Got a couple of ASR1002-HX routers running IOS-XE 16.03.02. here at my desk to play with
setting up a VPN tunnel between two sites
What' s new at yur desk ( or in your lab) ?
CML. Crazy expensive, but it is letting us swap between customer topologies without having to recable. Hoping to show management how much better it is, and get some more licenses so we can run multiple simulations at once. Also have a couple other ESXi boxes we can use to spin up other stuff that I want to link to CML so I can add non-Cisco stuff to the lab.
-Otanx
Sysloggery
Building a VXLAN-based EVPN-ish type solution with one of the other forum members here to create a "DCI Cloud"
It's BGP, on top of VXLAN, on top of BGP - interesting. 8)
Chef/vagrant. It's pretty fun for Linux but dire for network devices
Still had a couple of 1832 and 1852 access points as a loaner from Cisco and took them home because I don't have time to play at work.
(http://image.prntscr.com/image/84b4578033b74287be58a15f027be0de.png)
It's pretty sweet actually, virtual WLC built into them and you can move the controller around between APs. Web interface is still a bit basic, maybe it gets better in new releases. Very well built for what they cost, might buy a pair for myself :)
Also designing and configuring the network for our new office, all on Juniper EX and SRX with lots of routing instances, having lots of fun with that :)
Quote from: Otanx on March 03, 2017, 02:20:29 PM
CML. Crazy expensive, but it is letting us swap between customer topologies without having to recable. Hoping to show management how much better it is, and get some more licenses so we can run multiple simulations at once. Also have a couple other ESXi boxes we can use to spin up other stuff that I want to link to CML so I can add non-Cisco stuff to the lab.
-Otanx
I have been using it for a while, its OK. Auto NetKit or whatever is cool when it works but there are more annoyances then positives for me. Example, when using FLAT newtworks you can't have static reservations for devices. So reboot CML lab and everyone gets a new IP. Annoying as thats a primary means to remote access these device outside of console. Several things like that and I wonder why we spend money on this thing. We also fight over whos lab can run. I finally gave up and just spun up my own GNS3 box.
That and it runs like a dog.
Quote from: that1guy15 on March 05, 2017, 08:56:41 PM
I have been using it for a while, its OK. Auto NetKit or whatever is cool when it works but there are more annoyances then positives for me. Example, when using FLAT newtworks you can't have static reservations for devices. So reboot CML lab and everyone gets a new IP. Annoying as thats a primary means to remote access these device outside of console. Several things like that and I wonder why we spend money on this thing. We also fight over whos lab can run. I finally gave up and just spun up my own GNS3 box.
Odd, it's just OpenStack, and you can do reservations for flat networks in neutron. You'd probably have to into the weeds on openstack though. I haven't messed with CML in over a year, but my beef was that you were paying out the nose for something that lacked parity with VIRL (iirc, missing whole platforms compared to the VIRL offering).
Been bolted to a CUCM project for months which we're just coming to then end of (only UCCX remaining). It's been quite good fun playing with Telepresence for the past couple of weeks but that's about as good as it gets. Collaboration is NOT my bag...
Now I'm messing with regular expressions. Regex can unleash some mighty, mighty power.
We have two palo alto (3020) firewalls coming in by EOB today. Will sink my teeth into them, as well as a bunch of smaller PANs for branch sites.
Got a couple of New 7K's in the lab today, building up for a new site.
Sweet thread!
What's new with me:
- re-implementing Cisco Sourcefire because the one I set up with a basic set of rules died on me during the move. Double edged sword really, now I get to do it properly.
- Cisco Spark implementation - kind of finished ish. Need to work on some more integrations as well as SAML SSO
- Still working on moving all our VMs from disk images (like vmdk) to iscsi luns
-- this is to work towards backup policy (snapshot and snapshot replication). Also found performance increases A LOT this way
- SSL inspection from our servers to clients (make sure file uploads arent containing malware etc)
- Finished building and setting up the machine learning computer. The Dr. of Science working on it says it's "very fast" -> it has the best components on the market coming to $14kAUD. Think we're building a 2nd one but I will be able to use lessons-learned and make the next build cheaper (not as flashy)
- building out a new RHEV environment to replace the one we've been using which has so many problems and bugs where it's kind of grown and not been properly planned. The new environment I build has been properly planned and is easy to manage now :D
Also coming up, I'm building out a datacentre / DR at the CEOs home. New equipment coming for that. I need a 10GB copper switch though which I've not yet looked into.
- working on AWS now as the network person as our test site is a complete mess and the guy who set it up used the 172.31.0.0/16 network for everything which means we cannot actually properly implement our application because they need a couple of separate broadcast domains.
- also need to get time to learn and then implement "floating IP's" within our dev openstack instance, as well as add a 2nd host to that environment.
Not so much new hardware though :( I do miss the days where I'd come into work and there'd be a pile of unopened boxes and someone would tell me "hey there's the network for new greenfield customer X" and no one had even scoped out anything at all so I literally had to "arrange this hardware into a well-known network".
Finally - I have about 6 months worth of documentation to write. :twitch: It shouldn't be too bad though, I just need to read my various "notes.txt" files and convert them to documents. :mrgreen:
Working on adding a Palo Alto 500 or 3020 to all remote sites as their layer 3.
Coming up - rolling out Riverbed's SD-WAN solution at all remote sites.
In the middle of an audit a Major Global Megacorp and Sons... learning all kinds of new stuff about documentation and processes!
I found out that labbing up a new doc is known as writing a "rough draft". So cool! :barf:
Writing scripts to automate/integrate a bunch of our applications. Build a switch. Run a script and supply the management IP. It uses RANCID (I don't have netmiko) to push our current SNMP users/configuration, then uses SNMP to get list of all IPs on the switch, and generates DNS forward and reverse entries for everything. It adds the host to the proper RANCID group. Then it creates the nagios cfg file with all the checks we want, copies it to the nagios server, and restarts Nagios. Finally it adds the device to Cacti.
I have a lot of the talking to the devices stuff done, and need to work on the cross server stuff. Get ssh keys setup, correct permissions to restart services, etc. We have a large deployment coming up, and I don't want to do this all by hand.
-Otanx
I've been working on building LACP connections between Juniper 4200s and Brocade 7450s at work. Getting them to play well together for testing VoIP/Data services has been very interesting. 8)
Otanx, take a look at NAPLAM. Both python and ansible variants. Its looking very good
Just as a learning exercise Im building a configuration management tool. Main goals will be:
1) build and push full config of Leaf/spine fabric
2) build, validate and push changes
2) build repository for all configs
3) diff tool to show changes
and maybe other stuff as I move along.
Still in research mode figuring it all out but Im thinking NAPALM and Ansible will be at the core doing the bulk of the work. Using a flask front end for WebUI.
Interested in my progress it will be up on my github https://github.com/that1guy15/netmgmt
I am familiar with NAPALM, and would love to use it. However, the process here to get the libraries approved is a pain, and I just would rather re-design the wheel.
-Otanx
Now I have a couple of 5555-X with FirePower to evaluate, got to make a test plan, configure the beasts, and see what they can do.