- Welcome to Networking-Forums.com.
We're Here to Help!
Recent posts
#41
Routing and Switching / Re: Spine/Leaf for the Enterpr...
Last post by Otanx - July 01, 2024, 03:49:41 PMI like it. That was what I was planning for my old gig before I moved to the dark side. If they end up hiring my new company it will still be what I suggest. The goal was to use the same technologies for both access and data center. The same team is managing both parts of the network so making them match helps with operations.
Using spine/leaf does not really change much for monitoring. If you have a requirement for FPC or DPI you probably already have everything in place already. Depending on the details of where the existing capture points are it may just mean making sure the monitoring tools understand the new vxlan headers, and how to parse/strip/inspect them.
-Otanx
Using spine/leaf does not really change much for monitoring. If you have a requirement for FPC or DPI you probably already have everything in place already. Depending on the details of where the existing capture points are it may just mean making sure the monitoring tools understand the new vxlan headers, and how to parse/strip/inspect them.
-Otanx
#42
Information/Announcements / Re: OUTAGE REPORTS
Last post by deanwebb - June 26, 2024, 10:57:56 AMSSL cert issue resolved.
By jing, that was lickety-split quick!
By jing, that was lickety-split quick!
#43
Information/Announcements / Re: OUTAGE REPORTS
Last post by deanwebb - June 26, 2024, 08:59:12 AMSSL Cert expired on 23 June and it should have been 23 August. Contacted support regarding the issue, should get a new cert soon.
#44
Routing and Switching / Spine/Leaf for the Enterprise
Last post by deanwebb - June 24, 2024, 09:21:15 PMHad a discussion about the suitability of spine/leaf for enterprise networks and I was surprised to see there being actual vendors with products for wall-to-wall spine/leaf. Others tend to emphasize traditional switching for environments outside the data center, so I'm wondering... does spine/leaf make sense outside the data center?
And there are security concerns for all the products that need to do full packet capture and deep packet inspection... how would they accomplish that in a full mesh environment?
And there are security concerns for all the products that need to do full packet capture and deep packet inspection... how would they accomplish that in a full mesh environment?
#45
Security / Re: NAC VDI inspection issues
Last post by deanwebb - June 21, 2024, 10:01:05 AMSSH keys are awesome, best way to manage Linux boxes.
As for tuning the behavior, no... best I've had is to either disable the feature or get it to where it works 100%, clean and smooth.
This is why I also insist on as few AD accounts in the HPS as possible. Having multiple accounts means all of them get tried when one doesn't work, and the AD servers can get swamped with requests in a short period of time if there are enough accounts and one of domain's controllers are offline. Needs to be a large deployment for that to hit a critical mass, but it can and will. Go with a single, top-level domain account so that when it fails, it fails just the once and there's no other accounts to try. Much preferable than trying 10 (!) accounts that *all* fail over nearly 100K Windows boxes.
As for tuning the behavior, no... best I've had is to either disable the feature or get it to where it works 100%, clean and smooth.
This is why I also insist on as few AD accounts in the HPS as possible. Having multiple accounts means all of them get tried when one doesn't work, and the AD servers can get swamped with requests in a short period of time if there are enough accounts and one of domain's controllers are offline. Needs to be a large deployment for that to hit a critical mass, but it can and will. Go with a single, top-level domain account so that when it fails, it fails just the once and there's no other accounts to try. Much preferable than trying 10 (!) accounts that *all* fail over nearly 100K Windows boxes.
#46
Routing and Switching / Re: Switches incorrectly loadi...
Last post by deanwebb - June 21, 2024, 09:39:48 AMIndeed. I just have to be careful not to ask the question here before I look for an answer, as one of the top search results will be my post asking the question here.
#47
Routing and Switching / Re: Switches incorrectly loadi...
Last post by config t - June 20, 2024, 05:40:56 PMI love it when a thread from the forum(s) helps me fix a problem
#48
Security / Re: NAC VDI inspection issues
Last post by config t - June 20, 2024, 05:40:01 PMI'm moving current customer to that state. Although the latest best practice I read for Linux recommended SSH keys.
Btw used that analogy today and the previous lead got a kick out of it. I'm going to start doing that in meetings.
Is there a way to tune that behavior? There has to be a configuration file somewhere buried in the directory where the retries are set.
Btw used that analogy today and the previous lead got a kick out of it. I'm going to start doing that in meetings.
Is there a way to tune that behavior? There has to be a configuration file somewhere buried in the directory where the retries are set.
#49
Security / Re: NAC VDI inspection issues
Last post by deanwebb - June 19, 2024, 07:44:58 AMI know customers that are 100% agent and 0% agentless because they don't want *any* extra accounts knocking on doors, an architecture I can respect.
#50
Security / Re: NAC VDI inspection issues
Last post by config t - June 18, 2024, 03:48:13 PMI'm stealing that analogy.
We pushed the agent to a few test machines
So far it looks promising and gives me ammo for moving it to production quickly.
We pushed the agent to a few test machines
So far it looks promising and gives me ammo for moving it to production quickly.