Some core gear just racked in my new DC. Cisco Nexus 7710, and a pair of Nexus 6001's on top of that. Above that is a 2901 for oob console access and a 3850 for misc. connectivity. The other half of the core of the DC is on the other side of the room. Not pictured are 40 Nexus 5548's and 32...
Since we've been on the subject of surplus gear. Here is a bunch of 3550's, RPS's, a 4006 some parted out 6500 chassis and a 7206 vxr plus probably some other junk. Stack is about 7 feet high. And, no, I can't give away or sell any of this, sorry :P.
You aren't going to get anywhere near a gig of routed throughput using a router unless you want to spend big money (i.e. 7200 series cisco with NPE G2) or better. Best bet is to go with a layer 3 capable switch such as 3560X which has 2 10gig uplinks (or 4 1gig) and 48 copper 1 gig ports.
Here is my lab rack for getting in some quality hours in with the CCIE R/S lab blueprint:
5 - 2811's
1 - 2821
3 - 3560-24
1 - 3560-48
Missing are some 2611's that will be some backbone routers and a frame switch and a load of serial interfaces. Should be fun!
LACP has nothing to do with the load balancing on an etherchannel hence the acronym Link Agregation Control Protocol. It only performs negotiation between switch and host or switch and switch to bring up the port channel and notifies each end when a port drops out or is added to the channel...
My poor baby F5's :P
Netscalers look decent, but I have never used them and know F5 fairly well and had to get something up and running fairly quickly. Guess I should download their virtual appliance and test it out.
Yeah, 10G links on the 7k's are dedicated. Fabricpath would have been cool but it wasn't supported in nxos yet on the 5548's (maybe now? I haven't looked). I'll keep an eye on the M1 cards. So far so good.
Budget didn't allow for dual sups in each chassis. I plan on pushing for them again when there is money available though. No too worried about single M1 (not F1 ;) ) and 48 port copper card in each as both chassis have one and everything north and south are either vPC'd or have dual routed...
Haven't been a lot of pics lately so here are some of our data center network upgrade:
Rear of rack containing two Nexus 7010's which will handle core routing and data center aggregation duties.
Front of one of the 7010's.
Pair of Nexus 5548's handling access layer duties for UCS...
If you want to block explicit ports you have to use an extended access list which are numbered 100-199:
i.e.: access-list 100 permit tcp any any eq 80 permits all http traffic from any host to any host
Access lists 1-99 are standard access lists and allow/deny traffic based on a source...
There are two different signalling methiods, one is CCS, Common Channel Signalling, which uses one channel out of the 24 DS0's in a T1 to handle all signalling. Then there is CAS, which is Channel Associated Signalling (I think, not sure), which actually inserts signalling data into the data...
That seems like a waste of money to buy a physically separate infrastructure just for the phnoes. And considering a single call will be at the most (using g711 including headers) around 87kbps, gig ports just for a phone is overkill. I would revisit your design and implement QoS on your...
The config lines look like this:
redundancy
mode sso
main-cpu
auto-sync running-config
but this is only applicable if you are running dual supervisor modules. Here is the document from cisco's site that covers all of it...
SSO is Stateful Switch Over between the Supervisor modules. It syncronizes L2 and L3 information between the primary and backup supervisors in the same chassis so that in the event of the primary supervisor failing or being shutdown for maintenance, the backup supervisor will take over all...
* What was your major?
Electrical Engineering
* Briefly describe your career path since graduation
1st level helpdesk at local ISP
2nd level network support at same ISP
Network engineer at Biotech
Sr. Network engineer at same Biotech
* What is your current position and how long have...
You may want to wait until after business hours to turn on spanning tree. When you turn it on, all ports will probably reinitialize to the blocking state before going through the llistening-learning-forwarding states so you may have about 45 seconds of downtime while spanning tree converges.
Okay, here we go. I finally have some pictures from our new HQ building:
Lets start with our dual 600KW UPSs.
Lots of conduits!
Yeah, I don't think I'm sticking my hang in there!!
Here are the PDUs that feed power to floor 1 and 3-12 network rooms from the main UPS shown above. Floor...
Which routing engine are you using in that chassis? Sounds like you are just hitting the ceiling in terms of raw packet throughput if you have an older route engine.
Ahh, sorry. This is my first time be gentle. Here is my Ebay feedback. Thats the only place else I've sold anything.
http://myworld.ebay.com/edennington/
I have one in my rig now OC'd at 600MHz Core 1003MHZ RAM with no issues. Can't go any higher due to my power supply but there is room left to push it if I had a bigger PS. Temps are around 69C at full load with the fan running at 100%.
Yeah, it was fairly pricey (a little over 100k if I remember) but that included all the piping, manifold, chillers and RC units (5 of em). The price was worth it though as the old cooling system just wasn't designed correctly and it would have cost more to re-engineer it than to rip it out and...
Thanks! The APC cooling solution works really well. I'll have more pictures from our new HQ building next month. The MDF alone is as big as this server room :-D.
Here are some pictures of one of the data centers for my company. This is probably the smallest one we have. Below is a pic from the front of the room. There are about 30 server racks in this room i a hot isle/cold isle config.
Here is the APC in-row cooling solution we recently...
The one problem with passing the VPN tunnel through the firewall and terminating it on the server would be if anyone decided to do anything malicous, all their traffic would be encrypted and therefore, you would have no firewall logs of the activity.
If this is a business, I would...
Split tunneling needs to be enabled to allow access to local network resources while the VPN is active on the client computer. This would be a setting on the firewall/concentrator the VPN client connects to though.
if you are buying new, expect to pay at least $3k just for the interface card to go in the router (HSSI or BNC connectors). You may be able to find some good deals on ebay though.