Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
Sort
Coming soon
Original Poster11 points · 9 hours ago

Machine is virtualized actually, I have a slightly older snapshot I could revert to but didn't think about doing this while it was rebooting. Main thing is this also happens to users PC's such as Physicians and wanted to apply suggestions to them as well. Thanks again though

see more
7 points · 5 hours ago

replace physician PCs with thin clients.

build a vmware cluster to host the virtual workstation pool.

When a workstation needs "updates", swap the thin client to a new virtual machine that is already updated, then upgrade the now-out-of-service VM, then swap back.

Or, when it's time for updates, simply update your golden image and redeploy all the VMs as new clones.

8 points · 1 day ago

I have a feeling that much acceleration that fast would knock you out in reality.

see more
3 points · 19 hours ago

actually, nearly-instantaneous acceleration can be survived surprisingly well.

Thanks to Col. John Stapp, we know that the human body can easily survive 46.2g.

Additionally, that acceleration, shown in the video, is not vertical acceleration (i.e. it's not sucking blood down out of your head into your chest/legs; It's pulling blood towards your back).

Acceleration of 20G can be sustained for a fraction of a second with no risk to consciousness, provided the head, neck, and spine are appropriately supported to prevent spinal injury.

In that video, acceleration lasts less than 1/4 of a second.

I use a SuperMicro Sys-E300-8D as my router/switch at home.

It comes with 6x 1Gbps NICs, and 2x 10Gbps NICs, with a 4-core processor, no ram, no hdd.

Just add some ram, an SSD, and you are off to the races.

I added a 4x1Gbps PCI-e network adapter to bring it up to 10x 1Gbps network ports.

Then, Installed VMWare on top of it. I run a PFSense VM as my LAN/WAN NAT router.

I also have a few other VMs like a windows server 2016 server with DHCP and DNS, etc...

9 points · 1 day ago

Saskatchewan the most forward thinking province....somehow.

see more
10 points · 21 hours ago

They have lots of time to contemplate the issues.

[BRB, have to turn my combine around].

I setup something like 15 VLANs, and did this:

Port 1,2 = untagged VLAN 1

Port 3,4 = untagged VLAN 2

Port 5,6 = untagged VLAN 3

Port 7,8 = untagged VLAN 4

etc.

Then I plugged cables connecting 2to3, 4to5, 6to7, etc.

With 15+ switched "hops" on a single old 1Gbps switch... Still couldn't get an extra 1ms ping from port 1 to something like port 34.

TL;DR, I got curious, and generally speaking, it doesn't matter a whole lot if you're just pushing frames in and out.

This was done on a HP 1910 (Comware) switch.

see more

This is a design I test things with.

https://i.imgur.com/dKkKKFN.png

There are 17 cable-segments between PC1 and PC2.

A packet from PC 1 to PC 2 will travel through each switch 8 times, effectively simulating 16 switches between the two PCs.

Additionally, you can mirror one of the 10G ports to another of the 10G ports to be able to sniff up to 8Gbps of traffic.

One single TCP flow from 1 machine to the other could go up to 1Gbps; However, that flow passes over the 10Gbps cable in 8 parallel streams as it loops around between the two switches.

If you do this on a 12+ port switch, you can easily generate 10Gbps of traffic with 2x 1Gbps computers.

Attenuation affects power but not the speed of the light traveling...unless my physics understanding is way off. I know there's an attenuation coefficient when you start talking about the phase velocity being greater than the speed of light but I've never read anything about it affecting the speed of light in the material.

see more

It's simpler than that.

Photons don't travel straight down the core of the fiber; they bounce around from side to side. That horizontal travel [be it microns at a time] all adds up and the photon travels farther than the distance of the cable;

ultimately, the photon enters and exits the cable at the speed of light, but the path through the fiber is not linear, it's diagnal relative to the fiberoptic core, meaning the photon's path is about 30% further than the actual A-Z distance of the core of the fiber.

This is not correct:

-----------------------------
- - - - - - - - - - - - - - -
-----------------------------

This is correct:

-----------------------------
/'\./'\./'\./'\./'\./'\./'\./
-----------------------------

Load more comments

I still think the ssd/hdd combo is the best of both worlds. I've got a 500gb boot ssd and a 4tb data hard drive on my pc, the hard drive is perfect for music, movies, older/less resource intensive games, and anything that's just too large to fit on the boot drive. A pair of 2tb ssds by comparison would be a lot more money...

see more
1 point · 2 days ago

I just plug a 4TB Western Digital MyBook bia usb3 into my netgear router and share it as a network drive.

Store all my movies, music, and other "volumous" files.

No reason to have that stuff "in" your computer, especially a laptop.

Don't have access to it on the go then, at least not without opening up your home network.

see more
1 point · 2 days ago

U need more than 300GB of media with you on your machine?

Original Poster1 point · 4 days ago

What are some features you might imagine are missing? Since it's my first managed not-non-managed switch, the only things I knew so far you could do with a managed switch were VLANs and QoS... both of which this has.

see more
1 point · 4 days ago

Unmanaged switch:

  • passes traffic
  • might implement spanning tree (probably doesn't)
  • has no accessible interface or metrics.

Light Managed switch:

  • probably has some shitty interface like a required iOS or android app
  • provides very basic output information (mac address tables, interface speed/status)
  • provides very basic vlan configuration (maximum 8 vlans, access ports/trunks only)
  • no LACP or VTP.

Web managed switch:

  • can do LACP, can do VTP, can do spanning tree, etc...
  • most features available, but with a shitty web gui that is god awful
  • can possibly hack the switch to allow ssh (i.e. hpe 1920).
  • no serial console

managed switch

  • defaults to ssh or serial console enabled, web console disabled
  • way more features
  • etc...
102 points · 4 days ago

You don't just want configuration backups you want interval-based configuration backups that occur automatically and do change tracking and diff calculations.

You should be able to see a list of all of the devices with configurations; then, click on one and see it's current (or most recent from the last 6-hours or whatever) configuration.

You should also be able to see it's configuration at least daily for the last 6 months. (a configuration file is a tiny thing to store).

You should also be able to compare any two configurations so you can see what changed between datetime_X and datetime_Y.

for example, RANCID, or many other platforms.

Original Poster5 points · 4 days ago

I’m going to look into RANCID, that sounds heavenly to be able to do all what your talking about.

My question is, is a daily back up actually warranted? Is that a best practice thing? I definitely will push for this because I want to move to enterprise level networking once a get my degree but is it needed for my environment?

We have about 400-500 employees at 50 locations usually not more 7 at each location except for the main office. These networks are pretty small. Usually a ISP router, sonic wall firewall, managed switch(maybe) and 2 access points (Unifi mostly).

see more
17 points · 4 days ago

A daily backup isn't warranted, but it's super easy to have, so why not have it.

The idea with RANCID is that the RANCID server will SSH to the device, run "show run", collect the output, and disconnect.

(or ssh to a device, grab a config file from a file path on linux or whatever).

Once it's collected this file, it compares it to the most recent one.

If there are any changes, it emails you.

"oh, hey, this interface IP changed. just FYI".

"oh hey, the user account T0ta11y_N0T_A_HaXor was created on your firewall".

"oh hey, firmware version was upgraded to XXX automatically".

It's not just the configuration backup collection; its the configuration monitoring.

collecting the backup config is just a nice by-product of monitoring your configurations.

6 points · 4 days ago

Life, uh, finds a way.

27 points · 4 days ago

In French it is, though.

see more
0 points · 4 days ago

The queen of english-land ain't french.

Original Poster1 point · 4 days ago

Thanks for that insight. I’ve not had any experience with IOS based switches, mainly HPE and Brocades.

Out of curiosity, is this mainly on older versions of IOS or does this still happen today with new releases.

see more
2 points · 4 days ago

still happens.

things like LLDP or CDP can have issues as well.

Original Poster4 points · 4 days ago

I am well aware of VLAN hopping.

As far as I am aware, if your trunks disallow untagged traffic, you should be okay. Is that correct?

see more
-5 points · 4 days ago

from the attack, yes.

but you should still use a different vlan;

only switch-to-switch protocols should be on your default vlan;

CDP, LLDP, LACP, etc...

Ideally, you should do this:

1) create vlan 2 as management vlan.

2) assign any devices that are talking in vlan 1 to talk in vlan 2 intead.

3) set your default vlan as vlan 2.

4) set your management vlan as vlan 2.

5) migrate any non-user-non-switch traffic to vlans other than 1 or 2.

asdlkf commented on
r/funnyPosted by
100 points · 5 days ago · edited 4 days ago

I'd call it a

( •_•)>⌐■-■

Crapshoot

(⌐■_■)

see more
23 points · 4 days ago

No, this is just scatporn on firefox.exe.

54 points · 5 days ago

You have a device with a 50 year MTBF.

You have 50 devices.

It's likely that 1 of them will fail in the first year.

Actually, it's likely that 1-5 of them will fail in the first year.

5 of them will run perfectly flawless for a century.

MTBF is "mean" time between failure; not average, not typical, not 95 percentile.

Don't count on MTBF to be real-world accurate, especially not on the scale of 1, 10, 100, or 1000 devices.

MTBF is statistically accurate only on sample sizes of 100,000 or more devices.

Kinda confused what you mean by "routed by networking equipment".

see more
1 point · 5 days ago

I've seen simmilar things; they "can't be routed"

the protocol implementation of IPv4 is broken. they store IP's but not subnets.

It depends...

Not a super network guy so I may be wrong with terminology, but am a Sysadmin and light & sound technician. Some sound boards that use Ethernet have too large of frames to actually be routed through networking equipment. One example is the behringer x32. Now if you use something like a Dante expansion card and use a Dante network, this would 100% be possible, and probably easiest done with something like ubiquity's powerbeams or nano stations. The only thing they would need is line of site. Doing this with two consumer grade routers, or two commercial grade APs probably would not work well considering density of a crowd, mounting location, and interference.

see more
1 point · 6 days ago

uh... you can increase frame size of routing equipment, too.

you can route up to ~9000-9198 byte frames, depending on the hardware.

Load more comments

asdlkf commented on
r/funnyPosted by
1 point · 5 days ago

66, 67, or 68.

7 points · 5 days ago

Don't shoot at telephone wires.

Yours truely,

all of /r/networking.

asdlkf commented on
1 point · 6 days ago

So, first, I know this is fake from an add.

But my question... at what point is the sale legally binding? as soon as he says the word "sold" or the pico-second that the hammer hits the vase before it begins to smash the vase? or does the hammer have to hit wood?

Does that include if you compare what vRealize can do for you? What does System Center have that makes it similar to vRealize? Just curious.

see more
1 point · 6 days ago

stick azure stack on top of server 2016 + system center.

It adds [most] of what vrealize would do.

2 points · 7 days ago

I can't objectively compare these to other options; many many moons ago I spent 3 days doing a technical deep dive with Vineyard Networks.

Vineyard Networks created traffic profiling software that worked with transparent probes or port spanning. Basically an IDS-like configuration.

Vineyard Networks was bought by Sandvine Networks and they integrated Vineyard Networks' IP into their traffic identification products.

They do a number of network things though; I haven't looked into them in 3 years, (because I've been in positions where "more bandwidth" is a readily available option), but what I saw when I was there blew me away.

4 points · 7 days ago

1 pair of stackable core switches.

Single mode fiber, not multimode. (unless you already have multimode in the building... even then...).

vlans, not separate switches.

802.1x to automatically assign devices to vlans, not static vlan port assignments.

When a device plugs into your network, 802.1x should authenticate or profile the device. This should happen:

- Device plugs in
- Port comes up
- Device is profiled by switch (802.1x or lldp or cdp)
- switch profile assigns phones to phone vlan
- switch profile assigns wifi access points to wifi vlan
- switch profile assigns cameras to CCTV vlan
- switch profile assigns domain joined workstations to users vlan
- switch profile assigns everything else to guest vlan

The core switch has those vlans on it; the core switch has VTP to distribute your vlans to your access switches. Configure VTP correctly.

The core switch has DHCP relays on it's vlan SVIs that relay DHCP requests to a pair of windows server 2016 DHCP servers (or DHCP server of choice).

If you want, u can hire me for an hour to give you a much more complete design.

2 points · 7 days ago

Also... you shouldn't listen to whoever specced that bill of materials for you.

3 very obvious problems:

1) The fortigate 100E is way oversized. A fortigate 60E is way more than (like WAY more than) enough for you.

2) 2620 is old. They should be suggesting 2630 or 2930f.

1 point · 7 days ago

You could replace your entire BOM with this:

1x https://www.fs.com/products/20015.html ($70)

15x https://www.fs.com/products/20013.html ($1,950)

1x https://www.fs.com/products/35252.html ($689)


$~2,850.

This would get you:

20015: A router/firewall/Wireless Controller box

35252: A 48 port 1G PoE+ switch

20013: a set of 10x 802.11a/b/g/n/ac dual-band PoE+ Access points, managed by the 20015.

You probably want 3x 20015 per theater, plus 1 every 900 square feet in lobby areas.

in each theatre, with your 3x 20015's, disable 2.4ghz on 2 of them and put the one in the middle of the theatre on 2.4 and 5ghz. Put the other 2 APs on 5ghz only.

Locate the APs at the left wall, right wall, and center-ceiling of the theatre.

obviously adjust the number of APs to match what you need.

You can also replace the $689 35252 with a $489 35275.

2 points · 8 days ago · edited 8 days ago

You could cut the switch price in half if you don't need 48 ports and got a 24 port instead. However it doesn't look like 2620 switches have gigabit access ports, only the 2x gb uplink ports, the rest are 10/100. All of the Ruckus APs have gigabit ports.

On the fortigate check out https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf, if you don't need site to site VPNs, NGFW features, IPS, threat protection, ie. this is all just for providing guest networking, then the 100E is probably overkill. Personally if this is just straight internet access for guests without advanced inspection/protection needs I'd just put together a pfsense box.

Good choice on Ruckus though, easily the best APs I've used. You may be able to start with fewer and add more APs later as budgeting allows. You never mentioned what your existing infrastructure is or what problems you're having, if you already have a firewall and poe+ switches and the issue is just wifi reception, maybe you only need the APs.

see more
1 point · 7 days ago

well... 24 port HPE switches are about 75% the cost of 48 port switches.

other than that, agree on all counts.

u/asdlkf
Karma
52,361
Cake day
December 1, 2010
Moderator of these communities
r/HyperV

3,963 subscribers

r/RMND

1,549 subscribers

Trophy Case (8)
Seven-Year Club

reddit gold

Since March 2018

Gilding II

euphauric

Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.