(TIL) Today I Learned...

config t · August 07, 2020, 08:14:26 AM

i'm good now. a little bit of whiskey last night went a long way to calm me down haha

Quote from: ristau5741 on August 06, 2020, 08:51:14 PM

just be glad it ain't layer 2 1/2.

i am intrigued. what is this layer 2.5 you speak of? MPLS? i never had the chance to work with it but it kinda blew my mind when i first learned about it. poppin' tags.

icecream-guy · August 07, 2020, 08:35:16 AM

Quote from: config t on August 07, 2020, 08:14:26 AM
i'm good now. a little bit of whiskey last night went a long way to calm me down haha

Quote from: ristau5741 on August 06, 2020, 08:51:14 PM

just be glad it ain't layer 2 1/2.

i am intrigued. what is this layer 2.5 you speak of? MPLS? i never had the chance to work with it but it kinda blew my mind when i first learned about it. poppin' tags.

yes, MPLS. it's a weird concept to shim in a tag between layer2 and layer 3. but it's like hitting the fastforward button to get your traffic where it needs to go.

wintermute000 · August 08, 2020, 01:09:31 AM

TIL about an easier alternative to man pages

https://tldr.sh/

MPLS is awesome, unfortunately you don't get to deal with it much outside of SP core networks. Enterprise is tilting largely towards IP-based overlays.
A wise man once told me that MPLS silicon costs $$$$ because its expensive to handle variable length labels in the header, that's why we have a flood of cheap fixed header VXLAN chips and why VXLAN is now the de-facto standard, despite the fact that you could pretty much recreate VXLAN functionality via an existing mid 2000s technology (i.e. MPLS).

Otanx · August 10, 2020, 08:56:31 AM

Quote from: config t on July 29, 2020, 05:57:00 AM
Today I wrestled with the understanding of aggregate bandwidth in the context of a KG-175D TACLANE

I think 200Mb/s aggregate bandwidth means that both 100Mb interfaces (PT and CT) can operate at full capacity simultaneously. But doesn't that mean the throughput is still 100Mb? If that's the case, why does aggregate bandwidth matter?

I am 99% sure the 200Mb/s is reference to the crypto engine. For a Delta that would be 100M/s encrypt and 100M decrypt. The Delta only has 100Mb/s interfaces. When you start dealing with the Flex you get to deal with licensing, and then you get to ask them questions if the entire 200 can be used in one direction, or if it is 100/100? I do not miss my days dealing with those.

-Otanx

deanwebb · August 10, 2020, 11:25:05 AM

TIL some really cool stuff that will be officially announced in a few days.

config t · August 11, 2020, 03:57:53 AM

Quote from: Otanx on August 10, 2020, 08:56:31 AM

I am 99% sure the 200Mb/s is reference to the crypto engine. For a Delta that would be 100M/s encrypt and 100M decrypt. The Delta only has 100Mb/s interfaces. When you start dealing with the Flex you get to deal with licensing, and then you get to ask them questions if the entire 200 can be used in one direction, or if it is 100/100? I do not miss my days dealing with those.

-Otanx

Never heard of the 175F, interesting. What type of environment were you using it in? The datasheet mentions it excels in disadvantaged networks like SATCOM. 200mb - 2gb, nice.

That google rabbit hole also led me to the Nano. Fits in the palm of your hand and still has better throughput than the Delta.

I left the question answered as "yep, Deltas provide 100Mb throughput".

I don't mind dealing with a few TACLANES. Key word is few. Some of the Army bases I worked on in the past had hundreds and weren't even using GEM-X (now GEM-ONE).

Otanx · August 11, 2020, 09:05:51 AM

Quote from: config t on August 11, 2020, 03:57:53 AM
Never heard of the 175F, interesting. What type of environment were you using it in? The datasheet mentions it excels in disadvantaged networks like SATCOM. 200mb - 2gb, nice.

The Flex is great for growth. Have a new site, and not sure how much throughput they need? Send a Flex with base license. If they start maxing that just upgrade the license instead of swapping the KG. I normally hate throughput licensing like that, but GD makes it work in this instance. Also they moved back to SFP ports so you can swap fiber types without having to replace the entire KG.

Quote from: config t on August 11, 2020, 03:57:53 AM
That google rabbit hole also led me to the Nano. Fits in the palm of your hand and still has better throughput than the Delta.

Check your numbers on the Nano. It has 120M throughput like the Delta has 200M. It is slower, but awesome for mobility.

Quote from: config t on August 11, 2020, 03:57:53 AM
I left the question answered as "yep, Deltas provide 100Mb throughput".

That is how I would answer. Along with if they are even close to 100M they should go to the Golf for future expansion. Then they would go with a Delta because cost. Main reason I love the Flex. Buy it at 100M, pay later when you max it. Easier to get past the budget people.

Quote from: config t on August 11, 2020, 03:57:53 AM
I don't mind dealing with a few TACLANES. Key word is few. Some of the Army bases I worked on in the past had hundreds and weren't even using GEM-X (now GEM-ONE).

GEM is almost mandatory. Especially if any of your devices are remote.

-Otanx

config t · September 09, 2020, 08:52:01 AM

TIL how to simulate a break sequence signal by manipulating the baud rate of the terminal emulator, because my 5912 embedded services engine was being a buggy SOB and wouldn't take any break sequences to boot in rommon.

TI also L that putting "login local" on the line con 0 without setting a username/password means I am locked out of the router.

wintermute000 · September 09, 2020, 07:53:06 PM

o man i do not miss this stuff. like uploading an IOS via xmodem (4 hours later....) because its so old you can't get IP in rommon

config t · September 10, 2020, 02:44:20 PM

xmodem is cancer

i had yet another adventure today with the voyager ECK garbage (also cancer)

recall my previous rants about klasOS and voyager

while i was on the other side of the office today engaged in a scheduled outage my new guy directed my customer to delete a file from flash: because the instructions i had given them earlier to wipe the router didn't work (because it is klasOS "cisco-like" garbage)

this file they deleted happened to be the klasOS file. so it booted with $ (linux based, interesting)

last i heard they ended up swapping the hardware module for another on hand since commands for this POS isn't available online.

here is the link for this garbage product in case any of you come across it.

https://klastelecom.com/voyager-eck/

*edit* don't be seduced because it won a "red dot design award" for its "sleek product design" it's total overheating @&#^

deanwebb · September 11, 2020, 03:09:16 PM

TIL that Windows 10 Build 2004 rearranges the furniture as far as WMI is concerned.

The thudding sound you hear are all the custom WMI scripts that are crashing because of that.

config t · September 18, 2020, 02:24:58 AM

Had an interesting troubleshoot yesterday. We spent around 6 hours trying to get a EIGRP adjacency up through a GRE we are tunneling through a Site to Site VPN over a couple FortiGate firewalls. To add another layer of complexity, there are TACLANEs involved and that link in turn is also being tunneled through another Site to Site VPN.

The adjacency was flapping every 1 minute 25 seconds. So that sent me down a rabbit hole of EIGRP t-shoot'n. I observed hello packets reaching both sides but the adjacency would reset due to retransmit timeouts. So, multicast was traversing fine but the EIGRP ACK packets were being received by the other side and not sending them back.

We looked at everything on the list of possible issues according to documentation and nothing was working. I got hung up on thinking it was MTU because when I tried to ping across the link using the max configured MTU size (which EIGRP uses for the ACK unicast retry), DF bit set, etc, I was getting this weird output of

Code Select

!!.!!.!!.!!.!!.!!.!!.!!.!!.!!....................

It turned out EIGRP was being filtered via control plane policy on that particular router. We aren't doing it anywhere else on the network so nobody even though about if that wonky ACL we saw had anything to do with it since it wasn't applied to any interface or process. We found it completely on accident.

Felt like a rookie move but that is a lesson I will never forget.

deanwebb · September 18, 2020, 12:59:34 PM

Wow, that's complicated stuff.

TIL how to generate an API key on a Panorama system using curl.

Otanx · September 18, 2020, 04:28:34 PM

Got to love the government networks. IPSec, inside IPSec, inside IPSec. Usable MTU? 800. Oh, and for security we are going to block ICMP everywhere so hope you don't want to use ICMP unreachables to do TTL discovery.

-Otanx

icecream-guy · September 20, 2020, 05:59:19 AM

Quote from: Otanx on September 18, 2020, 04:28:34 PM
Got to love the government networks. IPSec, inside IPSec, inside IPSec. Usable MTU? 800. Oh, and for security we are going to block ICMP everywhere so hope you don't want to use ICMP unreachables to do TTL discovery.

-Otanx

a bunch of years ago I worked with a network like that, it was almost impossible to troubleshoot. couldn't ping anything, so there was no trace route. ICMP is fine, buy only allow specific code type through the use of ACL's.