dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
11

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet to DarkLogix

MVM

to DarkLogix

Re: [HELP] Cisco NewB with console cable, ASA-5505 & much grief,

said by DarkLogix:

said by tubbynet:

nothing is more fun than setting up something -- then finding out why it behaves the way it does.

q.

And then making it work in an even more interesting way.

one can only go so far.
its nice to have for personal edification -- but in large enterprise/sp/datacenter/hosting environments -- you need to be able to back up your claims.
more often than not -- it means building from or on top of a cvd (cisco validated design). there will always be tweaks, but any customer worth their weight will either (a) have a lab to mock this up -- or will request staging of equipment for a poc.

in large organizations with tight change management/strict sla/high uptime requirements -- you can't just cowboy a solution. it has to be vetted and approved. (of course, there are always exceptions to the rule *looks at meta See Profile*).
along the way, things are sure to break, and in that instance -- you use them as a troubleshooting activity.

q.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix

Premium Member

Of course.

Any solution to be deployed in a work enviro would have to met best practices. And just a test lab that shows it can work might not be enough vetting to find that 1-in-a-1000 bug that could crash the network.

Personaly I'm at a place that uses juniper, and well due to it juniper has made a awful impression on me.

So for now I mess with my cisco gear at home.

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by DarkLogix:

Personaly I'm at a place that uses juniper, and well due to it juniper has made a awful impression on me.

So for now I mess with my cisco gear at home.

juniper makes some solid kit, but just like any other vendor -- it takes knowledge of the code lineage, an understanding of hardware/software limitations, and the best practices for configuration.

in fact -- $current_customer would have a lot fewer headaches if they would have used srx firewalls instead of cisco asa.

juniper mx-kit is pretty solid as well, as long as you know the limitations of mpc, dpc, ms-dpc and how they play inside the chassis.

the ex-series is a little half-baked -- but most of the bugs are solved for simpler switching, etc. when you start running mpls bits on top, then it gets interesting.

long story short -- as a consultant -- you have to keep an open mind when it comes to hardware. blanket statements that $vendor sucks prevent you from developing a true best-of-breed solution. of course -- at times -- you have to tow the line of whichever vendor you are more closely associated with. for me -- that means cisco -- but being a var/partner with multiple companies provides that enablement to choose what is best.

make yourself an olive box. you'll enjoy it.

q.
aryoba
MVM
join:2002-08-22

aryoba to DarkLogix

MVM

to DarkLogix
said by DarkLogix:

Any solution to be deployed in a work enviro would have to met best practices. And just a test lab that shows it can work might not be enough vetting to find that 1-in-a-1000 bug that could crash the network.

Funny, enough some vendor simply uses simple lab environment (i.e. back-to-back cable) instead of using actual circuits (i.e. DWDM or long-hauls) as QA prior releasing new equipments. We actually hit an image bug on this new equipments, just because we use real-world DWDM circuit; causing the vendor had to release official bug and fix in their next image release to remediate the issue (no, we did not get our money back due to production-time loss)
said by DarkLogix:

Personaly I'm at a place that uses juniper, and well due to it juniper has made a awful impression on me.

So for now I mess with my cisco gear at home.

With Juniper gears (such as routers, switches, or firewalls); it would be a stable and powerful equipment without running new features (i.e. stick with JUNOS 11.x is more likely to keep stability instead of running 12.x). This mindset also applies to IOS 12.4 compared to 15.x whenever possible.

At home though, I ran JUNOS 12.x to monitor its stability. On newer Cisco gears, we ran the 15.x IOS on production network and so far it is still stable.
aryoba

aryoba to tubbynet

MVM

to tubbynet
said by tubbynet:

said by DarkLogix:

Personaly I'm at a place that uses juniper, and well due to it juniper has made a awful impression on me.

So for now I mess with my cisco gear at home.

the ex-series is a little half-baked -- but most of the bugs are solved for simpler switching, etc. when you start running mpls bits on top, then it gets interesting.

Due to stability, you are not supposed to use the EX series for MPLS since it is a job for the MX series. Of course, some people may have different idea

tubbynet
reminds me of the danse russe
MVM
join:2008-01-16
Gilbert, AZ

tubbynet

MVM

said by aryoba:

Due to stability, you are not supposed to use the EX series for MPLS since it is a job for the MX series. Of course, some people may have different idea

considering that juniper has no answer for the me3600/me3800 -- juniper users are turning to things like the ex4500/4550 for parity.

iirc -- this model supports more than one label at imposition -- making it suitable for vpnv4 bits. i think the ex4200 and smaller support only a single push/pop operation -- making them relatively useless in the mpls world.

q.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX

DarkLogix to tubbynet

Premium Member

to tubbynet
SRX240H routers and EX4200 switches (with full 48port gig POE)
with the SRX doing the intervlan routing with a 3 port LACP

then they've crashed pretty hard alot.