Current frustration...

deanwebb · March 21, 2017, 12:26:07 PM

MARKETING SUPPORTS EXTERNAL DNS. ALL OF IT.

deanwebb · March 21, 2017, 12:27:01 PM

Feels much better, actually, to see that in 72pt Impact with associated graphics, especially Tracy Morgan.

Nerm · March 21, 2017, 02:08:07 PM

Apps development team tries to manage the setup of a VPN between one of our locations and a cloud hosted solution provider. Didn't even mention anything to anyone on the network team until "go live" day.

Otanx · March 21, 2017, 07:28:55 PM

I just commented on your comment in the other thread about marketing running DNS. Glad it isn't considered normal.

To stay on topic, SNMP! Not simple. I knew that, but man can we please standardize on one convention within the same OID from the same vendor? I just want the interface name, there is an OID for interface name. IOS returns GigabitEthernet0/0/0 which is exactly what I would expect. IOS-XE returns GigabitEthernet0/0/0 woohoo. ASA returns "Adaptive Security Appliance 'Outside'". /sigh. You want the actual interface name? That is a Cisco OID and returns GigabitEthernet1.

The pains of automating stuff that was never built or designed to be automated.

-Otanx

icecream-guy · March 22, 2017, 06:02:52 AM

Quote from: Nerm on March 21, 2017, 02:08:07 PM
Apps development team tries to manage the setup of a VPN between one of our locations and a cloud hosted solution provider. Didn't even mention anything to anyone on the network team until "go live" day.

Dont' worry nothing will get to the cloud without network involvement to route traffic there. They will have to make a change request, and run it through CCB, then....

wintermute000 · March 22, 2017, 06:50:16 AM

Quote from: Otanx on March 21, 2017, 07:28:55 PM
I just commented on your comment in the other thread about marketing running DNS. Glad it isn't considered normal.

To stay on topic, SNMP! Not simple. I knew that, but man can we please standardize on one convention within the same OID from the same vendor? I just want the interface name, there is an OID for interface name. IOS returns GigabitEthernet0/0/0 which is exactly what I would expect. IOS-XE returns GigabitEthernet0/0/0 woohoo. ASA returns "Adaptive Security Appliance 'Outside'". /sigh. You want the actual interface name? That is a Cisco OID and returns GigabitEthernet1.

The pains of automating stuff that was never built or designed to be automated.

-Otanx

remember to enable SNMP ifIndex persistence otherwise your rage will increase exponentially upon next reload.

SNMP is retarded, I guess it wasn't designed for an automated era but god damn a bit more foresight and standards would make it a heck of a lot better
RESTAPI and a browseable tree or GTFO

deanwebb · March 22, 2017, 07:35:56 AM

Quote from: Otanx on March 21, 2017, 07:28:55 PM
I just commented on your comment in the other thread about marketing running DNS. Glad it isn't considered normal.

To stay on topic, SNMP! Not simple. I knew that, but man can we please standardize on one convention within the same OID from the same vendor? I just want the interface name, there is an OID for interface name. IOS returns GigabitEthernet0/0/0 which is exactly what I would expect. IOS-XE returns GigabitEthernet0/0/0 woohoo. ASA returns "Adaptive Security Appliance 'Outside'". /sigh. You want the actual interface name? That is a Cisco OID and returns GigabitEthernet1.

The pains of automating stuff that was never built or designed to be automated.

-Otanx

The guys in charge of ASA reply, "But... that *is* the interface name!"

Otanx · March 22, 2017, 10:44:45 AM

Quote from: wintermute000 on March 22, 2017, 06:50:16 AM
remember to enable SNMP ifIndex persistence otherwise your rage will increase exponentially upon next reload.

SNMP is retarded, I guess it wasn't designed for an automated era but god damn a bit more foresight and standards would make it a heck of a lot better
RESTAPI and a browseable tree or GTFO

ifIndex persist is set in our build templates. That is another WTF. Who thought it was a good idea to renumber interfaces on reboot as a default?

-Otanx

icecream-guy · March 22, 2017, 10:51:09 AM

Quote from: Otanx on March 22, 2017, 10:44:45 AM
Quote from: wintermute000 on March 22, 2017, 06:50:16 AM
remember to enable SNMP ifIndex persistence otherwise your rage will increase exponentially upon next reload.

SNMP is retarded, I guess it wasn't designed for an automated era but god damn a bit more foresight and standards would make it a heck of a lot better
RESTAPI and a browseable tree or GTFO

ifIndex persist is set in our build templates. That is another WTF. Who thought it was a good idea to renumber interfaces on reboot as a default?

-Otanx

well if you are inserting an Ethernet module into slot 4 on that 6500, with 7, 8, & 9 full, if might be just a good idea to have your interfaces in sequential order.
yea, I know hot swap able but point is made.

Otanx · March 22, 2017, 11:07:01 AM

Quote from: ristau5741 on March 22, 2017, 10:51:09 AM
well if you are inserting an Ethernet module into slot 4 on that 6500, with 7, 8, & 9 full, if might be just a good idea to have your interfaces in sequential order.
yea, I know hot swap able but point is made.

Sure, but if you insert a module then you can run a command ifIndex renumber if you need them renumbered. The default should be not to change something. Somewhere else on the forums AspiringNetworker (I think) said if you have to always configure something then why isn't it a default? Even when SNMP was new everyone using SNMP was using ifindex persist command. However, SNMP was yesterdays rant.

My new frustration - In a load balancing configuration what would you think src-ip-hash option would do? Would you change your mind if I told you there was also an option called src-ip-only-hash? Just like taking a multiple choice test. Read all the answers and pick the most correct one.

-Otanx

Ctrl Z · March 22, 2017, 12:19:33 PM

Quote from: Otanx on March 22, 2017, 11:07:01 AM
My new frustration - In a load balancing configuration what would you think src-ip-hash option would do? Would you change your mind if I told you there was also an option called src-ip-only-hash? Just like taking a multiple choice test. Read all the answers and pick the most correct one.

I can see how that might cause a lot of people to use the wrong one.

The problem with the multiple choice test is if you don't know all the available options, someone might think they were making up fake options to throw them off.

deanwebb · March 22, 2017, 12:25:46 PM

Quote from: Otanx on March 22, 2017, 11:07:01 AM
My new frustration - In a load balancing configuration what would you think src-ip-hash option would do? Would you change your mind if I told you there was also an option called src-ip-only-hash? Just like taking a multiple choice test. Read all the answers and pick the most correct one.

TIL the difference between those two things: https://files.a10networks.com/vadc/forums/topic/destination-ip-hash-vs-destination-ip-only-ihash/

First one includes the port number in the hash. Second does not. First one should be named src-ip_port-hash

Otanx · March 22, 2017, 02:06:12 PM

Mr Webb has it. Sorry, was going to put the answer at the bottom, and got distracted with work. Problem was the backend replicates sessions between the hosts, but not everything in the session. So if you are doing basic stuff if works. All the back ends know your session ID, and connecting to different hosts was OK. However, if you schedule a job the status of the job is not replicated between backends it is only stored on the server running the job. Once the job finishes the results are replicated. So depending on luck you may be able to see the status of the job. Looks like this fixed a few other weird things that were happening as well.

-Otanx

Nerm · March 24, 2017, 09:03:56 AM

Employer makes a new acquisition and you find out that at one of the acquired sites the network is just one big /21. Wired/wireless/servers/everything all on the same broadcast domain with no segmentation of any kind. Oh and the /21 is full so the onsite "tech's" were in the process of adding a new network for wireless (192.168.1.0/24).

deanwebb · March 24, 2017, 10:22:01 AM

Quote from: Nerm on March 24, 2017, 09:03:56 AM
Employer makes a new acquisition and you find out that at one of the acquired sites the network is just one big /21. Wired/wireless/servers/everything all on the same broadcast domain with no segmentation of any kind. Oh and the /21 is full so the onsite "tech's" were in the process of adding a new network for wireless (192.168.1.0/24).

Not just it's all a /21, but that it is FULL. Makes the 192.168.1.0/24 for wireless seem tame by comparison.

Meanwhile, on my side of things, I had to reopen a case about logfiles filling up on my NAC servers. Seems like there's additional things we need to learn about deleting. The ones tech support told us to delete are fine, we just found more things that are filling up the partitions.

This is supposed to be fixed in the latest SP, but we can't deploy it until we finish testing in the validation environment. Of course, we could test in the val environment if we weren't busy trying to keep the servers going by deleting logfiles that keep filling up the partition...