I think you take people more at their word, and I believe their word is usually just them CYA and frequently you have to read between the lines...
Which is why I'm a "better to ask forgiveness than permission," kind of guy.
Sun Oct 10 2021 18:35:27 EDT from Nurb432to me "at some point" implies it wont work, yet
Normally i would agree, but it sounds like you have to do port mapping, and currently, their apps dont support it... So in this case i have to take his word for it. Not going to pony out $ just to see..
You could be right - I didn't pay a lot of attention to the details in the explanation. I'd have to go back and read for comprehension. :)
Mon Oct 11 2021 08:30:40 EDT from Nurb432Normally i would agree, but it sounds like you have to do port mapping, and currently, their apps dont support it... So in this case i have to take his word for it. Not going to pony out $ just to see..
Keep your eyes open. Although I hope to keep using Ace forever, it would be nice to have a backup.
Of course, I suppose one possibility would be to just get a cheap VPS from a provider somewhere, and just use it as a front end router.
Right,that was my idea with AWS. 70 bucks a year, pretty quick to setup.
Wed Oct 13 2021 05:29:59 PM EDT from IGnatius T FoobarKeep your eyes open. Although I hope to keep using Ace forever, it would be nice to have a backup.
Of course, I suppose one possibility would be to just get a cheap VPS from a provider somewhere, and just use it as a front end router.
Total collapse of our network, again. Sounds like more mis-management/incompetence? Or am i just in a bad mood and its not really their fault?
This time:
"A multicast storm into the core caused the routing process to fail. Disabling multicast routing resolved the issues"
That my feelings too. But they are not new, but after the last 2 mistakes, they should be gone.
Thu Oct 28 2021 09:36:13 AM EDT from IGnatius T FoobarSounds like inexperienced network administrators to me. Most of us make those rookie mistakes at some point.
Unless you run a public network... Why would multicast even get into your environment if its not used?
Since it was disabled it leads me to believe that multicast serves no function.... SO it sounds like a cop-out.
Tue Oct 26 2021 18:13:45 EDT from Nurb432Total collapse of our network, again. Sounds like more mis-management/incompetence? Or am i just in a bad mood and its not really their fault?
This time:
"A multicast storm into the core caused the routing process to fail. Disabling multicast routing resolved the issues"
While its not a "pubic network", we do have some public sites we host ourselves, but they are translated from something like 4 external IPs. Bunch of site-to-site VPNs both to cloud providers and vendor sites. That is what burnt us last time, we let a end point broadcast DHCP back into our network, and had an overlapping range. Some forgot to restrict that at the firewall.. Should have been SoP.
I dont know enough of why we had multicast turned on, or why turning it off wont hurt us if it was on for a reason.
We do have some 30k computers, mixed of WiFi and Ethernet, perhaps 10k servers. Guessing 20k cell phones on WiFi across several thousand sites. 15k or so hardwired VoIP phones. 2 remote datacenters, far enough away from each other that common weather or a nuclear hit wont effect all 3 at once..We do have various 'phone extender' things from ATT and Version spread around the buildings, especially in basements. Few thousand remote mobiles ( cars, trucks, etc ), on cell data back home via VPN. Tons of people coming back in from home via VPN. Lots of stuff.. everywhere...
Wait, we do offer public WiFi i guess with easy 20k more connections.. But ts a separate network, at least its supposed to be, so it shouldn't conflict?
I will give them credit for keeping this mess alive, but when they do basic mistakes like this.. its frustrating.
Oh, and i'm not really giving away any corporate secrets, stuff like this is public record for us, due to who we are. ( now the details, not so much.. )
Unless you run a public network... Why would multicast even get into
your environment if its not used?
Good point, sciens ... you actually have to work really hard to route multicast, so much so that unless you are really trying hard to make a multicast application work across multiple subnets, you're not even going to be trying a little bit to set it up.
Plenty of applications will make use of multicast on the *local* segment, but that's not really the same thing.
I wonder if they simply meant that they were dealing with a large-scale Layer 2 broadcast storm on multiple networks. That, unfortunately, happens to a lot of people, even if you have somewhat experienced network people. Everyone usually experiences this at least once in their career if they are in the routing-and-switching area. Quite often it comes from mixing different protocols for "spanning tree on multiple vlans". For example if you mix PVST and MSTP on the same wire, you are headed directly into a broadcast storm that knocks out the entire network -- and it might not even happen immediately; some random little change later on might set it off.
cable providers use multicast for some set-top-box stuff, but that's all internal and hidden from the user.
I don't think a lot of end-user connections will have multi-cast available until IPv6 becomes the norm (if it ever does)...
cable providers use multicast for some set-top-box stuff, but that's
all internal and hidden from the user.
Right. AT&T (sorry ... "at&t") uses multicast to distribute video on their hybrid and fiber services. It's true video over IP and it's possible because they control the entire network from the head end to the decoder box. When a subscriber "tunes in" to a channel, the decoder joins the multicast group for that channel, and then all the routers between the subscriber and the head end begin transmitting the payload data. It's *very* tricky to maintain, but it uses the bandwidth efficiently, because if a second subscriber tunes in to the same channel, it doesn't have to open a second stream.
At the moment I have my tunnels built out from a Raspberry Pi acting as a VPN router. After the v7 upgrade I won't have to do that anymore.
Speaking of VPN - what are your thoughts about DPN?
It sounds kind of like my concept of using shared-nodes to bypass ISP providers almost completely.
2022-02-19 23:55 from IGnatius T Foobar
I don't remember who it was, but someone here turned me on to Mikrotik,
which I now use exclusively for my home networking needs. Tonight I
discovered that the long-awaited RouterOS v7 is finally out of beta.
This is a big deal for me because v7 has WireGuard VPN built right into
the router software.
At the moment I have my tunnels built out from a Raspberry Pi acting
as a VPN router. After the v7 upgrade I won't have to do that anymore.
It was me. Thanks for asking.
I am so glad you are liking the stuff.
I'm running the hEX RB750Gr3 (wired only) as the core router, and three of the hAP Lite RB941-2nD access points around the house. I like that they run the same software and can be configured as routers unto themselves, or as managed access points with a couple of extra switch ports for nearby wired devices, which is how I have them set up.
I'm not familiar with DPN either, but a quick web search corroborates Nurb's suggestion that it is a skin condition. :)
Seriously though, it looks like the idea of a Decentralized Private Network is that it's a generic term for what most people call overlay networks, with its participants either self-organizing or privately organizing, and assembling a mesh of encrypted tunnels *over* the public Internet instead of communicating over the mainstream channels. Obviously that makes a lot of sense to a crowd like us, who have zero trust for the tech giants and assume that they have bad intentions 100% of the time.
I'd divide these into two categories:
Category 1: online media that is federated, decentralized, and free of choke points that the purple-haired cancel twats can use to silence participants who fail to toe the line. Between anonymous networks like I2P and Tor, and highly-federated networks like Mastodon, there is a permanent place for these.
Category 2: virtual private networks that don't depend on hubs. If you need something like this for a corporate network, you can check out Tailscale, which is doing exactly that. It's a DPN based on WireGuard protocol but built like a gaming network -- everyone connects to a central hub only for endpoint location and key exchange, but the data path is actually a full mesh of WireGuard tunnels.
It remains secure because no one ever has to share their private key. Everyone can be on a dynamic IP address as well. They have a free tier if you just want to play around.
So yes, I think this kind of thing is definitely viable and will have an important role to play.