(TIL) Today I Learned...

[deanwebb]

Kerberos!



OK, not really... just that it's something the AD guys set up and the rest of us turn on when the AD guys say it's ready. 

[wintermute000]

https://fy.blackhats.net.au/blog/html/2017/05/23/kerberos_why_the_world_moved_on.html
The sooner it dies the better, who the heck understands kerberos

[deanwebb]

Charlie knows Kerberos. He learned it from Pepe and Carol in HR.

[config t]

TIL auto-summarizing EIGRP can cause Null0 routes to turn up in the routing table for entire subnets.

[deanwebb]

TIL auto-summarizing EIGRP can cause Null0 routes to turn up in the routing table for entire subnets.

I bet that led to laughter and jolliment amongst your colleagues and superiors.

[config t]

TIL auto-summarizing EIGRP can cause Null0 routes to turn up in the routing table for entire subnets.

I bet that led to laughter and jolliment amongst your colleagues and superiors.

Unfortunately my colleagues had been troubleshooting that for days and I simply looked at it and spotted the problem. In retrospect, declaring "Routing 101 is in Session!" wasn't so appropriate.

[deanwebb]

TIL auto-summarizing EIGRP can cause Null0 routes to turn up in the routing table for entire subnets.

I bet that led to laughter and jolliment amongst your colleagues and superiors.

Unfortunately my colleagues had been troubleshooting that for days and I simply looked at it and spotted the problem. In retrospect, declaring "Routing 101 is in Session!" wasn't so appropriate.

[config t]

 

Meanwhile one of the junior guys says to me, "Man you are so smart." And I confidently reply, "Please don't mistake my experience for intelligence." 

[icecream-guy]

Stuck in ACTIVE is a goo thing?   nO?

[Otanx]

"Please don't mistake my experience for intelligence."

I am stealing that. Maybe even adding to my email signature line.

-Otanx

[Otanx]

It was last week, but need to brag.
TIL how to get PXE and Arista ZTP to both work in the same subnet. On Linux you can set the following in dhcpd.conf

Code Select Expand


if option vendor-class-identifier ~= "^Arista" {
  option tftp-server-name "IP_Address_of_tftp_server";
  option bootfile-name "arista-config.txt";
} else {
  option tftp-server-name "IP_Address_of_PXE_server";
  option bootfile-name "pxe_file_name";
}


When an Arista switch sends the Discover DHCP message it includes a vendor field that identifies it as an Arista, then the model, and serial number. What we are doing above is matching that field if it starts with Arista. If it matches set the tftp server IP, and the text file containing the Arista config we want to push that is on the tftp server. If it does not match send the normal PXE settings so the server guys stuff will keep working.

The Arista will download that file. If that file is an Arista config it saves it to startup-config, and reboots. You can also have it download a script to run instead, but I have not played with that.

-Otanx

[config t]

TIL our VTCs reach out to an external VCS before they can call point to point in the same subnet. I still need to learn exactly how the traffic flow works but adding the network to our inbound/outbound VTC rules fixed the problem.

[deanwebb]

TIL that not everyone in the world can add or subtract with ease.

[config t]

TIL that not everyone in the world can add or subtract with ease.

This is probably a little harsh, but someone once said to a friend of mine, "Since this isn't working out, the world needs ditch diggers."

[icecream-guy]

TIL 2 hours maintenance windows at the customer request is not sufficient for any action
tried one this morning, and we ran late, extended an hour, got customer approval on success, and spent the day troubleshooting during production outage, and eventually rolled back.  this should have been a 12 hours late nigh maintenance window.  there was not enough time for troubleshoot and rollback even with the hour extension.