Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«413 »
  • Post
  • Reply
Cyks
Mar 17, 2008


GreenNight posted:

We're replacing all our C3560X switches with Meraki MS390. My first dip into the Meraki world outside of wifi.

I've been really bad about doing any research into the Meraki line but that'll have to change with it being part of the certifications now.

My basic understanding is it provides ease of use for people who aren't experts on configurations and has built in visual monitoring tools without needing an application like Solarwinds but at an increased cost for hardware and licensing. Is that about right?

Adbot
ADBOT LOVES YOU

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

Cyks posted:

I've been really bad about doing any research into the Meraki line but that'll have to change with it being part of the certifications now.

My basic understanding is it provides ease of use for people who aren't experts on configurations and has built in visual monitoring tools without needing an application like Solarwinds but at an increased cost for hardware and licensing. Is that about right?

We have a poo poo ton invested in Solarwinds, but from what I've seen so far, yes. I'm used to changing vlans via the CLI, but yes you have a GUI for all port settings now and it tells you traffic per port, usage, poe usage, etc. It's pretty slick and I like all the information it provides without loving around in Solarwinds.

less than three
Aug 9, 2007




Fallen Rib

Meraki is slick GUI configuration and it collects analytics about every device, user and switchport that would make the NSA blush.

Just being able to type a machine name, user name or IP phone into the search box and "it just works" is so nice.

less than three fucked around with this message at 19:50 on Feb 28, 2020

Moey
Oct 22, 2010

I LIKE TO MOVE IT


We use Meraki for access layer switching, WiFi and site-to-site VPNs.

It is dead simple to config/monitor. It is great to have our helpdesk folks in there to be able to do some quick troubleshooting/hunt down clients.

The reporting from the WiFi side is great, as we have some higher ups that use those stats.

Really no complaints from me. I am running around 30+ switches, 50+ APs and 10ish site-to-site VPNs.

BaseballPCHiker
Jan 16, 2006



My best asset as an IT person has been never being afraid to be the stupid person because thats how I learn best, trying/failing/repeat. In the spirit of that I have a question for the network people here.

I'd like to start rolling out Ciscos config archive and rollback feature on new devices we deploy. If I'm understanding it correctly I can specify a path to save configs too using TFTP. We already have that infrastructure in place for our nightly config backups, so it should be pretty easy for me to make a new folder to save these archives too.

If I understand correctly once I have devices saving archives via tftp we can remotely start working on a device, issue a revert 20 or something, and if we totally hose things up the switch will revert back to its previous archive.

How would that work though if you truly mess something up? For example, you start working on a switch, do a revert 20 command, then while pruning a trunk you forget to do 'allowed vlan add' and just do 'allowed vlan'. In this case the switch has lost connectivity back to the tftp server so how is it getting its old archived config?

Am I better off setting up the archives to be saved locally? Then still have our nightly config backups run via tftp?

wolrah
May 8, 2006
what?


BaseballPCHiker posted:

How would that work though if you truly mess something up? For example, you start working on a switch, do a revert 20 command, then while pruning a trunk you forget to do 'allowed vlan add' and just do 'allowed vlan'. In this case the switch has lost connectivity back to the tftp server so how is it getting its old archived config?
My understanding of these sort of schemes is that you don't issue a "write mem" until you're sure everything is good, so it just reverts to the startup config.

I don't work with Cisco often and it's never new stuff, so I've only seen it done as a "reload in X" followed by a "reload cancel" when things are set, but it seems like the modern way to do this would be something along the lines of "configure replace nvram:startup-config time 120" followed by "configure confirm" when good because that won't waste time rebooting the whole device.

Accessibility of the remote archive shouldn't matter unless you're looking to go back multiple versions.

tortilla_chip
Jun 13, 2007

k-partite

Briefly looking at the archive config reference it seems like a better idea to use a local filesystem rather than a tftp path.

BaseballPCHiker
Jan 16, 2006



Yeah as I was looking into it more saving the archives locally looks to be the best way forward for us.

That way if a device gets foobared it can just revert to the archive stored locally. That plus the tftp config backups nightly ought to cover us.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Doing some JunOS stuff and I'm looking for some advice specific to JunOS but also somewhat general advice.

I have a distributed network (4-5 remote sites), this is setup in a star topology, one of these remote sites is going to have some vendor devices, these vendor devices will need to communicate with a single device on another subnet, but I do not want them communicating with any other subnet (other than the internet).

At the moment, my best thought is applying a firewall filter, to all other vlans, blocking traffic form the vendor subnet by source address.


edit firewall
set family inet
set filter FILTERNAME
set term TERMNAME
set from source-address VENDORSUBNET
set then discard
set vlans VLAN filter input FILTERNAME

The above (should?) do what i want, just need to replace capital lettered stuff with real stuff and then the last line apply it to all the vlans. My issue is, there are a bunch of vlans and going to be more, so I'm hoping there's a better way to do this. Perhaps I could limit egress traffic on that VLAN to all private address space but exempt some addresses, such as the subnet I want it to talk to and the router/firewall interfaces it needs to get out to the internet? Just not familiar with how exceptions work and how to set it up.... halp i'm bad

MF_James fucked around with this message at 17:51 on Mar 11, 2020

Digital_Jesus
Feb 10, 2011



Why not set an acl on the closest l3 device for traffic from the vendor source IPs to allow your alternate subnet, deny all other internal networks, and allow 0/0 beyond that?

Configuring one device is way less work.

Allow from vendorIPs to SubnetRange
Deny from vendorIPs to InternalNetworkList
Allow from vendorIPs to 0/0

Its been a while since I was in a JunOS device so syntax is not gonna be something I can intelligently type, but thats what youre going for realistically and it will encompass further expansion of your inside network.

Digital_Jesus fucked around with this message at 20:01 on Mar 11, 2020

Moey
Oct 22, 2010

I LIKE TO MOVE IT


What are the devices?

SRX or EX?

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


EX

I was going to set the ACL on the L3 device which is a 4200EX stack (I think it's 4200's maybe 3200's).

ate shit on live tv
Feb 15, 2004



My company recently bought some Juniper PTXs running Junos Evolved. There have been quite a few bizarre bugs related to SNMP, re0:mgmt interface, MPLS/RSVP etc. (To be fair, 14.5 is fixing a lot these as well as hundreds others, I've submitted 2 new PR's myself). However the the joke is the new Junos has devolved, very clever I'm sure.

But this bug is amazing. I am turning up some p2p's between two of our sites that I live nearby to get some DC experience since it's been at least a year since i'd been (hurrah for dedicated DC teams). I copy and past the config, find out the circuit's aren't up yet get obm online etc etc. find out the other end of the circuit won't even be connected til tomorrow so I'm not too worried about it. Put on a copy and past config on the interface on the production PTX on the other side, no other services.

I accidentally set the interface IP to 10.1.1.1/3, the address was supposed to be 10.1.1.1/31 The interface is down, and won't be getting turned up until tomorrow and I start troubleshooting a "disk full" error/bug on a different ptx. Finally I wrap up and head home. I find out later that night traffic through that router is getting blackholed. Investigation revealed the the FIB had installed 10.1.1.1/3 as a destination out of the DOWN interface.

Cool bug.

For the curious, 10.0.0.0/3 is IP range: [0.0.0.0-31.255.255.255]

ate shit on live tv fucked around with this message at 02:49 on Apr 9, 2020

Methanar
Sep 26, 2013


What goes into the decision to use Juniper rather than Arista, other than Juniper gear already being entrenched and in place?

Pile Of Garbage
May 28, 2007





Might only make sense to those using FortiGates on the reg, also only if you use profile groups (Which you should be they're dope):

https://twitter.com/GarbageDotNet/s...155278958153729

tl;dr: device will stop you from creating an invalid config state but won't stop you from editing existing config into an invalid state (Mixing Comfort Clients protocol options with the Content Disarm & Reconstruction AV feature). I'm certain that invalid config has been causing a bunch of issues in my home network with weird dropped replayed packets and poo poo.

falz
Jan 29, 2005

01100110 01100001 01101100 01111010


Methanar posted:

What goes into the decision to use Juniper rather than Arista, other than Juniper gear already being entrenched and in place?

I don't know his answer, but depending on the ptx he bought may be q5 chip based (qfx10k, they just rebranded a bunch of those, specifically super dense 100g/400g models), which have in house pretty capability silicon vs broadcom jherico with fib tricks to get millions of routes.

Q5 can do 2mil fib and 100ms buffera on all ports. Ymmv depending on Arista model w/ bcm stuff.

Junos has been hot garbage lately but I'd take it over an IOS clone any day.

ate shit on live tv
Feb 15, 2004



Methanar posted:

What goes into the decision to use Juniper rather than Arista, other than Juniper gear already being entrenched and in place?

In our environment until we got these PTX10003's, we only had two SRX1400's as far as Juniper went.

Our infrastructure is almost all Arista already, and we were planning on sticking with Arista, but we had decided to do MPLS+RSVP+TE+Backup Path+Auto-BW for our WAN. Well Arista doesn't support those MPLS features even though they claimed they would "next quarter" for about a year. (As an aside Arista is all-in for Segment routing which is what I wanted to build our WAN with, but MPLS won out). We chose the PTXs because we wanted 32 ports of 100GB and MACsec at linerate, with the ability to do 400GB in the future.

ate shit on live tv
Feb 15, 2004



Anyone have any tips, or documentation for building your own BGP-community schema? Our bgp network is big enough to need such things now. I want to create schema that is extensible enough to not need much tweaking in the future.

falz
Jan 29, 2005

01100110 01100001 01101100 01111010


ate poo poo on live tv posted:

Anyone have any tips, or documentation for building your own BGP-community schema? Our bgp network is big enough to need such things now. I want to create schema that is extensible enough to not need much tweaking in the future.

We did the same and gave it a lot of thought, discussion over 6mo or so before implementing.

Create info and action communities. Keep them different length of characters, our info are all 5digits starting with 5, action are all 4 digits. This makes it easier to strip communities.

Make regions like a tic tac toe board and encode that as one digit of the info comm. We use another pair of digits as the pop id.

Make one digit of the info community the method the route was learned, hopefully following your localpref standard. 100 = paid transit for us, so we used 1 for that. 3 peering = 300, etc up to customer and aggregates.

For action communities, embed that same digit somehow, like don't advertise to transit would have a 1 in it somewhere.

Create special per peer and peer type policies to allow control by type and asn.

Ultimately this gives you fun stuff like 'share ix routes in this region' and 'dont advertise to cogent' or whatever.

Document the poo poo out of it including to your customers.

We're Junos so used slax scripts. It supports py now so I may port them or better yet use off box automation to update them. It's really not possible via humans.

I'm exploring Jinja templates to instead use https://github.com/respawner/peering-manager to do this once I have more time.

Pm me and I can share more info, just don't want to associate me with an org publicly.

Edit, while you're at it, consider also implementing some of newer-ish standard bgp communities and developments

* https://tools.ietf.org/html/rfc7999 - Standard BLACKHOLE community 65535:666
* https://tools.ietf.org/html/rfc8326 - BGP Graceful shutdown 65535:0
* https://tools.ietf.org/html/rfc8092 - large communities. We implemented our standards a year or so before this went final. Using standard communities, you cannot really do per-asn control on 4 byte asns.

falz fucked around with this message at 19:24 on Apr 28, 2020

ate shit on live tv
Feb 15, 2004



Thanks, and yea I would strongly suggest jinja templates, especially for Juniper. We are going to be using PTXs as our provider edge routers and we already deploy them with ansible and jinja templates. It's great.

tortilla_chip
Jun 13, 2007

k-partite

ate poo poo on live tv posted:

Anyone have any tips, or documentation for building your own BGP-community schema? Our bgp network is big enough to need such things now. I want to create schema that is extensible enough to not need much tweaking in the future.

https://archive.nanog.org/meetings/...-Techniques.pdf

At the very least, add a community to indicate where/how a prefix is learned. The majority of scoping can be enforced via those communities.

ragzilla
Sep 9, 2005
don't ask me, i only work here




Iím a big fan of how NTT set up their communities- using private ASN space prefixes to create a set of communities that can be used to control policy toward specific peers by ASN rather than remembering the specific providerís community for suppress/prepend to their individual peers.

https://onestep.net/communities/as2914/

Also, donít forget to filter inbound communities at your border if you accept communities from transit/peers for use within your AS.

BaseballPCHiker
Jan 16, 2006



I just upgraded code on a bunch of 5515 ASAs to what is supposedly to be the last major revision.

How bad are the 2110 series FirePower/SourceFire/AMP/WhateverTheFuck now? When I last looked into them they seemed pretty universally reviled. We'll be doing replacements of these 5515s within the next year or two and are strongly considering Palo Altos as well.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


BaseballPCHiker posted:

I just upgraded code on a bunch of 5515 ASAs to what is supposedly to be the last major revision.

How bad are the 2110 series FirePower/SourceFire/AMP/WhateverTheFuck now? When I last looked into them they seemed pretty universally reviled. We'll be doing replacements of these 5515s within the next year or two and are strongly considering Palo Altos as well.

I'd avoid firepower, not from my personal experience but from literally every person I've ever talked to.

Fortinet/Palo Alto are the 2 big boys in the space, I haven't really used Palo but Fortinets are nice and if you have a large enough environment for their management/log collectors/other stuff it all works pretty well.

falz
Jan 29, 2005

01100110 01100001 01101100 01111010


Not really a firewall guy, but we went from asa to Fortinet it's web gui is totally sane. It's from the Netscreen guys who sold to Juniper and eventually sorta became srx.

Cli a but garbagey but its passable. Haven't extensively used PA but have lab demo'd and their is is better than the others. Has legit commit like Junos. Costs way more than Forti.

Kazinsal
Dec 13, 2011




BaseballPCHiker posted:

I just upgraded code on a bunch of 5515 ASAs to what is supposedly to be the last major revision.

How bad are the 2110 series FirePower/SourceFire/AMP/WhateverTheFuck now? When I last looked into them they seemed pretty universally reviled. We'll be doing replacements of these 5515s within the next year or two and are strongly considering Palo Altos as well.

We had a couple FTD code 2110s a few months ago spontaneously brick their failover configs in a way that TAC spent a week trying to fix before finally going "well, that's hosed, you're going to have to completely reimage both of them".

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


CLi for fortinet is fine, it's arranged somewhat sane (not at all like the ASA) but it's very poorly documented. Though they are supposedly getting better about it? I am mostly using ASA's now at my current job and very rarely touch them anyway past a deployment.

falz
Jan 29, 2005

01100110 01100001 01101100 01111010


MF_James posted:

CLi for fortinet is fine, it's arranged somewhat sane (not at all like the ASA) but it's very poorly documented. Though they are supposedly getting better about it? I am mostly using ASA's now at my current job and very rarely touch them anyway past a deployment.

The main issue I have with the cli it is everything is nested sorta like xml and it's annoying. It's do able but just very different. It's like they tried to do Junos and failed miserably.

I also recently discovered they have a commit like option but the rollback reboots the device. Lol

Thanks Ants
May 21, 2004

Bless You Ants, Blants



Fun Shoe

Yeah the CLI is a bit strange, simple stuff like ping being execute ping instead for some reason. I'm sure I'd be a lot more proficient with a one-pager on how to navigate around it but I use it so rarely that each time I go in I spend half my time getting back to where I was.

Having said that, shoving everything into a flat structure like IOS works fine for routing but by the time you have actual firewall stuff to deal with it turns into unreadable garbage.

BurgerQuest
Mar 17, 2009



Just chiming in to say for the price I've not come across anything better than a Fortigate, and if it can't do what Palo does, go spend more for Palo. Disregard every other option unless you literally want IPTables or Cisco ASA hell.

uhhhhahhhhohahhh
Oct 9, 2012


I'm currently in the process of setting up a new HA pair of PA-3220s, going to be migrating from some Huawei NGFWs. I've used Cisco ASAs as well and the PA is so much easier to work with compared to both of them. The documentation is incredibly well written, has a bunch of examples and it's easily googleable when working out the quirks. Most of the basics carry across between all the firewalls but there's always some stuff they do differently, like no VRRP on the PAs. I fuckin hate having to do anything on the ASAs, cli and asdm both loving suck, and our ASA pair is in a cluster because they bought a gig internet and our model only has 650mbit throughput.

Not done much on cli yet though so can't say how good it is.

Expensive as poo poo though, cost us like £24k each for 3 years of licensing. The Huaweis were like £3k.

uhhhhahhhhohahhh fucked around with this message at 13:08 on May 21, 2020

greatapoc
Apr 4, 2005


I've got 2 Nexus 3172s in a vPC domain and a bunch of vlans on both in HSRP groups. Everything appears to function correctly but both devices spam syslog with the following messages:

code:
2020 May 25 08:38:41 AdminNX01 %ARP-4-OWN_SRCMAC:  arp [26188]  Received packet with a local source MAC address (7488.bb8a.1d41) from 192.168.199.2 on Vlan199
2020 May 25 09:17:08 AdminNX02 %ARP-4-OWN_SRCMAC:  arp [26507]  Received packet with a local source MAC address (6c8b.d37a.1041) from 192.168.199.3 on Vlan199
2020 May 25 09:17:49 AdminNX02 %ARP-4-OWN_SRCMAC:  arp [26507]  Received packet with a local source MAC address (6c8b.d37a.1041) from 192.168.200.3 on Vlan200
2020 May 25 09:18:13 AdminNX02 %ARP-4-OWN_SRCMAC:  arp [26507]  Received packet with a local source MAC address (6c8b.d37a.1041) from 192.168.140.3 on Vlan140
Somehow AdminNX01 only ever shows Vlan199 and AdminNX02 only ever shows Vlan140,199 and 200. There are a lot more vlans than these configured but they don't throw errors.

code:
AdminNX01# sh run int vl199

!Command: show running-config interface Vlan199
!Running configuration last done at: Mon May 25 09:26:50 2020
!Time: Mon May 25 10:18:58 2020

version 9.2(1) Bios:version 5.2.0

interface Vlan199
  description Infrastructure Network
  no shutdown
  no ip redirects
  ip address 192.168.199.2/24
  ip ospf passive-interface
  ip router ospf Network area 0.0.0.0
  hsrp 199
    preempt
    priority 90
    ip 192.168.199.1
code:
AdminNX02# sh run int vl199

!Command: show running-config interface Vlan199
!Running configuration last done at: Mon May 25 09:29:35 2020
!Time: Mon May 25 10:18:30 2020

version 9.2(1) Bios:version 5.2.0

interface Vlan199
  description Infrastructure Network
  no shutdown
  no ip redirects
  ip address 192.168.199.3/24
  ip ospf passive-interface
  ip router ospf Network area 0.0.0.0
  hsrp 199
    preempt
    priority 80
    ip 192.168.199.1
Has anyone ever seen this before? Not sure if I should just filter these events from the syslog.

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

Not sure if this is appropriate for a short question, but any recommendations or models on whether some used ciscos are decent for some basic learning stuff/personal project hosting? Right now I'm using a Supermicro whitebox running bird with two dual SFP+ cards installed for routing. I currently have 2 (soon 3) full table transit BGP sessions, and this one would be directly connected to 4 internet exchanges. At least a handful of 10G ports are preferred.

Methanar
Sep 26, 2013


Biowarfare posted:

Not sure if this is appropriate for a short question, but any recommendations or models on whether some used ciscos are decent for some basic learning stuff/personal project hosting? Right now I'm using a Supermicro whitebox running bird with two dual SFP+ cards installed for routing. I currently have 2 (soon 3) full table transit BGP sessions, and this one would be directly connected to 4 internet exchanges. At least a handful of 10G ports are preferred.

Get set up with GNS3. You'll be able to test a million more situations than you ever could with just one metal box sitting somewhere.

GNS3 is a tool that runs real ios/eos/juniper/whatever images in VMs for you. You can even hook up real devices like your supermicro to your GNS3 network if you're feeling spicy and want to connect to the real internet for some reason.

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

Methanar posted:

Get set up with GNS3. You'll be able to test a million more situations than you ever could with just one metal box sitting somewhere.

GNS3 is a tool that runs real ios/eos/juniper/whatever images in VMs for you. You can even hook up real devices like your supermicro to your GNS3 network if you're feeling spicy and want to connect to the real internet for some reason.

This is intended for actual deployment, I'm running about 20-30 Gbps of ""production"" traffic right now. I'm just kind of wondering if any outdated ebay-tier cisco gear is worth getting or if they all have problems dealing with fulltable memory-wise or something at that level of end-of-life oldness. Or I have no idea how much real cisco kit costs.

Biowarfare fucked around with this message at 06:38 on May 26, 2020

Methanar
Sep 26, 2013


Biowarfare posted:

This is intended for actual deployment, I'm running about 20-30 Gbps of ""production"" traffic right now. I'm just kind of wondering if any outdated ebay-tier cisco gear is worth getting or if they all have problems dealing with fulltable memory-wise or something at that level of end-of-life oldness. Or I have no idea how much real cisco kit costs.

At my last job I I bought like 8 of arista 7050SX off ebay used with a 100% success rate for literal 10% the price that Arista themselves would sell them to you. 10/10 would buy again. Has a good API and cisco style cli. Minimal bullshit with offbrand SFPs

48 10gbps ports with 4 40g qsfp

https://www.ebay.ca/itm/Arista-DCS-...oYAAOSwnWBdUdGI

I didn't run the 7050s with full table BGP, so you might need to check if they'll work for you, but I did run 5x full table BGP off of arista 7280SRs which are also dirt cheap on ebay for what it is.

https://www.ebay.ca/itm/Arista-DCS-...ow/323584542483

Methanar fucked around with this message at 06:51 on May 26, 2020

Docjowles
Apr 9, 2009



You linked a 7280SE, which I donít think can do full tables. The SR is like 8x the cost.

falz
Jan 29, 2005

01100110 01100001 01101100 01111010


He seems to be asking for Cisco devices however. I live in Juniper land now so out of date with Cisco, but Venn diagram of full routes + 30gbps on Cisco across multiple devices is probably spendy.

You can do full routes on some older crusty ISR stuff still for dirt cheap though, but probably only 1gbps or so.

Are you specifically looking for Cisco? If not get a Cisco box, Juniper, and some other IOS clone like Arista or God forbid brocade/foundry.

Biowarfare
Nov 8, 2010

I JUST WISH THIS WAS A PONY SO I COULD JERK IT WHILE I PLAY WOW

I'm ok with any brand, not a fan of Mikrotik. One of my upstreams in Netherlands uses exclusively Huawei stuff, which is somewhat interesting and not something I've seen to be common.

I mostly just want to "move up a tier" from running Linux with software routing python-generated bird2 configs. Emailing the IXP mailing list every time I need to update the kernel and reboot becomes tedious. Have heard a cheap option to be flashing a Quanta LB6M to some Brocade firmware but that seems like hell in itself. I would like at lesat something that can do netflow or equivalent, and bgp flowspec.

Biowarfare fucked around with this message at 19:51 on May 26, 2020

Adbot
ADBOT LOVES YOU

Partycat
Oct 25, 2004

Life at last
Salutations from the other side


Plaster Town Cop

Would you care to pass along any major trouble you had with mikrotik in this sort of application? Iíve been unclear on high throughput perf on their x86/CHR platforms

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«413 »