|
Figured this would be the best place to ask this. Has anyone had experience with PepLink devices in combination with Riverbed devices? We're preparing to start doing full data replication of our VMware environment across 6 sites and obviously are going to need ridiculous amounts of bandwidth (especially during the initial replication). All of our sites are out of major metro areas so our MPLS costs are stupid, so stupid in fact, that we're going to shell out the money for this and try it for a month to see how it works. Before I go too far down that road, I wanted to see if anyone had any experience with it.
|
#
?
Mar 22, 2011 13:54
|
|
|
|
| # ? Apr 27, 2024 23:32 |
|
|
jwh posted:I turned up some additional transit with Cogent the other day, and I hadn't before seen their approach to BGP: This is kind of how they all work though, isn't it? /32 is still within the /30 range, and is where their BGP routes come from. Route server is basically dedicated hardware to issue routes instead of having to waste processing time on a router, plus easier BGP management per customer. Zuhzuhzombie!! fucked around with this message at 15:27 on Mar 22, 2011 |
|
#
?
Mar 22, 2011 15:07
|
|
|
Anyone ever added a 4 port OC-12 card to a 15454 running V4.1.6 of CTC?quote:Versions: Cisco website says you only need 3.3.0 to run the card but I don't seem to be able to add it. I only have a OCn option in CTC for OC-12 and that's the 1 port card. CTC sees the card as a OC12IR-STM4-1310-4 in the inventory screen. [edit] gently caress I don't have the right XC card in this chassis. FatCow fucked around with this message at 16:26 on Mar 22, 2011 |
|
#
?
Mar 22, 2011 16:20
|
|
|
I have an IPv6 internet connection with Cogent at Equinix Ashburn VA and I'm using a directly connected eBGP peer. My IPv4 is with someone else, so I have no idea how they are doing eBGP for that.
|
|
#
?
Mar 22, 2011 16:38
|
|
|
They are inconsistent right now with how they peer people. I have 2 peerings with them in 60 Hudson. One of them has 2 peers and the other is a single peer.
|
|
#
?
Mar 22, 2011 16:51
|
|
|
Hey guys, I have like 50 users in each location. Is it even useful to have VLAN's? I am having a lot of interviews lately and I don't want to sound like an idiot. I would think using VLAN's would only be for if you have at least 200+ users in one location or subnet.
|
|
#
?
Mar 22, 2011 18:13
|
|
|
In terms of performance? Segregating traffic probably wont make that much difference unless there's some really chatty machines on the network. The security aspect of VLANs is probably more in line with a 50 user location.
|
|
#
?
Mar 22, 2011 18:25
|
|
|
Martytoof posted:In terms of performance? Segregating traffic probably wont make that much difference unless there's some really chatty machines on the network. The security aspect of VLANs is probably more in line with a 50 user location. Well its 50 users per location and there are really only 2 locations. Yeah, the security aspect would be nice and I suppose I could separate them via department for practice, would it work over my VPN IPSec connection?
|
|
#
?
Mar 22, 2011 18:48
|
|
|
Bardlebee posted:Well its 50 users per location and there are really only 2 locations. Yeah, the security aspect would be nice and I suppose I could separate them via department for practice, would it work over my VPN IPSec connection? Think about it.
|
|
#
?
Mar 22, 2011 19:16
|
|
|
Bardlebee posted:Well its 50 users per location and there are really only 2 locations. Yeah, the security aspect would be nice and I suppose I could separate them via department for practice, would it work over my VPN IPSec connection? you could make it work, but don't. It's bad practice to extend layer2 outside of a single physical location.
|
|
#
?
Mar 22, 2011 19:22
|
|
|
Bardlebee posted:Well its 50 users per location and there are really only 2 locations. Yeah, the security aspect would be nice and I suppose I could separate them via department for practice, would it work over my VPN IPSec connection? In that size office, the generic reasons you'd want to use more than a single vlan would probably break down to the following. 1. VOIP - standard practice to pull voice away from data traffic for QOS, also using auto-qos makes this really easy to setup a basic install. 2. Segregating users into separate monitoring groups (ie setting up web filtering and managers don't get filtered.) 3. creating a dirty VLAN for guest wireless that doesn't have access to internal resources but allowing them access to the internet
|
|
#
?
Mar 22, 2011 19:31
|
|
|
Powercrazy posted:you could make it work, but don't. It's bad practice to extend layer2 outside of a single physical location. I think his question was about putting two L3 segments in one site through a tunnel to two L3 segments at the other. Short Answer: yes, you just use more lines in your crypto-map. a -> c a -> d b -> c b -> d
|
|
#
?
Mar 22, 2011 20:20
|
|
|
Tremblay posted:Think about it. This helps, I guess? Not to be a jerk, but I am kinda new at this here Cisco thing. This is what I see when I think about it.... Yes it's possible to have separate VLAN's connect to each other across a VPN IPSec, but how would I make the crypto map? It would look like 192.168.2.0 to 192.168.2.0 network.... wouldn't it? If each VLAN is a subnet, what do you do when the other half of your subnet is at a different physical location? I don't know, or else I wouldn't be asking. The only thing I can see is separation of my two current physical locations. As in Site 1 would have VLAN 1, 2, and three. Site 2 would have VLAN 1, 2, and 3 but they wouldn't be the same VLAN's, they would have different subnets like VLAN 1, 2, and 3 at site one would be 192.168.1.0, 2.0, 3.0. While Site 2 would be 4.0, 5.0, and 6.0. Does that make sense? I think I just confused myself. I guess my end question is, if I wanted to make VLAN's connected between two sites across a VPN connection, how they hell would I crypto map that? The route would literally say "Ok, your from 192.168.1.0 and you want to go to 192.168.1.0.... right..." EDIT: I could segregate the two sites into two separate subnets, but then they would be in separate VLAN's once again and would defeat what I am trying to do.  EDIT2: I know I edit a lot. I guess the best practice would to create separate VLAN's at each location and just have an ACL stopping the VLAN's from going to where they are not supposed to go, or just allowing certain traffic. Easy enough. Sorry to overcomplicate this thing. Bardlebee fucked around with this message at 21:57 on Mar 22, 2011 |
|
#
?
Mar 22, 2011 21:55
|
|
|
Bardlebee posted:what do you do when the other half of your subnet is at a different physical location? Don't do THIS ^^^. Powercrazy posted:you could make it work, but don't. It's bad practice to extend layer2 outside of a single physical location. Seriously.
|
|
#
?
Mar 22, 2011 22:13
|
|
|
quote:If each VLAN is a subnet, what do you do when the other half of your subnet is at a different physical location? I don't know, or else I wouldn't be asking. Depends on how you want to do it. Layer 3 then subinterface your interfaces on the routers and encapsulate them to carry over the vlan tags. Create a DHCP pool one one router, put an interface vlan ### on each switch with management IPs, and you should be set to go. Or just trunk one switch to another.
|
|
#
?
Mar 22, 2011 22:13
|
|
|
Don't put each location in the same internal IP schema. You can set up a VPN between two locations and pass internal network traffic easily as long as they aren't the same subnet. Basically on an ASA you would configure your normal isakmp and ipsec information, but when it comes to the ACL you would need two, one is the interesting traffic (eg: access-list TUNNEL1 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0) and then a no nat ACL configured on your inside interface, which is telling the traffic above to not be natted to an external IP when going over the VPN (same ACL, but you use the access-list name that you've defined on your inside interface) edit: I looked back and noticed you didn't mention an ASA but it's still doable without one. Sepist fucked around with this message at 00:17 on Mar 23, 2011 |
|
#
?
Mar 23, 2011 00:04
|
|
|
I guess there is no harm in practice. I suppose I can just split one of my locations into two subnets and do a router-on-a-stick config and have them use separate crypto maps.
|
|
#
?
Mar 23, 2011 04:46
|
|
|
Bardlebee posted:This helps, I guess? I wasn't trying to be a dick or insult you. Sometimes it's easier for me to think through something out loud. You typing out your thoughts served a similar purpose. L2TP is one option, and you can do L2 MPLS. When both sides of a VPN have the same IP scheme you can always NAT traffic as it leaves the tunnel. The other posts cover this succinctly so I'll shut up now. Side note, where are you located and are you willing to move?
|
|
#
?
Mar 23, 2011 05:46
|
|
|
Just been reading about the Open Networking Foundation. Does anyone know anything about this? Looks like a smart idea that will hopefully come up with some cool stuff...
|
|
#
?
Mar 23, 2011 14:13
|
|
|
Tremblay posted:I wasn't trying to be a dick or insult you. Sometimes it's easier for me to think through something out loud. You typing out your thoughts served a similar purpose. L2TP is one option, and you can do L2 MPLS. I am not to well versed in MPLS, as I am CCNA level, but you make a solid point about the NATing. I guess the best thought is that there really is no reason to do what I am doing. Not sure why the question even came up. I should just keep physical separate if they are between networks. I am not willing to move yet unfortunately. In Texas there are quite a few jobs. I have been on the market with my CCNA for two weeks. I already had 7 people call me. I didn't think you were being a jerk by the way, you have a good point I should think through more on how encapsulation and other smaller features work before I try to think on higher layers. One of my bad traits is I sometimes forget the small (packet sized) things.
|
|
#
?
Mar 23, 2011 14:52
|
|
|
Badgerpoo posted:Just been reading about the Open Networking Foundation. Does anyone know anything about this? Looks like a smart idea that will hopefully come up with some cool stuff... There's already some cool stuff- I mean you can build your own MPLS LSR using a PCI board and open source software that forwards at line rate thanks to the ASICs on the PCI board. Only really useful for R&D type work right now, but I guess this group is looking to change that.
|
|
#
?
Mar 23, 2011 15:15
|
|
|
Zuhzuhzombie!! posted:This is kind of how they all work though, isn't it? No, I mean, it's a /32 outside the directly connected /30.
|
|
#
?
Mar 23, 2011 15:30
|
|
|
If you're interested: http://www.cogentco.com/files/docs/customer_service/guide/na%20user%20guide.pdf Pages 20-22
|
|
#
?
Mar 23, 2011 15:44
|
|
|
Any of you have experience on getting your Secret or Top Secret clearance? I have an interview for a "Baby's first Net Engi Job" at a military hospital tomorrow. I will be checked for clearance and I guess given Secret clearance. Makes me feel like an agent, if I get it that is. 
|
|
#
?
Mar 23, 2011 15:51
|
|
|
I never really understood how that worked- I always thought you had to somehow have clearance beforehand.
|
|
#
?
Mar 23, 2011 16:01
|
|
|
jwh posted:I never really understood how that worked- I always thought you had to somehow have clearance beforehand. The way the man described it to me is that I will be watching another network engineer do his job, and perhaps helping but he has to write on a form about him being there. So the first like month and a half ill be just looking over his shoulder going "Why you doin' that?" "How that work?" It's pretty much the most extreme awesome position that has been on the table so far, just the experience alone. Forget that military pays more. The network is ginormous! It's a 6 month contract to hire and the guy says "Well your resume looks good and has all the things they look for to keep you on full time after", but its a recruiter, so ninety percent of that is blowing smoke. Either way, its a chance I am willing to take. Working for the military is going to be both awesome and horrible, mainly due to the litigation involved and political crap I'm sure. EDIT: If I find myself unemployed in six months, I will have a secret clearance, which would be well worth the risk alone I think. I live in a city with like 7-8 air force bases so there are constantly a lot of jobs for secret clearance network dudes. Bardlebee fucked around with this message at 16:08 on Mar 23, 2011 |
|
#
?
Mar 23, 2011 16:06
|
|
|
Bardlebee posted:Any of you have experience on getting your Secret or Top Secret clearance? You will fill out a bunch of tedious paperwork at the end of which nothing interesting happens.
|
|
#
?
Mar 23, 2011 16:25
|
|
|
Bardlebee posted:Any of you have experience on getting your Secret or Top Secret clearance? I have an interview for a "Baby's first Net Engi Job" at a military hospital tomorrow. I will be checked for clearance and I guess given Secret clearance. Makes me feel like an agent, if I get it that is. Secret is easy, you just fill out an SF-86. They do a criminal records check on you and possibly some interviews. You'll likely have an interim clearance in a month or so. Full clearance could take a lot longer. This is a contractor position I take it? Veterans Affairs?
|
|
#
?
Mar 23, 2011 16:32
|
|
|
jwh posted:I never really understood how that worked- I always thought you had to somehow have clearance beforehand. Depending on the need, the contracting firm will sponsor you and do all the annoying paperwork/etc for you and all you have to do is show up and enjoy yourself. Secret is a bit of a breeze, TS is more paperwork and from there up there are all sorts of interviews and hell to pay to get the next steps. Don't lie about anything. Seriously. It'll gently caress you in the end.
|
|
#
?
Mar 23, 2011 16:50
|
|
|
inignot posted:You will fill out a bunch of tedious paperwork at the end of which nothing interesting happens. Well, I guess that sounds about right. I assume though getting your clearance is a pretty big deal though as far as our industry? I mean as far as another notch in the belt kind of way when your looking at positions that say "Need current secret clearance". EDIT: Tremblay, I don't think its Veteran Affairs, its just a Army Medical Center, so they have thousands of nodes and maybe even tens of thousands. They are apparently adding 3000 more nodes, so that is why there is an immediate need. Workape, my friend said he was asked if he ever downloaded illegal content like music. Not sure how true this is, but he said yes. Keep in mind my friend is also an idiot, so they probably didn't ask him something like that. Bardlebee fucked around with this message at 16:53 on Mar 23, 2011 |
|
#
?
Mar 23, 2011 16:50
|
|
|
Having clearance opens doors but then you are stuck working for the Government and working for the government sucks. I prefer private industry myself.
|
|
#
?
Mar 23, 2011 17:17
|
|
|
Powercrazy posted:Having clearance opens doors but then you are stuck working for the Government and working for the government sucks. This is what I was concerned about, but I am willing to work for the government for a number of years for the experience and pay they provide. I am sure there is going to be a lot of CC bullshit and paperwork crap. Here's hoping.
|
|
#
?
Mar 23, 2011 17:23
|
|
|
Powercrazy posted:Having clearance opens doors but then you are stuck working for the Government and working for the government sucks. There's always contractors that serve the government. Many of those positions still require some degree of clearance.
|
|
#
?
Mar 23, 2011 18:10
|
|
|
CrazyLittle posted:There's always contractors that serve the government. Many of those positions still require some degree of clearance. Or just don't apply to jobs that need clearance? I don't see why having clearance locks you into working for the government. If anyone wants to work in RTP, NC and has a few years of experience with networks. (Must be good at BGP/OSPF(or other similar IGP) PM me your resume. Neck bearded mega-goons need not apply, we're not "goony" at all. FatCow fucked around with this message at 18:15 on Mar 23, 2011 |
|
#
?
Mar 23, 2011 18:12
|
|
|
FatCow posted:Or just don't apply to jobs that need clearance? I don't see why having clearance locks you into working for the government. I think he means fed jobs typically require clearance for working with them and not much else outside public office require them. Having clearance pretty much guarantees you finding a job, whether it's contracting or a job with an agency. Getting clearance is another issue on its own.
|
|
#
?
Mar 23, 2011 18:33
|
|
|
FatCow posted:Or just don't apply to jobs that need clearance? I don't see why having clearance locks you into working for the government. Security clearance expires over time if you're not in a position that requires it. Those jobs also typically pay more. It makes sense to continue working in those positions if you're able to get a clearance from another job, because getting it is practically nepotism at its finest: invite only. CheeseSpawn posted:I think he means fed jobs typically require clearance for working with them and not much else outside public office require them. Having clearance pretty much guarantees you finding a job, whether it's contracting or a job with an agency. Getting clearance is another issue on its own. Jobs at specific sectors of the fed require security clearance. Private companies that bid on contracts in those sectors ALSO require a security clearance. You can work a job that requires it, but is not a public/government job. Of course... first you have to get the clearance, but to get the clearance you have to work at a job that requires it. That's the whole "chicken/egg" paradox about security clearance requirements. CrazyLittle fucked around with this message at 18:38 on Mar 23, 2011 |
|
#
?
Mar 23, 2011 18:36
|
|
|
Right. Since clearance expires eventually if you don't use it, then that means the next job you take has to require clearance so that you don't lose your clearance and can therefore get a job that requires clearance in the future. So you are stuck working government/contractor jobs that while they pay well, have a host of disadvantages on their own. Anyway, starting at a job that requires clearance is a great step-up and I'm sure you'll learn a lot, hope it works out.
|
|
#
?
Mar 23, 2011 18:51
|
|
|
Powercrazy posted:Right. Since clearance expires eventually if you don't use it, then that means the next job you take has to require clearance so that you don't lose your clearance and can therefore get a job that requires clearance in the future. So you are stuck working government/contractor jobs that while they pay well, have a host of disadvantages on their own. Yeah, but at least if you -have- the clearance you still have a choice to turn down the next sec job and go take a regular position. That's not true in the other direction: you don't have the luxury of taking a sec job without having a sec clearance first, or that golden ticket invitation. IE: You're better off taking a sec job if you have the chance. That gives you the opportunity where if you don't like your current sec job you can take any other sec job OR any other private sector job.
|
|
#
?
Mar 23, 2011 18:55
|
|
|
CrazyLittle posted:Yeah, but at least if you -have- the clearance you still have a choice to turn down the next sec job and go take a regular position. That's not true in the other direction: you don't have the luxury of taking a sec job without having a sec clearance first, or that golden ticket invitation. This is sort of how I am looking at it, as I have stated previously my city is surrounded by air force bases and army medical centers. I see probably 3 Secret Clearance jobs to every 1 normal position. Now, if I hate it at the medical center then I can always leave to standard corporate, but in my position this is the best for me because I will be able to say I have Net Engi experience. Right now I can't legally say that. Any job that will give me that AND a Secret Clearance is a win win. Let's just hope I don't flub the interview tomorrow morning.
|
|
#
?
Mar 23, 2011 18:59
|
|
|
|
| # ? Apr 27, 2024 23:32 |
|
|
Got a headscratcher here that I just can't figure out. A customer (we're an ISP) is having trouble accessing a LAN range at a remote site. Their pings stop at our PE to the remote site. If I ping from the PE it reaches. If I ping from another router within our network, it stops at the PE. The address is being advertised from the customer site through RIP and being redistributed into BGP. code:code:code:Can anyone offer any insight into this? If theres any more outputs required please let me know.
|
|
#
?
Mar 24, 2011 15:41
|
|
