(TIL) Today I Learned...

deanwebb · September 22, 2020, 10:41:11 AM

This is why I got TCPing, so I can ping via a TCP packet instead of an ICMP one.

config t · September 23, 2020, 05:06:56 AM

Quote from: Otanx on September 18, 2020, 04:28:34 PM
hope you don't want to use ICMP unreachables to do TTL discovery.

-Otanx

that's a pretty old school way of saying traceroute

Otanx · September 23, 2020, 08:47:32 AM

Quote from: config t on September 23, 2020, 05:06:56 AM
Quote from: Otanx on September 18, 2020, 04:28:34 PM
hope you don't want to use ICMP unreachables to do TTL discovery.

-Otanx

that's a pretty old school way of saying traceroute

Ha, I didn't notice that. You are right that is a weird way to say traceroute. That should have been path MTU discovery.

-Otanx

config t · September 23, 2020, 09:58:40 AM

I was trying to figure out if you meant traceroute or MTU discovery

deanwebb · September 23, 2020, 10:39:03 AM

Now I'm thinking of that great Tracer-T video...

config t · September 29, 2020, 02:28:42 AM

TIL something about RIP when I ran some debugs to figure out why my tunnel hub source loopback wasn't making it to a spoke router.

During troubleshooting one of the guys tried to move a DMVPN tunnel hub to the next hop router and left the source loopback configured there, but admin shutdown.

Apparently RIP, when it sees a network advertised from another source that it also has configured locally - even if it is shutdown - will not forward that advertisement to ANY participating interface.

So for example, my router received an advertisement for 10.0.222.255 and has the following configured:

Code Select


Loopback 222
 ip address 10.0.222.255 255.255.255.255
 shutdown
end
!
router rip
network 10.0.0.0
no auto-summary

deanwebb · September 29, 2020, 01:38:56 PM

TIL that we have a customer that is asking for a complicated workaround because they don't want to block traffic on a particular port coming in from the VPN.

It's kind of like they're asking us to help tape their legs to their heads so they don't hurt their feet walking on rough ground... but telling us that our suggestions to wear shoes are unacceptable workarounds...

icecream-guy · September 29, 2020, 03:37:13 PM

Quote from: deanwebb on September 29, 2020, 01:38:56 PM
TIL that we have a customer that is asking for a complicated workaround because they don't want to block traffic on a particular port coming in from the VPN.

It's kind of like they're asking us to help tape their legs to their heads so they don't hurt their feet walking on rough ground... but telling us that our suggestions to wear shoes are unacceptable workarounds...

which port if I may ask?

80? 443? 500? 3389?

deanwebb · September 30, 2020, 07:44:35 AM

It's a port used by every single Windows device for management. $:-\$ They don't want it to talk with $VENDOR on the VPN because it's out of scope due to licensing concerns... running GPO scripts to disable/re-enable services based on location is going to be way more trouble than, say, getting the firewall or IPS to just block the packets and drop the sessions.

***

TIL there's a burgeoning IoMT market, M meaning "medical". I previously thought that there were only a few players in that space, but there's more there than what met my eye previously.

deanwebb · October 07, 2020, 06:02:33 PM

TIL that just because you buy a license for an integration feature on one platform, that doesn't mean you've bought the corresponding license for the other platform.

packetferret · October 18, 2020, 03:23:04 PM

Quote from: deanwebb on October 07, 2020, 06:02:33 PM
TIL that just because you buy a license for an integration feature on one platform, that doesn't mean you've bought the corresponding license for the other platform.

this is the most 2020 statement here

deanwebb · October 19, 2020, 08:08:26 AM

Quote from: packetferret on October 18, 2020, 03:23:04 PM
Quote from: deanwebb on October 07, 2020, 06:02:33 PM
TIL that just because you buy a license for an integration feature on one platform, that doesn't mean you've bought the corresponding license for the other platform.

this is the most 2020 statement here

Funny because it's true. And now I know *one more thing* to check before we try to fire it up in a working session.

config t · October 20, 2020, 05:41:52 AM

Today I (re)learned to never trust the customer when they tell me they made a configuration change I directed them to do. Always ask for config outputs and screen shots of GUI configs.

deanwebb · October 20, 2020, 08:29:46 AM

Quote from: config t on October 20, 2020, 05:41:52 AM
Today I (re)learned to never trust the customer when they tell me they made a configuration change I directed them to do. Always ask for config outputs and screen shots of GUI configs.

ALWAYS

And if you can see those configs live in a screen share, so much the better! I have one customer where I trust it only if I see a screen shot from one of my co-workers or I see it myself. I don't trust them to do a screen shot to save their networks...

Otanx · October 20, 2020, 01:39:34 PM

The worst part is that they are the customer so I can't call them out on it. I have to pretend like maybe the system isn't working right... Hey, it isn't working, can you make sure the system applied your changes? Then they use that as the excuse like oh hmm, it reverted my changes I made them again please test. I know they didn't do it. They know they didn't do it. But we all have to pretend the device did something weird.

-Otanx