Cisco vs Aruba vs Ruckus vs MIST

Started by heath, August 13, 2019, 11:15:05 PM

Previous topic - Next topic

deanwebb

The big question with the cloud wireless providers is scalability. If you are big enough to where you hit a limit somewhere in the product to where you need to consider multiple top-level groupings (organizations in Meraki, don't know the Mist equvalent), then you might hit a hard barrier down the line, especially if you need it to integrate with other products. I know the Mist API limit is very low, so you get something like 2/second with it.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

config t

Quote from: heath on August 15, 2019, 10:54:24 AM
And I'm a 1.5-man team.  (I'm the only dedicated network person, but the phone/L1 guy has been working with me and learning a bit and I trust him with some basic switch config stuff.)


This is a bit off topic, but I'm curious how you are managing a network of this size with what appears to be fairly limited manpower  :eek:. Is there a substantial automation component? Is there a dedicated support team in the background that isn't mentioned?
:matrix:

Please don't mistake my experience for intelligence.

heath

#17
Quote from: config t on October 28, 2019, 04:46:22 AM
Quote from: heath on August 15, 2019, 10:54:24 AM
And I'm a 1.5-man team.  (I'm the only dedicated network person, but the phone/L1 guy has been working with me and learning a bit and I trust him with some basic switch config stuff.)


This is a bit off topic, but I'm curious how you are managing a network of this size with what appears to be fairly limited manpower  :eek:. Is there a substantial automation component? Is there a dedicated support team in the background that isn't mentioned?

It's just the way it is.  There's just me and I manage all the route/switch/wireless/security.  Everything between the ISP and the jack in the wall.  We have an enrollment of about 12k students that includes online only, main campus, four small to medium branch campuses, a dedicated classrooms at other locations around the state like a military base, a Native American tribal office.  I've got 38 buildings on the main campus.  Most have 1 network closet, several have 2 or 3, but the largest has 7 network closets.

I have the phone guy who is transitioning to more network support as we SLOWLY replace our ancient Nortel PBX with VoIP, but he spends most of his time on phone tickets and trying to keep the PBX limping along.  He also handles all of the UPSs for all the network closets.  I've been begging for an additional person for a while.  I'm told I can grab a part-time student worker from help desk.  Which doesn't help me.  I'd still have to hold their hand through everything until they're trained and then the semester is over and they're gone.  So I don't bother.

We have a Systems team that handles all the datacenter stuff - storage, servers real and virtual, and a few basic network services like DHCP and DNS.  They have a team of 4 people and have a current opening for a 5th.  Which I try to not let bother me.  Well, 2 of them split time with help desk/user support.  The lead Systems guy manages the F5 appliances we have for SSL offloading, load balancing, and he uses it as his DMZ firewall.  That in itself is a bit of a load off of me.  But I control the main firewall.  Help desk/user support has an additional 2 full time people and a few student workers that handle faculty/staff computers and try to say everything is a network problem.  It's not a network problem.  It's a "you unplugged the network cable from the correct wall jack, plugged it back in to the wrong jack, and complained to me before even trying to find the right jack" problem.  But I digress.  There's also another team of 2 people and an army of student workers that handle all student tech support, classroom equipment, and computer labs.  We do a lot of distance education, so we have a ton of classrooms equipped for that. 

We outsource cabling to contractors.  If we need new ports put in somewhere or existing ports relocated or repaired, we have a contractor come in and do that.  So that's a big load off of me.  I keep some tools and supplies on hand for cabling, but seldom have to use them.

As I mentioned, we don't do anything with student housing except for one small building.  In that one dorm building I've got a compact, wall-mount AP with 4 usable hardwire ports in all 100 rooms.  If I had to manage the rest of student housing, that would have to come with an additional network person.

I don't do much automation.  I've been opposed to that in the past, but I'm coming around.  There's more need for it now from a security perspective.  I try to make the best use I can of free tools.  I could stand to do a lot better with monitoring what is happening with the network, but I don't have the time for the cheap ways or the money for the easy ways.  I do keep things very well documented with Visio and OneNote and well organized, both logically and physically.  My predecessor left me very outdated and incomplete documentation, messy network racks with tangled waterfalls of patch cables, supplies stored in cardboard boxes scattered around random network closets.  And he had an assistant under him.  That person got mad and quit when they didn't get his job and that whole assistant position was eliminated all before my start date.  It took a couple years, but I have cleaned all of that up and keep everything tidy and organized.  I try to find little ways to be more efficient where I can without sacrificing that organization.  For instance, I designed and 3D printed a clip to hold network cables in position when replacing a switch.  Between that, and the rack being tidy, it takes more time for the new switch to boot up than it did to physically swap it out including reconnecting the patch cables.  I used to have a ton of DMCA notices to deal with and that took a lot of my time.  But I've mostly blocked bittorrent and with that along with legitimate affordable streaming services, those notices are very few and far between now. 

Good documentation, organization, and finding ways to be efficient are the biggest tools to help to keep the workload manageable.  The main thing I wish I had more time for was R&D, product evaluations, and keeping an eye on the future.  But there are some weeks and months when it can be quite stressful, particularly summer when most of the students are gone.  That's when most big projects get done.  I don't take a summer vacation.  I take a fall vacation instead.  And that works out great because I'd rather be in the mountains in the fall than the beach in the summer (or any other time). 

I didn't realize this reply was going to go on so long. 

TL;DR - No, there's no substantial automation component or unmentioned support team.  Just me and half of another guy, doing what we can.  I don't even use "professional services" from our vendors when implementing big projects.

config t

Quote from: heath on October 30, 2019, 02:17:52 PM
I have the phone guy who is transitioning to more network support as we SLOWLY replace our ancient Nortel PBX with VoIP, but he spends most of his time on phone tickets and trying to keep the PBX limping along.  He also handles all of the UPSs for all the network closets.

Help desk/user support has an additional 2 full time people and a few student workers that handle faculty/staff computers and try to say everything is a network problem.  It's not a network problem.  It's a "you unplugged the network cable from the correct wall jack, plugged it back in to the wrong jack, and complained to me before even trying to find the right jack" problem.  But I digress.

My predecessor left me very outdated and incomplete documentation, messy network racks with tangled waterfalls of patch cables, supplies stored in cardboard boxes scattered around random network closets.

These parts hit me right in the feels.
:matrix:

Please don't mistake my experience for intelligence.

NetworkGroover

#19
Sorry for the necro here... but just wanted to ask something for my education

Question: You mentioned specifically wanting a controller-based solution.  Why is that?

Point:  Arista's Wireless solution is *not* small office.  It scales to thousands of APs, and is one of the few if not only to achieve FedRAMP and used in the highest levels of the fed govt.  It's WIPS is probably second to none, and offers WiFi 6 with the latest chipset to provide full functionality versus others who rushed it to market with the first gen chipsets, resulting in an incomplete WiFi 6 feature set.
Engineer by day, DJ by night, family first always

deanwebb

Part of wanting a controller-based solution is, I think, familiarity with the technology. Being able to run CLI stuff to get info that isn't in the GUI is another thing.

There's also the matter of the controller still working after the licenses/support contracts expire... :whistle:
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

NetworkGroover

Quote from: deanwebb on April 29, 2020, 10:06:41 AM
There's also the matter of the controller still working after the licenses/support contracts expire... :whistle:

:XD: :XD:
Engineer by day, DJ by night, family first always

heath

#22
Quote from: NetworkGroover on April 27, 2020, 06:56:59 PM
Sorry for the necro here... but just wanted to ask something for my education

Question: You mentioned specifically wanting a controller-based solution.  Why is that?

Point:  Arista's Wireless solution is *not* small office.  It scales to thousands of APs, and is one of the few if not only to achieve FedRAMP and used in the highest levels of the fed govt.  It's WIPS is probably second to none, and offers WiFi 6 with the latest chipset to provide full functionality versus others who rushed it to market with the first gen chipsets, resulting in an incomplete WiFi 6 feature set.

I'll necro your necro!  LOL

My reasoning for a controller-based solution was, as Dean said, familiarity with technology.  That's the implementation - only local management Vlans for APs, CAPWAP tunnels, etc - our network is built around and I just don't have the time to re-architect things.  I know there are ways to keep that architecture, but they seem like temporary workarounds and extra overhead to me and I would just be kicking the can down the road.  Secondly, I was not a fan of cloud based network management.  I don't like so much control of my network being in someone else's hands. I say "was not a fan" because I'm starting to come around. 

As an update, we STILL have not made a move to a new WiFi system.  Things had to be put off for one reason or another until Covid put it off for a while.  I was actually in the middle of a Mist evaluation back in March when we shut down and started working from home.  That experience, along with the Mist product, was what finally made me look at "cloud managed" a little differently.  I have never liked Meraki, but I was very impressed with the Mist product. 

Although we had decided to stick with Cisco after coming back, budget issues are pushing any purchasing out further and further.  By the time we can make a move on something, I don't know that the same decision will be made.  The decision to stick with Cisco was based on budget and being able to upgrade in phases and spread it out over a couple years instead of all at once.  If we are eventually able to go ahead with a forklift upgrade, I would take a serious look at Mist. 

deanwebb

^ I'm thinking cloud is going to look better and better for most firms.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.