still a good cert to go for? Since we mostly replace ASAs with MX equipment, the overall vibe at my current company is 'not worth it anymore' -- but MSPs love their own partners and discourage all else. What do you goons think? Protip: if you are still with your company 2 years after moving into a non-desktop support IT role, you are doing it wrong. A competent sys/network admin is worth way more than the 2% yearly raise on a starting salary 99% percent of employers give. My point being when it comes time to look at furthering your career, go with what is in demand. In the networking world, that's still Cisco. (Although yes, networking isn't as hot as cloud/security)
|
# ? Sep 22, 2020 00:04 |
|
At times, I feel that if I'm still with this company in any capacity in two months, I'm doing it wrong. Thanks for the advice goons. I've been reviewing the material for about 6 weeks by now, and have a good grasp on it -- I might as well see it through. Any additional advice or anecdotes are welcome.
|
# ? Sep 22, 2020 00:15 |
|
Opened a TAC case to get a stuck UCS blade looked at, got this email a few minutes later:skynet, powered by unified computing system posted:Hello [Kazinsal], Please hold while my brain rationalizes computers fixing computers
|
# ? Sep 22, 2020 00:18 |
|
Otis Reddit posted:At times, I feel that if I'm still with this company in any capacity in two months, I'm doing it wrong. Best advice I can give: Learning networking at first is really hard. Its a whole bunch of concepts that on their own dont make much sense, and dont really until you grasp enough of them together. Then it all clicks and you can kinda move up understanding from there. It will be very, very frustrating at first, and then get much, much easier for awhile.
|
# ? Sep 22, 2020 01:37 |
|
Bob Morales posted:CCNA doesn't hurt, but companies are moving towards more CLOUD EVERYTHING. Companies will still have a LAN of some sort but as people start moving to WFH, servers move to the cloud, networks will get less and less complicated on the LAN side. Whole company is going to move to cloud but then pipe all cloud traffic through a single 100Mbps AWS Direct Connect to some onprem branch office's VDSL line to run a web filter to block any form of adult content.
|
# ? Sep 22, 2020 01:42 |
|
Biowarfare posted:Whole company is going to move to cloud but then pipe all cloud traffic through a single 100Mbps AWS Direct Connect to some onprem branch office's VDSL line to run a web filter to block any form of adult content. You'll need to know Layer 3 and BGP plus maybe ECMP for the Direct Connect. Also I'd question piping back to on-prem, I'm currently doing a design for an architecture that uses Transit Gateway and Direct Connect to pipe traffic on-prem as well as a spoke VPC with HA FortiGate VMs to do inspection for web traffic (Egress from ~20 TGW attached VPCs).
|
# ? Sep 22, 2020 12:28 |
|
|
# ? Apr 18, 2024 12:52 |
|
Learning networking is good because it’s still possible to make a lash up of a Meraki config if you have no idea what you’re doing. The CCNA is a good course that covers all the networking fundamentals, and I’ve not seen another course that does that in the detail required to actually start to understand the subject.
|
# ? Sep 22, 2020 13:36 |