> Not having two sets of firewall rules and two sets of everything. I always disable IPv6 because it can bite you so hard when you don't realize that you are wide open to IPv6 connections because of different firewalls.…
We're all different, I find Cisco and Vyatta awkward because of different reasons. RouterOS is not the best there is but it's less awkward, in my opinion.
There may be more of us here, even in the FTTH-flavor. There are some imperfections, mostly related to bonding+ospf and vrrp-grouping but if one does not mind some warnings and a little scripts, one can make things work…
Back in the day... I used to maintain and manually scale a platform that ran a regionally large social site. It was written in PHP, by two geeks in a dorm, served by Apache and had a single MySQL database and host, in a…
That's because the DHCPv6 client in the modem generates a unique DUID for itself and the new one cannot know the fried modems DUID.
I'd like to disagree on IPv6 sucking and would like to steer this blame towards whoever decided to not be persistent. Firewalls can handle changing prefixes by masking it. Hosts can request certain addresses. Cheap…
That would most likely be because of low latency and jitter. The app is in essentially the environment it was developed in and does not have to put effort into correcting errors that itself cause pauses in the visible…
Interesting, Winbox or WebFig/CLI? I find this clunkyness to be a good thing, compared to shiny and inflexible products. I have some experience of quite a few brands and so far Mikrotik is one of the most coherent and…
It's quite a job to get closer to wire speed with 802.11ax still... Let's assume dual spatial streams and devices that not quite support anything past U-NII-1.…
IPIP/IPsec and OSPF would do nicely for efficient site-to-site meshing. But, adding docker to the equation makes it much more complicated. I'd prefer just operating the machines over IP and get rid of all remote desktop…
It's actually not better tech, instead it's more complicated, more error prone and less durable ways to use the same technology that produces more space for a lower price. MLC is pretty much okay but TLC is a little too…
This could be turned into a great, possibly awkward, movie.
You can always blow metal-free fiber in pipes. I'd use PE pressure pipe of suitable size, pull a string into it with a vacuum cleaner and pull fiber in... Hopefully the fiber survives.
With something as complicated as 9 separate locations, I'd definitely avoid unmanaged media converters. Managed ones will be able to tell you how well, or how poorly, your fiber links are doing.
I'd recommend using managed devices as opposed to using dumb media converters. If there are issues, you have no insight into the issues with unmanaged devices.
A trusted certificate is nice and all but if you have to rely on DNS to find the CNAME-record that translates to an A-record and so forth, it becomes complicated and simpler for malicious parties to MITM you. A self…
Aside from versioning being clear about how big the change is, Windows Installer has this [0-255].[0-255].[0-65535] limit that I hope people do not learn about in the hard ways. It's not so fun to work around because…
I again have phobias regarding Watchguard and other products that have the consumer style special WAN-ports and related configuration restraints. Many Mikrotik-devices come preconfigured like consumer devices but the…
Mikrotik has recently made bridging much saner, which makes their portfolio complete for datacenter use and pretty close on bridging users in the access layer. Their CCR-series is very much bang per buck if L4-filtering…
I would not trust any unofficial installer. Luckily many problems can be solved with a USB-Ethernet adapter and later configuration of the systen, since the issue usually lies in exotic network hardware.
What? There is no such thing as 'non-free' Debian. The Debian repositories do contain the 'non-free' section which is used to deliver non-free firmware among other things.
Yup, turning off snooping would have fixed the issue at hand but not the poor choice of relying on STP for redundancy. I've seen this happen a few times in my life in production systems, designed by someone else.…
Large L2-networks never work well, they all have some issues. Their existence is purely based on lazyness or believing that Ethernet works like the water main... I admit that I might be more obsessive compulsive than…
> an attempted deployment of IPv6 caused packet storms in the MIT Computer Science and AI Lab's network They were relying on Spanning Tree in a who knows how big broadcast domain. Firstly, that's just begging for things…
From what I've observed, a while back they at least stopped selling their products in the US and then appeared again with FCC approval and limited radio frequencies in the US-models. Non-US -models are unlimited and did…
> Not having two sets of firewall rules and two sets of everything. I always disable IPv6 because it can bite you so hard when you don't realize that you are wide open to IPv6 connections because of different firewalls.…
We're all different, I find Cisco and Vyatta awkward because of different reasons. RouterOS is not the best there is but it's less awkward, in my opinion.
There may be more of us here, even in the FTTH-flavor. There are some imperfections, mostly related to bonding+ospf and vrrp-grouping but if one does not mind some warnings and a little scripts, one can make things work…
Back in the day... I used to maintain and manually scale a platform that ran a regionally large social site. It was written in PHP, by two geeks in a dorm, served by Apache and had a single MySQL database and host, in a…
That's because the DHCPv6 client in the modem generates a unique DUID for itself and the new one cannot know the fried modems DUID.
I'd like to disagree on IPv6 sucking and would like to steer this blame towards whoever decided to not be persistent. Firewalls can handle changing prefixes by masking it. Hosts can request certain addresses. Cheap…
That would most likely be because of low latency and jitter. The app is in essentially the environment it was developed in and does not have to put effort into correcting errors that itself cause pauses in the visible…
Interesting, Winbox or WebFig/CLI? I find this clunkyness to be a good thing, compared to shiny and inflexible products. I have some experience of quite a few brands and so far Mikrotik is one of the most coherent and…
It's quite a job to get closer to wire speed with 802.11ax still... Let's assume dual spatial streams and devices that not quite support anything past U-NII-1.…
IPIP/IPsec and OSPF would do nicely for efficient site-to-site meshing. But, adding docker to the equation makes it much more complicated. I'd prefer just operating the machines over IP and get rid of all remote desktop…
It's actually not better tech, instead it's more complicated, more error prone and less durable ways to use the same technology that produces more space for a lower price. MLC is pretty much okay but TLC is a little too…
This could be turned into a great, possibly awkward, movie.
You can always blow metal-free fiber in pipes. I'd use PE pressure pipe of suitable size, pull a string into it with a vacuum cleaner and pull fiber in... Hopefully the fiber survives.
With something as complicated as 9 separate locations, I'd definitely avoid unmanaged media converters. Managed ones will be able to tell you how well, or how poorly, your fiber links are doing.
I'd recommend using managed devices as opposed to using dumb media converters. If there are issues, you have no insight into the issues with unmanaged devices.
A trusted certificate is nice and all but if you have to rely on DNS to find the CNAME-record that translates to an A-record and so forth, it becomes complicated and simpler for malicious parties to MITM you. A self…
Aside from versioning being clear about how big the change is, Windows Installer has this [0-255].[0-255].[0-65535] limit that I hope people do not learn about in the hard ways. It's not so fun to work around because…
I again have phobias regarding Watchguard and other products that have the consumer style special WAN-ports and related configuration restraints. Many Mikrotik-devices come preconfigured like consumer devices but the…
Mikrotik has recently made bridging much saner, which makes their portfolio complete for datacenter use and pretty close on bridging users in the access layer. Their CCR-series is very much bang per buck if L4-filtering…
I would not trust any unofficial installer. Luckily many problems can be solved with a USB-Ethernet adapter and later configuration of the systen, since the issue usually lies in exotic network hardware.
What? There is no such thing as 'non-free' Debian. The Debian repositories do contain the 'non-free' section which is used to deliver non-free firmware among other things.
Yup, turning off snooping would have fixed the issue at hand but not the poor choice of relying on STP for redundancy. I've seen this happen a few times in my life in production systems, designed by someone else.…
Large L2-networks never work well, they all have some issues. Their existence is purely based on lazyness or believing that Ethernet works like the water main... I admit that I might be more obsessive compulsive than…
> an attempted deployment of IPv6 caused packet storms in the MIT Computer Science and AI Lab's network They were relying on Spanning Tree in a who knows how big broadcast domain. Firstly, that's just begging for things…
From what I've observed, a while back they at least stopped selling their products in the US and then appeared again with FCC approval and limited radio frequencies in the US-models. Non-US -models are unlimited and did…