Search results

  1. J

    BGP Dual home Problem

    Incorrect -- the limit is /24. Forcing anything less specific means you should tell your SP to do their job properly or dump them for one that does. Most SPs are terrible -- I usually need to repeat "escalation" 5 times before I get someone who knows what they're doing. As long as you...
  2. J

    Help on a connection to a Cisco 2970G

    A bit more of a stretch, try "switchport nonnegotiate" as well. I recall this giving me problems at some point. This "feature" is called DTP and tries to negotiate the other side to be a trunk and occasionally confuses the other side. (another annoying Cisco command btw). Also, try playing...
  3. J

    Cisco 2960S - Flow control

    No offense taken. The financial industry is full of nutcases like myself. We actually look at packet rates down to the millisecond-by-millisecond level and export buffer levels from switches (5-10 microseconds granularity from the Nexus3K and the like). We've seen a 5 Gbps 1 milisecond burst...
  4. J

    Cisco 2960S - Flow control

    Don't turn on flow control -- it probably won't fix anything. Flow control from the switch's perspective requires a pause frame to be sent from the connected host to the switch, which is essentially a white surrender flag. A host rarely does this unless something is really wrong with it or the...
  5. J

    Help on a connection to a Cisco 2970G

    en conf t int g0/25 speed nonnegotiate This is 100% likely to solve your problem, provided it is a working Cisco SFP supported by the 2970 and the fiber isn't damaged. Those speed 1000 / duplex commands don't apply for this. And flip polarity again if you have to. This is the most...
  6. J

    A small datacenter build and other projects

    We also use infiniband extensively. It is used in every serious wall street / financial firm in the world like mine, as well as a lot of HPC environments. We don't care about the cost savings. The latency difference (especially due to RDMA) is huge. RDMAoE/iWARP isn't quite there yet...
  7. J

    Network pics thread

    Haven't had the chance to look at it yet -- there's a few demo boxes on my desk. I'll be evaluating it mid-January. If you're interested, I'll shoot you a PM with what I find.
  8. J

    Network pics thread

    Interesting. We recently passed on 100G and the MX routers for the time being. Although not the same, I think bundled 40G MAN links across DWDM give you a lot better bang for your buck. Also, modern L3 ethernet switches seem to be displacing a lot of chassis routers (if you don't need MPLS...
  9. J

    Network pics thread

    Agreed 100% for L3. For L2, the Arista 7050T would be great and much cheaper. That 3560 abomination is 3+ years old -- and assuming cisco marketing math -- runs at 53% line rate with shallow per-port buffers ... disgusting and overpriced compared to other solutions today.
  10. J

    IT people -- am I paid fairly?

    I feel overpaid too, especially for being 26. Not complaining, though. When I walk around NYC and see ballers with their $100 million condos.. they make me feel poor again.
  11. J

    ISP Gave us 2 ranges. Not sure what to do.

    If you care about reliability, you should never use those. All of them are cheaply made crap ... I looked like a hero when I first went to my new job and fixed a lot of circuit issues by taking all media converters and throwing them on the curb for SPs to pick up later. Also, some SPs...
  12. J

    can you get around broadcasting between vlans?

    I'm not too sure. ip helper-address makes the DHCP request the source of the vlan gateway (makes sense right? because the DHCP client has no IP). But this is different because it's forward-protocol. Try both and see what happens. It's going to be one IP or the other. I'm going to guess it...
  13. J

    can you get around broadcasting between vlans?

    Looks right to me. Can't tell from the output there, but make sure your SVI address is the physical address, not HSRP VIP or any of that crap.
  14. J

    can you get around broadcasting between vlans?

    As damacus said, you still need the forward-protocol commands as well. The forward-protocol commands tell the router to map UDP ports to the helper address anytime a broadcast message comes in. The ip directed-broadcast command is completely separate -- the only thing it knows is that it has...
  15. J

    can you get around broadcasting between vlans?

    Yes, that's correct. I've used this once in a lab before. Just be careful with ip directed-broadcast ... that does more than you think. Aside from your helper statement with those ports, any packet destined for sourced from anywhere in your network will be flooded on that vlan...
  16. J

    New Building - Cat6 or Cat6A

    If your runs to the IDF are long, I think Cat6A is a good investment to make. Right now I have a 10gig access network for my 10gig server farm with fiber and DAC. For my 1gig server farm and user access, I have gigabit over cat5E. I plan to upgrade general purpose servers to 10gig Cat6A once...
  17. J

    New Network build.

    A lot of us have built networks and want to help you. However, for you to get any value out of this thread, you need to be much more specific as "building a network" can mean anything. For instance, I have roughly 30 sup720-3c based 6500s, 30 10gig 48 port switches, 30 4948s, 6 nexus 7Ks, my...
  18. J

    POE and patch panels

    That's not what I meant by harder to manage. Rather .. I have tons of 6500s. Now let's say I'll buy a Dell or HP stack for VoIP. That means: new hardware platform (which entails new code with new bugs, new limitations/nuances, new spare parts to keep around, new thing to learn/re-learn...
  19. J

    POE and patch panels

    I have 4 6509-V-E with dual sup720s providing PoE for my VoIP. Overkill? Not really. All of my user access switches are the same ... the only difference is the VoIP ones have the PoE linecards instead. Then, if there's a problem with one of the regular user switches, they can just switch...
  20. J

    Frustrated by the lack of degrees and training for this field by colleges

    Computer science is NOT just programming. I'm so sick of this misconception. This major teaches you how to think. The main benefit of majoring in computer science/engineering is not learning how to code in assembly and C ... instead, it's because it teaches you how to: 1) Analyze problems...
  21. J

    Cisco Routed Ports on Layer 3 Switch

    Is GRE supported on the 3750 in newer code now? I had to build a tunnel to some stupid vendor on a 4948 because it wasn't. And netflow wasn't working on it either ... but maybe the new gen 3750 does it? I don't buy them anymore. WCCP doesn't support an extended ACL on a 3K or even a 4K. It...
  22. J

    Cisco Routed Ports on Layer 3 Switch

    Most good L3 switches will talk BGP/OSPF/EIGRP no problem. I meant more at the IP services level. No NAT support No GRE support No per-packet load balancing No MPLS Weaker traffic accounting (no netflow, less working counters) Weaker QoS policies (no NBAR, no MQC, no object-groups, no...
  23. J

    Cisco Routed Ports on Layer 3 Switch

    Sort of ... I think we're on the same page. The ASICs in a L3 switch can do some functions in their sleep across all the ports. Pretty much all the 10gig/40gig 1U switches can do line-rate routing between vlans if all the ports were 100% utilized. But for the functions it can't do in the...
  24. J

    Certs vs Experience?

    I'll agree with cyr0n here. My company would pay for me to finish my CCIE, but I have no desire to do so. Why? Well, it wouldn't make any difference. My pay already increases a lot every year, I'm already one of the main guys on an advanced network that I can easily handle, and now I'm...
  25. J

    Network pics thread

    At my last gig, I needed fiber and copper in the datacenters ... so I deployed 4200-48Ts with 4200-24Fs in a VC. The 4500 wasn't ready in terms of code to have it stack on the 4200. I didn't really care about the single point of management. In the colos that I put these .. I only had a few...
  26. J

    Network pics thread

    Yeah ... we use Riverbed/Palo Alto too ... not too many people know about those. Nice Juniper gear by the way -- I'm assuming they finally let you stack the 4500 with the 4200? When I bought them at my last gig that wasn't supported. The 4200 was rock solid ... it ate any advanced routing...
  27. J

    Blocking ICMP on a Cisco router

    The example given makes you very vulnerable to the outside word still. I recommend using tcp any any established instead of permit ip any any, and allow DNS, etc etc. You should also lock your VTY lines so that they can only be accessed from your LAN IPs.
  28. J

    Cisco 2651 throughput

    That Cisco PDF is based on 64 byte packets. In the past, I've used professional traffic generators a lot (Ixia, Spirent, BreakingPoint). 64 byte packets is the most stress that you can put on a router ... it's the smallest packet you can have, which drives up the packets/sec, which is what...
  29. J

    Unemployed? Good at Networking? Let's Talk!

    Didn't think you'd take that so personally. Yes, I'll agree that it's very decent if you're unemployed and average otherwise .. but I think most will agree that a great network engineer is rarely unemployed. Right now his job hunt is proving that. He's getting a bunch of under-qualified...
  30. J

    Unemployed? Good at Networking? Let's Talk!

    Speak for yourself. Based on the required skill set, and the fact that you have to live there ... I'd need at least quadruple the offer to consider ... and I probably still wouldn't accept it. I'm not trying to be an asshole, I'm being dead honest.
  31. J

    Future for IT pros?

    I'm biased, but I think that's the correct move to make. I have a B.S. in computer engineering ... and out of my 5 calculus classes, 2 of them were Bs, 3 were Cs .. and 2 of those Cs were after a drop from the previous semester lol. Although, it had no impact on getting several great offers...
  32. J

    Lancope IPS

    Yeah ... Stealthwatch is an AMAZING product, especially with how fast the thing can rip through netflow -- and we were throwing a lot of shit at it. Generally I despise network management products, but this has a very intuitive interface ... you almost can't hate it. I did a 3 month demo at my...
  33. J

    Extreme Networks

    I'd avoid them if I were you. They're ok for L2 ... but they are pretty bad at L3 (and extremely bad at L3 multicast). As for CLI ... for basic features, it's ok to use ... for advanced features, it's a real pain in the ass to use. (e.g. to negate some commands, you have to put the "no" midway...
  34. J

    Dealing with none technical IT Managers

    Personally I don't mind them much. They almost always just take my word for whatever I say. Though I don't deal with those kind anymore now that I'm not at a big company. It's the arrogant, yet terrible network engineers I deal with from vendors that I absolutely cannot stand...
  35. J

    Reward first PFsense firebox

    Agreed 100%. Also, when i googled for firebox ... i don't know why the hell this came across.. some people are nuts lol:
  36. J

    Career Advice in IT Infrastructure

    First, it's better you stuck with CS. Generally speaking, it's a very well respected major. I did computer engineering, and I shit you not ... in my latest interview I was asked all kinds of programming/algorithm questions even though I'm a network architect/engineer. I've been one ever since...
  37. J

    Home office network hardware advice (Cisco vs Juniper)

    I think Juniper makes some great stuff and I have chosen them over Cisco a few times with great results ... but Cisco is nowhere near "garbage".
  38. J

    Network pics thread

    Having worked for a large company (300,000 employees) to smaller, but rich companies (300-400 employees), I learned a lot. If you're a big company, imagine if every technology person bought whatever they want or even worse, changed configs whenever the felt like it without telling anyone ...
  39. J

    Network pics thread

    Not too interesting of a reason lol. We used to have 4948-10G and 6524s at the majority of our colos ... but deployed 4900Ms and nexus3Ks in favor of that now. So we had a bunch laying around already ... figured we might as well make it consistent. These boxes just use straight up vPC port...
  40. J

    Network pics thread

    Generally, yes. My industry is pretty fucked up though :) But a specific example of this .. I have 5 M1 line cards on two 7010 chassis that are fully loaded. I'm trying to decom my last pair of nasty 6513s "central patch" design and complete our 4948E TOR switch design. Problem is, I...