ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Time to gut the network - thoughts?

    Scheduled Pinned Locked Moved IT Discussion
    networkubntciscowirelessedgeswitchedgerouter
    280 Posts 11 Posters 60.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @stacksofplates
      last edited by

      @stacksofplates said in Time to gut the network - thoughts?:

      My point was, most of the people hiring consultants don't know what good or bad advice is. Look at SW. It's a perfect example.

      Mine too, which is why I've provided guidance on when to look for red flags even when advice "sounds good" otherwise. And even gave examples of ways to look into it even with zero technical knowledge or resources.

      That people don't know when advice is bad is the underpinning of this entire thread. Assuming that they can't tell when it is bad, here is when to question and then, here was how to question.

      1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @stacksofplates
        last edited by

        @stacksofplates said in Time to gut the network - thoughts?:

        I was saying statements like this:

        Should have walked them out the door the moment that you found out that they didn't know even the basic underpinnings of networking or phones. What value did they bring if they aren't aware of how either work?

        Are kind of ridiculous. If you yourself don't understand how they work, how would you decide they don't. Which is why people on SW are in the situations they are in.

        That one was different, though. That was that there was an IT person that could easily verify IT advice and could have determined that they were getting actively bad advice. That's a great example to discuss in a different scenario, but is not one caused by marketing (AFAIK.) You could argue, I suppose, that someone is marketing VLANs in this way, and I'll buy that, but I've not seen it personally and think it does not exist.

        It's totally true that people are often unaware when bad advice is given. But this conversation (once we went down the marketing route) is about one specific criteria for questioning that. It in no way is the only thing that you do nor is it perfect, it's about improving your chances.

        In the situation that you mention here, there is a bigger red flag - the vendor was a VAR and was not even paid to give advice. The sales guy was directly requested to sell them something, and he did. It's not really even advice at all, just a sales pitch. You could say that the resulting info was "advice" but it was from acknowledged sales people. So regardless of if we really call it advice or not... this is the epic "Don't Get Advice from Vendors or VARs" scenario, rather than the marketing one.

        Why people on SW normally get into that particular pickle requires them to do the following....

        1. Get advice from a sales guy instead of getting any IT consultant involved at all.
        2. Not have internal IT that is prepared to oversee that scenario look into it
        3. Not have an IT consultant that covers that base instead of the internal IT person.
        4. Doesn't go on SW or ML and have the sales pitch reviewed before committing to it.

        It requires all four steps at a minimum (or somewhere in 2/3 a mistake to be made, which happens of course) to have been missed and since the people are on SW specifically in your example, we can't use the excuse that they didn't know where to post for advice and review 🙂

        1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in Time to gut the network - thoughts?:

          Currently my HP-2824 switch is acting as a router between my VLANs. Anyone know from experience if the Edgeswitches can do this? The specs claim they can.

          Yes they can, any L3 switch can. But consider this as a good time to just remove the VLANs, too.

          stacksofplatesS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Dashrender
            last edited by

            @Dashrender said in Time to gut the network - thoughts?:

            4 Edgeswitch ES-48-500w
            ....
            Suggestions of changes? other questions, things I should consider?

            So these are all PoE? Is that necessary? Have you considered a stacked switch environment instead? I love UBNT EdgeSwitches, but I don't think that they stack as well as some alternatives, even Netgear Prosafe. Moving to a single switch stack is the standard answer for a multi-switch environment.

            If possible, I'd flatten the network and stack the switches as the first step. Simplicity is its own reward. Less to manage, better performance.

            DashrenderD 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said in Time to gut the network - thoughts?:

              Even if the Edgeswitch can do this, should I? Or should I install an EdgeRouter to route between my VLANs? I currently don't have any ACLs between VLANs. I have VLANs because of legacy thinking (heck, my phone provider is still practically demanding a VLAN for the VOIP phones).

              Put in QoS for your RTP traffic (the REAL voice traffic, not SIP), flatten the network. Get QoS end to end, the place where it matters most (generally the only place that it matters) is on the WAN interface and often VLANs get chopped off before that point. Are you sure that you even have QoS today?

              stacksofplatesS 1 Reply Last reply Reply Quote 0
              • stacksofplatesS
                stacksofplates @scottalanmiller
                last edited by

                @scottalanmiller said in Time to gut the network - thoughts?:

                Put in QoS for your RTP traffic (the REAL voice traffic, not SIP),

                Ah you said RDP before and I was so confused.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • stacksofplatesS
                  stacksofplates @scottalanmiller
                  last edited by stacksofplates

                  @scottalanmiller said in Time to gut the network - thoughts?:

                  @Dashrender said in Time to gut the network - thoughts?:

                  Currently my HP-2824 switch is acting as a router between my VLANs. Anyone know from experience if the Edgeswitches can do this? The specs claim they can.

                  Yes they can, any L3 switch can. But consider this as a good time to just remove the VLANs, too.

                  Do you ( @Dashrender ) have to have a DMZ for anything? Or are you completely cloud now with your EMR portal?

                  1 Reply Last reply Reply Quote 0
                  • J
                    Jason Banned @stacksofplates
                    last edited by

                    @stacksofplates said in Time to gut the network - thoughts?:

                    Ok I'm done. I'm missing time with my family.

                    My point was, most of the people hiring consultants don't know what good or bad advice is. Look at SW. It's a perfect example.

                    I was saying statements like this:

                    Should have walked them out the door the moment that you found out that they didn't know even the basic underpinnings of networking or phones. What value did they bring if they aren't aware of how either work?

                    Are kind of ridiculous. If you yourself don't understand how they work, how would you decide they don't. Which is why people on SW are in the situations they are in.

                    Yeah this site is going down hill fast.. all it is is threads that turn into arguments anymore.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @stacksofplates
                      last edited by scottalanmiller

                      @stacksofplates said in Time to gut the network - thoughts?:

                      @scottalanmiller said in Time to gut the network - thoughts?:

                      Put in QoS for your RTP traffic (the REAL voice traffic, not SIP),

                      Ah you said RDP before and I was so confused.

                      Whoops. Yes RTP, the Real Time Protocol.

                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @Dashrender
                        last edited by

                        @Dashrender said in Time to gut the network - thoughts?:

                        I guess I don't see the point in VLANs with no firewall rules.

                        Legacy understanding, and the belief (by the phone installation company) that VLANs would allow QOS for the IP phones.

                        Of course the use of VLANs does allow for VLAN X to have a higher QOS level, but if the switch is saturated by traffic on other VLANs, I suppose the switch should give priority to the QOS ratings, but I probably have problems to fix.

                        Ah, actually there is a mistake here. VLANs, as we've discussed, don't provide for QoS. That we know. But what was being mentioned here is that without firewall rules, there isn't any effective QoS at all.

                        QoS only ever kicks in when something is totally saturated, otherwise there is nothing to do. But the issue is that your switches are effectively never a bottleneck. If they are, fix that.

                        QoS exists, for all intents and purposes, for one spot only and that is the bottleneck of when the LAN hits the WAN. When it does, the QoS from the VLANing is stripped off. So if you don't have QoS where it makes a difference, what was the point of it all along?

                        This is the fear of VLANs, well one of them. Not only do the VLANs make things more complex, but they also hide when the QoS might have actually been completely left off. Yes, a checkbox called QoS was checked, but there isn't any useful QoS on the network if it is not handled by a rule in the router(s).

                        This isn't a legacy thinking problem, VLANs are not a legacy thing. It's also not legacy in other potential ways. No matter what era you go back to, VLANs were never for performance or QoS and in no era was QoS on the LAN a replacement for QoS to the WAN. This isn't a consultant that didn't "keep up" with modern thinking. This was wrong in every era, in every scenario if there was nothing on the WAN link to do the QoS there.

                        1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @Dashrender
                          last edited by

                          @Dashrender said in Time to gut the network - thoughts?:

                          FYI - in Q1 of 2017, the plan is to replace the digital phones with IP phones, this is the reason for the POE switches in Building 2.

                          Is the pure PoE because essentially every device connects "through a phone"?

                          1 Reply Last reply Reply Quote 0
                          • J
                            Jason Banned
                            last edited by

                            I'm not sure why people use VLANS thinking it's QOS heck most of the time VoIP doesn't need QoS on the LAN until you get big anyhow..

                            We use VLANs for security and logical separation but if you have no ACLs then there's no security.

                            We use VLANs for the phones most for sanity.. We don't want to see 23,000 phone in our dang DHCP server nor pay for windows device cals for non-domain users with phones. DHCP is handled by routers for phones. Secondly, Phones are setup by a TFTP server which is handed out by DHCP. Doing this on the main network will mess with PXE boot for clients.

                            scottalanmillerS stacksofplatesS 3 Replies Last reply Reply Quote 4
                            • scottalanmillerS
                              scottalanmiller @Jason
                              last edited by

                              @Jason said in Time to gut the network - thoughts?:

                              We use VLANs for security and logical separation but if you have no ACLs then there's no security.

                              We use VLANs for the phones most for sanity.. We don't want to see 23,000 phone in our dang DHCP server nor pay for windows device cals for non-domain users with phones. DHCP is handled by routers for phones. Secondly, Phones are setup by a TFTP server which is handed out by DHCP. Doing this on the main network will mess with PXE boot for clients.

                              Yeah, if you are using it for management domains or whatever, totally different. Still need some amount of scale to make that makes sense, but not a crazy scale by any stretch. Even at 30 phones you might justify it, if it's because of management. But even then, you'd probably add ACLs, just for the extra security since it is so easy.

                              1 Reply Last reply Reply Quote 1
                              • scottalanmillerS
                                scottalanmiller @Jason
                                last edited by

                                @Jason said in Time to gut the network - thoughts?:

                                I'm not sure why people use VLANS thinking it's QOS heck most of the time VoIP doesn't need QoS on the LAN until you get big anyhow..

                                This is definitely one that I can't figure out. Where the idea that QoS is needed on the LAN, needed for a normal SMB or is achieved with VLANs I can't figure out. I've never found a logical source of where this would come from.

                                1 Reply Last reply Reply Quote 1
                                • stacksofplatesS
                                  stacksofplates @Jason
                                  last edited by

                                  @Jason said in Time to gut the network - thoughts?:

                                  I'm not sure why people use VLANS thinking it's QOS heck most of the time VoIP doesn't need QoS on the LAN until you get big anyhow..

                                  We use VLANs for security and logical separation but if you have no ACLs then there's no security.

                                  We use VLANs for the phones most for sanity.. We don't want to see 23,000 phone in our dang DHCP server nor pay for windows device cals for non-domain users with phones. DHCP is handled by routers for phones. Secondly, Phones are setup by a TFTP server which is handed out by DHCP. Doing this on the main network will mess with PXE boot for clients.

                                  Ha ya I don't know how you gain performance in going from a LAN to a ....LAN.

                                  1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Time to gut the network - thoughts?:

                                    @Dashrender said in Time to gut the network - thoughts?:

                                    4 Edgeswitch ES-48-500w
                                    ....
                                    Suggestions of changes? other questions, things I should consider?

                                    So these are all PoE? Is that necessary?

                                    For all but the switch in the server cabinet, yes because I don't want to deal with power bricks at the phone side.

                                    1 Reply Last reply Reply Quote 1
                                    • DashrenderD
                                      Dashrender
                                      last edited by

                                      @scottalanmiller said in Time to gut the network - thoughts?:

                                      Have you considered a stacked switch environment instead? I love UBNT EdgeSwitches, but I don't think that they stack as well as some alternatives, even Netgear Prosafe. Moving to a single switch stack is the standard answer for a multi-switch environment.

                                      Three of the switches are in one building, two are in the other. Do the stacked switches work over ethernet connections? And what's the cost difference for those over the EdgeSwitch. Not to mention that I already have one HP and one Edgeswitch ( I didn't mention the other EdgeSwitch earilier because I was just planning on getting more of them, so really, I'm only buying 3, not 4). If I don't use them, I have $1500+ just sitting around - yeah sunk cost and all, but my currently approved budget (pending my confirmation from posting here) does not account for having to buy five switches. Adding two additional switches would probably increase the cost 25%+. Does it give me a bit more work, sure, do I think it will cost me more in time managing it than the cost of additional gear? no.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in Time to gut the network - thoughts?:

                                        Three of the switches are in one building, two are in the other. Do the stacked switches work over ethernet connections?

                                        No, not really. It wouldn't be a functional stack if it did. You'd have a terrible backplane problem.

                                        DashrenderD 1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Time to gut the network - thoughts?:

                                          If possible, I'd flatten the network and stack the switches as the first step. Simplicity is its own reward. Less to manage, better performance.

                                          Yes I'd like to do that.

                                          current VLAN setup

                                           VLAN 1       192.168.1.x/24       servers/PCs/printers
                                           VLAN 2       192.168.150.x/24     Phones (the phones are programmed to be on this VLAN
                                           VLAN 105     192.168.105.x/24     wireless
                                           VLAN 17      10.10.10.x/28        imaging
                                           Remote site  192.168.5.x/24       remote location (no VLAN tags)
                                          

                                          From this information, I believe that I can expand the VLAN1 (default VLAN) to 192.168.0.x/22 without affecting any of the other VLANs and move the laptops and phones into the expanded network at my own pace, but I would have to have the VLANs active while doing so.

                                          Comments, concerns?

                                          DashrenderD JaredBuschJ 2 Replies Last reply Reply Quote 1
                                          • DashrenderD
                                            Dashrender @Dashrender
                                            last edited by

                                            @Dashrender said in Time to gut the network - thoughts?:

                                             VLAN 17      10.10.10.x/28        imaging
                                            

                                            There is currently a plan being made to make VLAN 17 be completely independent, i.e. share no hardware with the rest of the network. This will require a ER with fiber GBIC/SFP in building 1 connected to a private MAN connection (copper based) to another client, and internally connected to the private fiber to building 2. In building two I'll have the smallest EdgeSwitch with an SFP port to plug in fiber. The devices for this network would be be plugged into this switch.
                                            Should I use VLAN instead to deliver this of splitting it to it's own hardware? ensuring that NO traffic passes between this imaging network and my production network is critical. If the EdgeSwitch supports ACLs (which I read it does) then I should be able to do it completely with VLANs without risking my network.

                                            Thoughts?

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 7
                                            • 8
                                            • 9
                                            • 10
                                            • 11
                                            • 12
                                            • 13
                                            • 14
                                            • 9 / 14
                                            • First post
                                              Last post