 sk1939
Premium Member
join:2010-10-23
Frederick, MD |
to DarkLogix
Re: New Switch Gear / Various GoodiesThat's what I figured. Juniper routers are used on a large scale though (for better or worse) since they have higher throughput that Cisco's equipment, and are cheaper in some cases. |
|
 DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
well I'll give them cheaper they sure are built dirt cheap
the lack of throughput might be more of higher ups picking a dumb network design (they claim it'll allow them to more easily lock down the network)
ok so the switches are layer3 switches capable of doing great (in theory) intervlan routing right? well forget that the SRX is doing the inter vlan routing
so we're limited on traffic between vlans, all the computers are connected to the switches at gig but so is the router and the router is doing the inter vlan routing, and of course the SRX is also doing the firewall/nat and a vpn to a remote site, so its at fairly high load all the time |
|
sk1939
Premium Member
join:2010-10-23
Frederick, MD |
sk1939
Premium Member
2012-Feb-9 1:07 pm
Well the nice thing is that the SRX's can handle it, the Juniper (and Cisco) routers get bogged down with lots of services; NAT and Firewall/IDS especially are killers. |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
Previously we had a cisco 1711 that handled it flawlessly, of course that was a flat network so it didn't have any intervlan routing
and atleast due to the topology data from one vlan to another is greatly limited by the srx, and its at near max load 24/7 and the srx is crazy bogged down
luckily not many send large files offten to the fileserver as that will bog the SRX to a crawl and slow all other traffic
really it would be way better if the EX4200's did the inter-vlan routing |
|
|
sk1939
Premium Member
join:2010-10-23
Frederick, MD ARRIS SB8200
Ubiquiti UDM-Pro
Juniper SRX320
|
sk1939
Premium Member
2012-Feb-9 1:57 pm
1711...that's a blast from the past. I still have a 1720 floating around somewhere.
That's not surprising, especially if your pushing gigabit to the SRX (depending on the model). The lack of large files helps; we image from the servers so that wouldn't work for us.
It would, which is why the 4506's/3750's handle the inter-vlan routing for most applications. |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX
1 edit |
Ya, oh well higher ups want the SRX to do intervlan routing
if it were up to me I'd have the 4200EX (ok really I'd have a 3750X) do the intervlan routing
and I'd have nic teaming setup on all the servers, as well as on the ESXi hosts
at home I have a NME-16ES-1G-P doing my intervlan routing and its linked to my 2960G via gig (though if I had a 3750G at home I'd let it take over, or if it didn't have rudundant power I'd get the stackwise etherswitch) (I wish I could justify buying a NME-XD-48ES-2S-P to replace my NME-16ES-1G-P) |
|
sk1939
Premium Member
join:2010-10-23
Frederick, MD ARRIS SB8200
Ubiquiti UDM-Pro
Juniper SRX320
|
sk1939
Premium Member
2012-Feb-9 2:16 pm
It makes sense rather than taxing the router, but they should migrate it to the switch realistically, since CEF can handle routing much easier than a process-based router.
That isn't set up all ready? I think that nic load balancing is one of the most important things on a mission critical server.
I have it set up a little differently at home. I have a 2811 that does NAT and basic firewall, which feeds a Layer 2 switch. Inter-vlan routing is handled in Hyper-V by Vyatta (previously handled by Nexus 1000V). I don't use my Layer 3 switches for anything other than as a test bed, due to noise and power requirements (not to mention lack of gigabit ports). |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
ya we had setup nic load balancing but then just by random occurance at the same time symantec messed up and the nic load balancing was initialy blamed and when symantec was fixed the nic load balancing wasn't put back yet
and with the file/folder redirection (desktop/My documents/ect) being moved to the file server and then synced there are some throughput issues but we'd need to move the intervlan routing and thats just not going to happen
good companies shouldn't offload most of their main office IT work to contractors and then they shouldn't hire the contractors that lead them down a bad path. |
|
 TomS_Git-r-done
MVM
join:2002-07-19
London, UK |
to DarkLogix
said by DarkLogix:if it were up to me I'd have the 4200EX (ok really I'd have a 3750X) do the intervlan routing I would just come in late one night, re-configure the network, and wait until people notice how much better its working, then say "I told you so!".  But, dislike managers that think they know the best way to configure the network - if that were the case, why bother even hiring any engineers/technicians - seems the manager can handle it all! Managers should stick to managing, not dictating. |
|
sk1939
Premium Member
join:2010-10-23
Frederick, MD |
sk1939
Premium Member
2012-Feb-15 4:27 pm
Then their jobs would be made redundant if workers could manage themselves. Besides, they lose the fun of micromanaging things then. |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
to TomS_
said by TomS_:said by DarkLogix:if it were up to me I'd have the 4200EX (ok really I'd have a 3750X) do the intervlan routing I would just come in late one night, re-configure the network, and wait until people notice how much better its working, then say "I told you so!". But, dislike managers that think they know the best way to configure the network - if that were the case, why bother even hiring any engineers/technicians - seems the manager can handle it all! Managers should stick to managing, not dictating. Its the head of one section of IT that made that ruling (our IT is split into a few sections) If I came in and fixed it they'd likely be ticked off so fast those pesky Layer9 issues can be impossible to fix (or atleast fix and stay employed) |
|
| DarkLogix |
to sk1939
said by sk1939:Then their jobs would be made redundant if workers could manage themselves. Besides, they lose the fun of micromanaging things then.
Funny thing is that before the last big musical managment the office I'm in had the highest user satisfaction rate |
|
| |
to DarkLogix
Layer 8 & 9 get me everytime |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
DarkLogix
Premium Member
2012-Feb-16 10:35 pm
said by calvinj:Layer 8 & 9 get me everytime
Layer 8 isn't a big deal much, its layer 9 that kills me |
|
| |
Politics, money or personnel?  Regards |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
DarkLogix
Premium Member
2012-Feb-19 11:01 am
layer9 = managment |
|
| |
...riiiight, I forgot that one DarkLogix Regards |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX
2 edits |
DarkLogix
Premium Member
2012-Feb-21 10:06 am
Ya you went right to Layer10
just a refresh
Layer8=end user
Layer9=end user's boss
Layer10=athority outside of the company(government genrally)
Layer11=laws of science |
|
| |
to calvinj
please tell me those sonic points have a way to connect to the network on the bottom of the device....????
we are planning on installing those in our office later this year and i was going to mount them on drop ceiling tiles. i won't be able to have that clean look if i have to have the wire sticking out of the side like that. |
|
| |
calvinj
Member
2012-Feb-27 11:19 am
On the side. Sorry. Actually I installed them on the ceiling tiles and it doesn't look that bad. Only 2in or less of ethernet sticking out of the ceiling. |
|
| |
tomdlgns
Premium Member
2012-Feb-27 11:26 am
right, it wont look terribly bad, but still, the flush look would have been better, what was sonicwall thinking?
do you have a picture of your sonicwall firewall with the sonic point section/tab active? i would like to see what that looks like.
i am running an NSA 2400
a screen shot of the sonicpoint/station status would be nice. |
|
| |
Is this what your looking for?  |
|
| |
tomdlgns
Premium Member
2012-Feb-28 5:10 pm
yes, thank you.
do you have it setup as 1 SSID so that users can bounce between them while keeping an active connection?
i am thinking 1 sonic-point might cover my entire office, but if i had to have two of them, i'd like to have the same SSID so the users doesnt have to bounce back and forth if they are back and forth between offices (within our building). |
|
| |
we are pretty spread out as it is. For the most part we don't roam between access points. I do have a new building that has two of them in the building and they cover it well. We currently have 3 SSIDs being broadcasted.
1 - Primary Staff (WPA2-PSK)
2 - Staff Wep (128 bit WEP, We have some older devices)
3 - Guest Wifi |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX
1 edit |
to tomdlgns
back were I worked before we installed cisco 1242 access points in the ceiling so you couldn't see them at all in normal use |
|
| |
tomdlgns
Premium Member
2012-Mar-2 11:11 am
i assume you mean couldn't
yeah, i don't mind if they are hidden or not, as long as having them above drop ceiling tiles didnt hurt the coverage. i suppose it might not matter all that much. |
|
DarkLogixTexan and Proud
Premium Member
join:2008-10-23
Baytown, TX |
ya sorry for the typo
in that location there wasn't any issue with the tiles and fiberglass (unless you wanted to actually get to it) |
|
