|
Anyone going to live in Vegas next month?
|
#
?
May 15, 2017 21:59
|
|
|
|
| # ? Apr 19, 2024 02:25 |
|
|
Sepist posted:Anyone going to live in Vegas next month? No, I managed to dodge that bullet.
|
|
#
?
May 15, 2017 23:54
|
|
|
Has anyone used the new upgrade tool to perform an ACS to ISE migration, and did it go well? I did a migration a few years ago and it was easier doing the move by hand. Didn't know if it had improved since then. Also, I had to argue with a senior manager on the phone today during a RFP call that putting in NAC isn't the only reason a telecommunications company using ACS for TACACS would upgrade to ISE. I pointed him to the EOL documentation (which would be a driver if you want support) and he was still pushing for NAC and yammering about cost benefit analysis..... I hate the Big4, but the money's too good. 
|
|
#
?
May 16, 2017 01:47
|
|
|
BelDin posted:Has anyone used the new upgrade tool to perform an ACS to ISE migration, and did it go well? I did a migration a few years ago and it was easier doing the move by hand. Didn't know if it had improved since then. Meh. It's easier to just do it by hand, especially since MAB and authorization profiles in general are handled so drastically different by ISE (assuming you were using ACS for NAC). Recreating a TACACS policy probably takes about as much time as it would to use the migration tool. quote:Also, I had to argue with a senior manager on the phone today during a RFP call that putting in NAC isn't the only reason a telecommunications company using ACS for TACACS would upgrade to ISE. I pointed him to the EOL documentation (which would be a driver if you want support) and he was still pushing for NAC and yammering about cost benefit analysis..... I have a US military customer who is going to pay us a lot of money to help them do an 802.1X rollout with ACS (lol manually whitelisting 5000 headless devices by hand instead of profiling) because they "want to do the taxpayers right by getting their money's worth from ACS". The O2 spearheading the project repeated this line even after I explained to him that the services associated with this, plus the inevitable ACS to ISE migration in another two years' time, would eclipse whatever cost savings they thought they were getting by holding out on the ISE plus license.
|
|
#
?
May 16, 2017 02:15
|
|
|
psydude posted:Meh. It's easier to just do it by hand, especially since MAB and authorization profiles in general are handled so drastically different by ISE (assuming you were using ACS for NAC). Recreating a TACACS policy probably takes about as much time as it would to use the migration tool. Yeah, I had that with my last job. We had too many workgroup switches (about 200 for 500 desktops) to deploy effectively. Don't undervalue future money. Labor's free! The current customer has about 100k devices and wants to prune it down to about 50k. Not sure how they want to decide what to keep and what to throw away, though. I assume I would have to export from ACS, modify the data, and then massage and import into ISE?
|
|
#
?
May 16, 2017 02:39
|
|
|
Sepist posted:Anyone going to live in Vegas next month? Yep. A good 20 people from my work are.
|
|
#
?
May 16, 2017 07:50
|
|
|
Has anyone ever used the Mellanox Spectrum switches? Yay/nay on MLNX-OS just to get basic host connectivity and L3/BGP processing?
|
|
#
?
May 18, 2017 22:47
|
|
|
doomisland posted:Has anyone ever used the Mellanox Spectrum switches? Yay/nay on MLNX-OS just to get basic host connectivity and L3/BGP processing? Mellanox are fantastic if you're running some infiniband stuff. RUN THE gently caress AWAY from the ethernet switch side. Overpriced (yes, they are much cheaper than other similar options), next to impossible to find converters to make interface communicate properly, breakout cables everywhere and you can only connect in a bizarre moon man pattern on the interfaces, and basically everything about configuring, reading the config, reading the logs, and every other basic task you do with switches takes five times as long. We bought 4, 2 for our core services, 2 for some client team's project. Replaced the services ones within a year, and after the month and a family of goats, we got the client one actually functioning for their setup which is now permanent until decommission of the whole thing because several additions they wanted to make just broke the whole drat thing when they were tried. Maybe they've gotten better in the last 2 years, but they were a nightmare while they lasted for us.
|
|
#
?
May 19, 2017 21:21
|
|
|
Slickdrac posted:Mellanox are fantastic if you're running some infiniband stuff. Aw nuts. On paper they look better than Tomahawk switches without dropping huge amounts of cash on vendor chip based switches. The OS being completely different was a worry so it sucks to hear its awful. Also that 48 port 25G + 8 100G port switch seemed to fit well with everything.
|
|
#
?
May 20, 2017 13:44
|
|
|
Does anyone have a link to that good talk by Amazon of how AWS handles networking internally? I think it was in this thread that it was linked, but I can't find it.
|
|
#
?
May 30, 2017 19:04
|
|
|
https://www.youtube.com/watch?v=Zd5hsL-JNY4 https://www.youtube.com/watch?v=St3SE4LWhKo ??
|
|
#
?
May 30, 2017 19:05
|
|
|
Yup that's it. Thanks
|
|
#
?
May 30, 2017 19:07
|
|
|
They're more or less identical talks, so just watch the 2016 version
|
|
#
?
May 30, 2017 19:17
|
|
|
Anybody at NANOG this week?
|
|
#
?
Jun 6, 2017 02:15
|
|
|
So what's the new hotness for routing 40gig/sec full table BGP?
|
|
#
?
Jun 15, 2017 00:01
|
|
|
Can't go wrong with MX.
|
|
#
?
Jun 15, 2017 02:45
|
|
|
ASR is still the top of the line Cisco router unless something is announced at live.
|
|
#
?
Jun 15, 2017 02:55
|
|
|
Dont get the MX80 or 120, or whatever its called, though.
|
|
#
?
Jun 15, 2017 05:03
|
|
|
40gig through the platform? Or 40G interfaces? Either way, in 1RU it's Arista.
|
|
#
?
Jun 15, 2017 09:38
|
|
|
doomisland posted:Dont get the MX80 or 120, or whatever its called, though. 104. Yeah slow PPC CPUs. Any chassis based one is good. MPC7-MRATE have decent density.
|
|
#
?
Jun 15, 2017 12:09
|
|
|
tortilla_chip posted:40gig through the platform? Or 40G interfaces? Either way, in 1RU it's Arista. How is Arista for routing and BGP? I've been wary of routing with them on the edge because of a lack of features, no PBR on the 7150's for example. We do use them in our Hadoop Network though. We use MX80's for our edge and they'll be upgraded eventually to MX240's probably.
|
|
#
?
Jun 15, 2017 21:51
|
|
|
tortilla_chip posted:40gig through the platform? Or 40G interfaces? Either way, in 1RU it's Arista. 40gig interfaces, possibly 80gig aggregate throughput (or realistically 15-20gigabit in/out with actual traffic features enabled)
|
|
#
?
Jun 15, 2017 21:59
|
|
|
ate poo poo on live tv posted:How is Arista for routing and BGP? I've been wary of routing with them on the edge because of a lack of features, no PBR on the 7150's for example. We do use them in our Hadoop Network though. Never choose 240. 480 are 2ru larger but have 6 line cards instead of 2. Cost probably the same.
|
|
#
?
Jun 16, 2017 02:35
|
|
|
I use two arista 7920Rs for my Wan edge routing. Right now peak outbound traffic is about 32gbps with full bgp and 4 peers. I love them.
|
|
#
?
Jun 16, 2017 08:34
|
|
|
If you're just taking tables and schlepping packets around they're great. If you're looking for a high touch box (NAT/PBR/etc) look elsewhere.
|
|
#
?
Jun 16, 2017 11:31
|
|
|
Methanar posted:I use two arista 7920Rs for my Wan edge routing. Right now peak outbound traffic is about 32gbps with full bgp and 4 peers. I love them.
|
|
#
?
Jun 16, 2017 22:27
|
|
|
falz posted:I think there's a typo in this, what's the actual model? For some reason I thought they just made l3 switches without full dfz table size. The 7280R can take full tables with some profile settings. They basically take all of the /24s (of which there are many) and shove them into the MAC address TCAM space instead (since routers will only need to know a dozen or so MAC addresses anyway). So they're able to shave off like 50% of the BGP full tables routes out of the traditional table space and can get everything in there comfortably. I have a few of them with 3-4 different transit providers sending full tables and there's room to grow. You just set it to like "hardware profile internet" and reboot and now you can take full tables. https://www.arista.com/assets/data/pdf/Whitepapers/FlexRoute-WP.pdf
|
|
#
?
Jun 16, 2017 22:34
|
|
|
tortilla_chip posted:If you're just taking tables and schlepping packets around they're great. If you're looking for a high touch box (NAT/PBR/etc) look elsewhere. Yea that's what I figured. Of course we are also using them to NAT at our spoke datacenters, though they aren't running BGP, just OSPF.
|
|
#
?
Jun 16, 2017 23:27
|
|
|
Yes sorry 7280. (Phone posting because on company trip! ).
|
|
#
?
Jun 17, 2017 07:40
|
|
|
Arista may be an answer to the 'new hotness' portion of the question, but using tricks and magic that tops off at only 1mil total (v4+v6) RIB sounds like a disaster in the works for an edge router. Hell their own predictions show it only lasting 3-4 more years. If you need an edge router with actual route scale you should get an actual router and not a layer3 switch. For your QSFP+ throughput question, just check backplane subscription for the line cards if you're looking at MX/ASR9k. Also perhaps consider skipping 40gpbs and go right to 100g QSFP28 as that poo poo's getting cheap and CFP/CFP2 are clearly on their way out. Be sure to also focus on what features you need or will need in the device's lifespan outside of layer3 forwarding. MPLS? EVPN? vlan rewriting? subscriber management? BGP flowspec? VRFs?
|
|
#
?
Jun 17, 2017 19:44
|
|
|
In that same vein of asking which features you need, ask yourself if you need them in the same box.
|
|
#
?
Jun 17, 2017 20:01
|
|
|
Look at these scrubs not deploying VyOS on commodity hardware for their CE routing needs.
|
|
#
?
Jun 17, 2017 21:34
|
|
|
They can afford the proper routers because of all the money they saved on storage by listening to that bloke on Spiceworks.
|
|
#
?
Jun 17, 2017 22:28
|
|
|
Anyone know the xml field for phone numbers in a Jabber contact list? Whenever I google this it eventually falls back to the official Cisco documentation which doesn't mentions phone numbers. I originally thought it wasn't possible, but I saw someone import a list with phone numbers in it but I was obviously too dumb to make a copy of the xml and/or remember the field name.
|
|
#
?
Jun 18, 2017 01:30
|
|
|
Thanks Ants posted:They can afford the proper routers because of all the money they saved on storage by listening to that bloke on Spiceworks. Why would I pay someone for something that I put together myself with a bunch of undocumented configurations and uncommented perl scripts running on OpenBSD? I'm retiring in four months anyway. -Paraphrasing an actual customer that I had
|
|
#
?
Jun 18, 2017 02:15
|
|
|
Any good way to get auto qos on a port channel on a 4500x? I ran auto qos on an unused port, copied the input service policy generated to the port channel interface and the output policy to the member interfaces but the output policy command doesn't seem to have stayed on the member interfaces.
|
|
#
?
Jun 20, 2017 00:09
|
|
|
nescience posted:Anyone know the xml field for phone numbers in a Jabber contact list? Whenever I google this it eventually falls back to the official Cisco documentation which doesn't mentions phone numbers. I'll get back to you tomorrow, but, JID contacts are based on sync or end user data in the UCM. non JID contacts are based on vCard3 format.
|
|
#
?
Jun 20, 2017 00:16
|
|
|
falz posted:Arista may be an answer to the 'new hotness' portion of the question, but using tricks and magic that tops off at only 1mil total (v4+v6) RIB sounds like a disaster in the works for an edge router. Hell their own predictions show it only lasting 3-4 more years. I can buy one every 3-4 years for a while before I'd have paid off an MX.
|
|
#
?
Jun 20, 2017 06:37
|
|
|
 Why does the internet have to suck?
|
|
#
?
Jun 20, 2017 06:40
|
|
|
|
| # ? Apr 19, 2024 02:25 |
|
|
Partycat posted:I'll get back to you tomorrow, but, JID contacts are based on sync or end user data in the UCM. non JID contacts are based on vCard3 format. Yes, so, you can import into the client only Jabber based contacts with a JID and a client's name and group. That's XML based. You can import vCard based contacts if you'd like to do that, and the vCard format supports the work number field. This is how you'd do it from the IM and Presence server under bulk administration. Presumably if you get a vCard you can simply import it into the client under File -> Import Contacts <User JID>,<Contact JID>,<Group Name>,<Content Type>,<Version>,<Info> "tac@cisco.com","5bbf7826-13ac-4d7e-ad3b-9b449020456d","Helpful Contacts","text/directory","3.0","BEGIN:VCARD ADR;TYPE=WORK:ADR\;WORK:\;\;California Somewhere\;\;\;\; EMAIL;TYPE=X-CUSTOM1;X-LABEL=Custom:tac@cisco.com N:TAC;Cisco;;; NICKNAME:Cisco TAC TEL;TYPE=WORK,VOICE:7166453542 VERSION:3.0 END:VCARD" You can add a picture as well if you'd like.
|
|
#
?
Jun 20, 2017 15:08
|
|