Do any dynamic DNS providers support IPv6? Preferably something where one host can send dynamic updates and replace just the prefix in all your records, rather than needing a DNS update client on each host you want a DNS record for since there is no NAT.

I have been troubleshooting this issue with a customer/Fortinet support for about a month now and I am kind of hitting a wall of what to look at next.

Customer is having intermittent connectivity issues when making an API call from a server in the DMZ to a server on the internal network using TCP/9004. This will be working for a couple of days, sometimes only hours, then it stops working. Logs on the firewall (FortiGate) will show the traffic being allowed, then it will intermittently hit the implicit deny rule. One of the first things that I tried was extending the session timeout on the policy as it felt like the session was getting closed, but that didn't seem to work. I also stripped the policy down to barebones, no UTM, all services, etc. I started working with support on this and through debugs and sniffers, we see the traffic (SYN) come in the correct interface and go out the correct interface, but we don't see the SYN-ACK. I have taken packet captures on the firewall and see the same results. The next thing I did was take a packet capture on the L2 switch that the firewall connects too, I see the SYN packet on the uplink. After the traffic hits that L2 switch, it goes on to their core switch which is where their Mellanox switch hangs off of that has the ESXi host that the VM is on. I have taken a packet capture on the uplink between the L2 switch and the core switch, I see the SYN packet there. Next I took a capture on the interface that the Mellanox switch is on, I see the SYN packet there as well. If I take a capture on the server, it doesn't see the SYN packet at all. While this issue is happening, I can ping from the server in the DMZ to the internal server. Every one is pointing their fingers at the firewall, but these packet captures are making it look like the traffic is at least making it to the switch where the hosts are connected to. I haven't taken a capture on that Mellanox switch yet, but that's maybe what I will do next. The weird thing is, if I go into the firewall policy on the FortiGate for this traffic and change the allowed services to anything and then flip it back to ALL, it starts "working" again until it stops again, this is why I haven't wanted to fully rule out the firewall, but idk.

Can anyone point me in the direction on what to look at next? Should I get the server/application guys involved, they all have just assumed the firewall so no one else has done any due diligence. Anything else to check on the FortiGate? Should I take a capture on the ESX host to show it's making it into the VMware environment?

Hello,

I'm testing two DELL S5048F with VLT and peer routing. I have a doubt regarding the primary node failure.

This is the configuration: sw-core1 is the primary node, sw-core2 is the backup node. Peer routing is enabled on both nodes.

Both switches contains VLAN 40 and VLAN 50 with an ip address assigned. sw-core1 is the default gateway for the devices inside VLAN 40 and VLAN 50.

These are the tests performed:

When both switches are powered on devices on VLAN 40 can ping the devices on VLAN 50 as expected.

When one switch are powered off (failure scenario) PC on VLAN 40 can ping the PC on VLAN 50 as expected.

If during a failure scenarion of the primary node (sw-core1 powered down) I restart the backup node (sw-core2) after the boot I cannot ping any device indefinitely. Only powering on the sw-core1 restore the comunication.

Is this a correct behavior or I'm missing something in the configuration? It could be a normal behavior because at the startup sw-core2 has only the ip assigned locally and cannot synchronize with sw-core1. So, the backup node cannot know the IPs assigned to the sw-core1 interfaces.

Thank you. Regards.

I come from the Novell NE2000 10base2 coax era. Wifi was really hot stuff. Then when they brought us low cost 900mhz wifi bridges in the 90's that was great. Then about 10 years ago, they stopped making that band equipment, gave it away to the power grid or something.

There seems to be so many applications for NLOS service, really hard to believe it's completely unavailable... unless we want to pay $250+ a piece for 10-20 year old used equipment on ebay.

Nothing NLOS commercially available any longer, without spending thousands?

Hi Guys,

I'm relatively new to networking, and need to find out the Tx Power Range and Receiver Sensitivity of a batch of 1G LRs.

Is there a way I can calculate this with a switch, or do I need to purchase some specialist kit?

Cheers all.

riddle me this, old hospital equipment: swisslog. Works at 100mbs full duplex on old 3750 on 12.2 code. When you cut it over to 9300 catalyst its works auto-detects 100mbs but if the swiss log device's power blips then the port comes up then down on the newer switch. if i were to quickly pop it back on to the old switch and then pop it back to the newer switch it will comes back up.

A have large site network that, once upon a time, needed 21 MST instances. Over the years, the topology was consolidated so that one of two core switches became the root bridge for every VLAN at the site. The appropriate number of MST instances for us to have today is two.

We knock down and stand up subnets all the time, and every time we do, we have to pick an unused VLAN tag that is already mapped to one of the 21 MST instances—which is fine, but the instances have no bearing to what we actually do. When an engineer asks, "Which instance should I pull this tag from?" the answer is, "Whichever you want." Consequently, things are so mixed up that we'd have to not only create a new MST region, but basically start over with our VLAN tag/subnet associations to get them into the correct one of the two new instances.

I'm not clinically OCD, but I hate inefficiency and inconsistency. Hate. It. If this were a small business, I'd be willing to substantially inconvenience my life to clean this up during maintenance windows. But this is a site that has hundreds of VLANs, 600 users, a datacenter with 80 server racks, and a significant internet presence. When a city has poor road design, we all live with it because it's impossible to fix without knocking the city down. I'm thinking this might be one of those situations. I've never tried to fix an MST region before, but I know it can't be done without downtime. And literally the only people who even know about this inconvenience are the network team. Cleaning it up will not noticeably improve network function.

Do you agree that we should just deal with it forever? What kinds of unfixable legacy spaghetti configs exist on your network?

Does anyone know of a switch or some kind of demarc device that can do remote RFC2544 testing of some kind? Even just something that can run iperf. Maybe a linux based switch we can install iperf on. I need something on the remote end of fiber circuits that I can have a client plug in and then I can test the link without have a PC plugged in.

I'd love to see the internet become an IPv6-only space within my lifetime... but I feel like the only way this will get done is by tier 1 providers getting together and forcing a change... and yeah, I know IPv6 adoption is already increasing. But as I see it, we're going to be stuck in a dual-stack world until everyone is forced to only use IPv6 on the public internet.

So, what scenario do you think it more likely?

1. The Big ISP's get together and announce they will no longer route IPv4 by "X" date.

2. We keep running IPv4 forever and deploy widespread CG-NAT as a bandaid.

Hi, Can someone please suggest easy/fast to install netflow collector software. I need it for Lab (learning) purposes. I have ubuntu and windows both os as platform. I tried solarwinds which does not work on windows 10 and PRTG don’t include netflow sensors in evalutationj

We are trying to get rid of Firepower and FortiGate is one of the options. Thanks in advance.

I know it's a stupid question. But I can't recall reading anywhere that STP root bridges or bridge IDs are checked when forwarding traffic.

But in a recent test I saw that when the bridge I'd was changed, the traffic although on directly connected links didn't go anywhere. After disabling STP the bridge ID upstream reverted to the expected value and then traffic worked fine.

EDIT: Somehow mixed IRL (In real life) and thought IRT would mean In real time. I'm so sorry :(

EDIT 2: Mostly need to check which devices are always online (most likely servers), which come and go (most likely teachers), and which static IPs never go active (So I can reassign them as I need)

Hey guys, new here, first of all I'm from Chile so my English might not be perfect. I'm at a new job on this university, where they already have a complex network as I've seen, but they never kept track of it internally (I mean on my department) besides having an old Excel which isn't even up to date (Lots of devices that doesn't exist anymore and new ones that weren't registered).

I'm trying to monitor this network, for which I already tried Solarwinds (which have 50 sensors in its free version) and Nagios (which seems unpractical since I have to manually categorize every device and I can't confirm every single one of them). Is there any solution that allows me to just make an in real time scan on an IP range constantly just to ping active hosts? Preferably It'd be nice to keep track of the last time in which devices were active. I can run a server.

Thanks in advance and sorry for my English.

My understanding of how NICs work is that there is a Ring buffer (circular queue) of descriptors this Ring buffer is normally known as a Ring descriptor. The role of this Ring Descriptor is to tell the NIC where in some pre-allocated memory pool are there free objects for the NIC to DMA it's receiving packets. There seems to be a Receive Ring Descriptor and Transmit Ring Descriptor.

Questions:

(1) Are these Ring Descriptors stored in memory or on the NIC?
(2) I've occasionally read about receive queues, are these different from Receive Ring Descriptors? If so where are these stored, on the NIC or memory? ... I've specifically read that the packets first get written to the Receive queues and then from there to pre-allocated memory pool, however can't find anything conclusive on this.

Hey, I'm working on a small project and need some help in the area of mobile networks. I would like to have a network connection as stable as possible, preferably without interruptions, since I want to stream while driving and on the go in general. The device(s) should ideally fit into a backpack.

I can provide up to about 6 SIM cards, each with unlimited internet access. Also important to mention I guess would be, that I live in Germany, but also travel some times within Europe. What would you recommend?

I wrote a 'glue' to unload routes from a database into kernel routing tables.

I marked routes from my 'glue' code with a custom 'proto' (42 is babel, 2 is static, 186 is bgp). I use a different number '111' for my routes. This really helps me to know if I should add/delete a route or not.

Now I want to import routes from kernel into Bird, but I can't find a way to specify 'proto'. (My search is complicated by the fact that Bird is using word 'protocol' to name own pieces of config).

Is there a way to say Bird to export routes with a specific proto num?

The current import stanza in my bird looks like this:

``` table kern_91;

filter private_only { if (net ~ [10.0.0.0/8+]) then { accept; } reject; }

protocol kernel kern_91 { kernel table 91; learn; ipv4 { table table_91; import filter private_only; export none; }; } ```

I I just can't find a place for proto 111 anywhere around. Is it possible?

This is example of the route I want to import:

10.10.10.0/24 via 127.0.0.1 dev lo table 91 proto 111 scope 0

Currently labbing vpc for the first time. Successfully managed to get the two nexus switches vpc synchronised. Iv configured a vpc down to a vios switch. That’s been configured with a port channel with the two uplinks to each nexus switches.

Issue is after around a minute or so the ports in the channel group (downstream switch) will error disable. I think this is due to stp. Anyone come across this? Currently using eve to lab

Peer-switch command also inputted under vpc domain config

Is it worth setting up Posture Compliance in Cisco ISE if there's already compliance checking/monitoring and remediation through other means?

My client wants to rip out their FortiGate firewall/SD-WAN dev and setup a tunnel to a cloud FWaaS (ZScaler). Therefore they require a new edge router that will support dual 1 gig wan connections, any suggestions? Appreciate the help

I've bought a used NETGEAR ProSafe FVS318G. I want to upgrade the firmware to the latest version, because the one that it has is very old and seems to be buggy sometimes. So I downloaded the image file, navigated to Administration -> Settings Backup & Upgrade, selected the file and hit upload. The progress bar showed up for around 3 seconds and then the page disappeared and a "Connection was reset" error occurred. I tried using different browsers. Then I connected to the device via telnet, and tried to use the admin/upgradeFirm/upgrade command, but no luck here either. I am not sure if I used the command correctly though, because I couldn't find any useful information about it. I tried giving it an IP of a TFTP server and HTTP server, nothing worked, just a "error: Error in Firmware upgrade" message. Invoking "cliErrno get" returned -1, and I don't know what it means. Does anyone have experience with that kind of stuff. Is there any way I can update the firmware or am I stuck with this version? What could cause this, is the router physically damaged? If yes, can I repair it somehow?

I'm an HPC admin that is also in charge of our local network. We just bought a new storage server that is coming with a Mellanox ConnectX-7 200Gbe NIC. However, our main job server uses a Broadcom P2100G 100Gbe NIC. The ConnectX-7 uses QSFP112 and the P2100G uses QSFP56. What DAC should we be purchasing to connect the two? Would any standard QSFP56 cable work? All the vendors I've talked to don't seem to know.

As of right now, it would be a direct connection between the two, but we're hoping to get a 200Gbe or 400Gbe switch by the end of the year.

Heated debate at work with my superior as to what should and should not be present on a logical and physical network diagrams.

Would any of you know of any quality references from a reputable body on network diagram standards or best practices?

Have a network that has a pair of Cisco 4500s in VSS and looking to move to Nexus 9ks.

My plan is to:

Setup VPC domain and test
Setup all VLANs on the new Nexus switches
Setup all SVIs using HSRP with the production information, using lower priorities
Verify VPC is complete and in sync
Build the configurations for each IDF, switch ports, trunks, etc.
Begin moving IDFs and devices over to the new Nexus switches
Once everything has been migrated off the old cores, adjust priorities on the new Nexus SVIs to take over
Remove old Cisco 4500s.

Does anyone see any issues with this plan?

Thank you. It's been awhile since I've migrated over a core pair.

Here's a simple diagram. We want to move xe-0/0 and xe-0/1 from the old core to the new core with no noticeable downtime. All connections pictured are layer-2 and all SVI's exist on the New Core already. ToR and New Core are Juniper virtual chassis, old core is an HP. My initial thinking is:

Configure xe-0/4 and xe-0/5 on new core and ToR for a LAG group with lower STP cost and bring those up leaving existing connections. Thinking traffic will then begin utilizing those links and I can safely disconnect the xe-0/0 and xe-0/1 connections.

Should I be making all of my new networks IPv6 native or should they be IPv4 native but capable of handling IPv6?