@scottalanmiller said in Cloudflare Spectrum alternative:

@jimmy9008 said in Cloudflare Spectrum alternative:

One options we are considering is to make storefront internal only. You can only get to it once having SSL VPN active, but that wont help remote contractors who do not have our machines/certificates to get on to the VPN.

Create another VPN solution just for them? It'll be better than exposing all that otherwise.

That could be an option. Will revisit this project in the summer, its on the back burner now due to other priorities.

One options we are considering is to make storefront internal only. You can only get to it once having SSL VPN active, but that wont help remote contractors who do not have our machines/certificates to get on to the VPN.

@dashrender
There are a range of TCP/UDP required ports for the solution to work. Once example is EDT. Our DC team have that on to help the user experience for remote connections. I think that is UDP 2598. There are other examples too.

TCP / UDP : 2598
TCP / UDP : 443
TCP: 8008
UDP: 16500 - 16509

Hi folks,

I have been trying to find Cloudflare Spectrum alternatives and have had little luck. Reaching out to see if anybody has suggestions.

What we are trying to do: We have Citrix storefront sitting in our DC. This is currently behind a Cisco firewall allowing tcp/udp from whitelisted IPs around the globe. Storefront uses https/443. Once authenticated users download Citrix ICA file which uses a range of TCP and UDP ports to connect to their Citrix remote desktop in our DC. Not 443/80/8080.

We have recently become global and would like to go from whitelisted IPs on the Cisco to being behind a WAF/CDN for this resource. I started initially looking at Cloudflare however they only proxy 443/80 unless you purchase Cloudflare Spectrum, which takes the price from $200pcm to over $100k per year for their enterprise plan. Well, thats what they have quoted anyway. We are looking for any lower cost options.

I have looked at other options like Akamai and Citrix CWAAP. Akamai are not able to offer other TCP/UDP ports and CWAPP is still $72k per year.

Do you have any ideas on what to look at? We would probably be open to about $12k per year.

Cheers,
Jim

Turned down a job offer with a finance company. Better pay and benefits but I just did not feel excited for the position. Couldn't bring my self to sign the employment contract.

@scottalanmiller said in What Are You Doing Right Now:

@jimmy9008 said in What Are You Doing Right Now:

@scottalanmiller said in What Are You Doing Right Now:

@jimmy9008 said in What Are You Doing Right Now:

Stressing over a work decision where I have no information to make a decision.

And you are stuck with the decision because....?

The folk above me are fighting over control of various parts of the IT department. I've been told the teams are being broken up and moved to different areas of the larger business. There will be two IT areas - and I've been asked which I want to go to. But, I've not been told what I will be doing for either. I don't know what the job will entail, the results I need to provide, what I need to perform or the technology I'll be using, who the team are, if I will be managing and leading a team like I do now, none of it.

So, I am being asked to pretty much flip a coin as I know nothing about each role on either side. How can they ask me which I want to take without any data to make that choice. Hence, stressing about it.

Go to the US, this is the time to go. Huge shortage of workers. People will actually fight over you.

I'm working for a US company remotely from the UK. I would like to visit the US, but not live. I think I've decided which route to take now though based on one reason. My current boss will be moving to side 1, and he is sometimes like a micromanager, so I'm going to take my chances with side 2, which I know nothing about. Worst case, job hunt.

@scottalanmiller said in What Are You Doing Right Now:

@jimmy9008 said in What Are You Doing Right Now:

Stressing over a work decision where I have no information to make a decision.

And you are stuck with the decision because....?

The folk above me are fighting over control of various parts of the IT department. I've been told the teams are being broken up and moved to different areas of the larger business. There will be two IT areas - and I've been asked which I want to go to. But, I've not been told what I will be doing for either. I don't know what the job will entail, the results I need to provide, what I need to perform or the technology I'll be using, who the team are, if I will be managing and leading a team like I do now, none of it.

So, I am being asked to pretty much flip a coin as I know nothing about each role on either side. How can they ask me which I want to take without any data to make that choice. Hence, stressing about it.

Stressing over a work decision where I have no information to make a decision.

@pete-s said in Vagrant/DHCP problem:

@jimmy9008 said in Vagrant/DHCP problem:

@pete-s said in Vagrant/DHCP problem:

@jimmy9008 said in Vagrant/DHCP problem:

Hi folks,

Long post...

So, we have a DevOps colleague who has setup automation with Vagrant to one of our Hyper-V hosts. I am not familiar Vagrant at all, but the allows his code to build VMs on one of our Hyper-V hosts. I am trying to rule out DHCP being the issue.

Most of the time the VMs are made successfully and get a DHCP address. Every once in a while, one of the automated VM fail to get a DHCP IP (well, they actually don't). (from being generated new)

We setup Wireshark to capture traffic for one of these failed events. When this fails I can see:

1 - the broadcast from the mac of the VM asking for any DHCP servers on the subnet
2 - the DHCP offer with the MAC of the client and the IP available
3 - the actual DHCP request from the client MAC with the IP which is available from step 2
4 - the DHCP Ack from the DHCP server confirming allocation complete

I have checked the DHCP server and can see the record. Correct IP, MAC, and a machine name. Now, at this point I believe the entire flow has been successful. Now, this is where it goes wrong.

I connect to his VM in Hyper-V and login with the password he gave and type ipconfig /all
I get no IP, no subnet, but I do see DHCP = Yes, Gateway and DNS servers. I now type 'hostname', and the hostname is different to what is in DHCP!

What I suspect:

1. Vagrant makes the machine, it boots, gets an IP and is written to DHCP
2. At some point, the code written gets the VM to change its host name and the VM reboots
3. The VM (with its new name) asks DHCP server for the same IP
4. DHCP server refuses as the hostname does not match the IP in its records
5. Vagrant VM is left in a stage having no IP

Does this sound reasonable? I assumed if this were the case though that the DHCP server would send a NACK or something refusing the IP renewal/request, but do not see the traffic in Wireshark.

If I restart the VM or do ipconfig /renew, it does get the correct IP, and DHCP updates with the new name of the machine.
This once in a while happens to his Linux VM and his Windows Server VM which are made via Vagrant, leading me to believe the issue is Vagrant.

The fact DHCP has a record of the IP, Name and MAC of the host before name change makes me think the issue is with Vagrant/his code rather than DHCP server.

Cheers

You might be confused by the hostname without it being a problem.

Normally it's the DHCP client that tells the server it's hostname in the DHCPREQUEST package.

So the hostname is set in the OS during installation and it's communicated to the DHCP server. The DHCP server stores this information in it's lease table. The hostname and IP can then be communicated from the DHCP server to DNS as well.

But it's also possible for the DHCP client to change the OS hostname based on a hostname the DHCP server sends - usually when having static DHCP reservations.

It's however not a requirement for the dhcp client to sends its hostname to the dhcp server and it's not a requirement that the dhcp client changes the hostname based on the hostname the DHCP server provided either. These are options that can be enabled or not.

Whatever the setup is, you can have the hostname inside the VM and the hostname on DHCP/DNS be different without anything being wrong.

I think you're on the right track using wireshark to figure out what is happening. I would have a close look on the MAC addresses to see what VM is doing what.

I don't know Vagrant but I don't see any reason for the DHCP server to supply a hostname to the VM when Vagrant is perfectly capable of setting the VMs hostname itself.

I would have a look at the DHCP server settings. Are you for instance using static reservations and are you setting hostnames from the DHCP server?

Sorry. I wrote a lot. The DHCP server is not controlling the hostname of the client VM in any way.
What I meant was vagrant creates a VM with a vNIC, and a hostname called say 'vagrant-123', it boots, gets DHCP successfully, talks to the vagrant server/control/source (I'm not sure how that works). That orchestration 'thing' rolls out whatever is needed to the VM, then changes its name to say 'DevEnv15'.
Changing its host name makes it reboot. At that point, it sometimes no longer has its DHCP address. DHCP lists the original name.

Upon ipconfig renew, the VM gets its IP back.

Okay. Well, if you have a standard dhcp server and are not using static reservations, then the hostname has no influence on dhcp. It's the MAC address that determines what IP you are given.

If you want to check for the same VM doing several attempts at dhcp you should look for the same MAC address in wireshark. It highly unlikely that Vagrant changes the mac address after the VM has been created.

Funny enough, this environment is on its own dedicated vLAN with its own dedicated DHCP server. The DHCP server, Vagrant System, and the VMs that are created, are all on the same Hyper-V host.

Understood regarding name. We can drop that as it sounds like a red herring. From the Wireshark logs, I can see the entire DHCP request which shows as working successfully. When the built VM reboots following a name change (although the name change is a red herring), there are no follow up requests from the VM to the DHCP server. Upon rebooting, should the VM poll the DHCP server to see if the IP that was assigned moments ago is still available? Or, as the lease is longer will the VM just use it as it still has a lease?

Either way, the fact ipconfig shows the correct DNS servers shows me that the first attempt worked prior to restart, otherwise the DNS settings would be blank because that is given via DHCP. So, the problem looks to be the Vagrant VM losing or not holding the DHCP IP and Subnet in its config upon restart - once in a while...

@pete-s said in Vagrant/DHCP problem:

@jimmy9008 said in Vagrant/DHCP problem:

Hi folks,

Long post...

So, we have a DevOps colleague who has setup automation with Vagrant to one of our Hyper-V hosts. I am not familiar Vagrant at all, but the allows his code to build VMs on one of our Hyper-V hosts. I am trying to rule out DHCP being the issue.

Most of the time the VMs are made successfully and get a DHCP address. Every once in a while, one of the automated VM fail to get a DHCP IP (well, they actually don't). (from being generated new)

We setup Wireshark to capture traffic for one of these failed events. When this fails I can see:

1 - the broadcast from the mac of the VM asking for any DHCP servers on the subnet
2 - the DHCP offer with the MAC of the client and the IP available
3 - the actual DHCP request from the client MAC with the IP which is available from step 2
4 - the DHCP Ack from the DHCP server confirming allocation complete

I have checked the DHCP server and can see the record. Correct IP, MAC, and a machine name. Now, at this point I believe the entire flow has been successful. Now, this is where it goes wrong.

I connect to his VM in Hyper-V and login with the password he gave and type ipconfig /all
I get no IP, no subnet, but I do see DHCP = Yes, Gateway and DNS servers. I now type 'hostname', and the hostname is different to what is in DHCP!

What I suspect:

1. Vagrant makes the machine, it boots, gets an IP and is written to DHCP
2. At some point, the code written gets the VM to change its host name and the VM reboots
3. The VM (with its new name) asks DHCP server for the same IP
4. DHCP server refuses as the hostname does not match the IP in its records
5. Vagrant VM is left in a stage having no IP

Does this sound reasonable? I assumed if this were the case though that the DHCP server would send a NACK or something refusing the IP renewal/request, but do not see the traffic in Wireshark.

If I restart the VM or do ipconfig /renew, it does get the correct IP, and DHCP updates with the new name of the machine.
This once in a while happens to his Linux VM and his Windows Server VM which are made via Vagrant, leading me to believe the issue is Vagrant.

The fact DHCP has a record of the IP, Name and MAC of the host before name change makes me think the issue is with Vagrant/his code rather than DHCP server.

Cheers

You might be confused by the hostname without it being a problem.

Normally it's the DHCP client that tells the server it's hostname in the DHCPREQUEST package.

So the hostname is set in the OS during installation and it's communicated to the DHCP server. The DHCP server stores this information in it's lease table. The hostname and IP can then be communicated from the DHCP server to DNS as well.

But it's also possible for the DHCP client to change the OS hostname based on a hostname the DHCP server sends - usually when having static DHCP reservations.

It's however not a requirement for the dhcp client to sends its hostname to the dhcp server and it's not a requirement that the dhcp client changes the hostname based on the hostname the DHCP server provided either. These are options that can be enabled or not.

Whatever the setup is, you can have the hostname inside the VM and the hostname on DHCP/DNS be different without anything being wrong.

I think you're on the right track using wireshark to figure out what is happening. I would have a close look on the MAC addresses to see what VM is doing what.

I don't know Vagrant but I don't see any reason for the DHCP server to supply a hostname to the VM when Vagrant is perfectly capable of setting the VMs hostname itself.

I would have a look at the DHCP server settings. Are you for instance using static reservations and are you setting hostnames from the DHCP server?

Sorry. I wrote a lot. The DHCP server is not controlling the hostname of the client VM in any way.
What I meant was vagrant creates a VM with a vNIC, and a hostname called say 'vagrant-123', it boots, gets DHCP successfully, talks to the vagrant server/control/source (I'm not sure how that works). That orchestration 'thing' rolls out whatever is needed to the VM, then changes its name to say 'DevEnv15'.
Changing its host name makes it reboot. At that point, it sometimes no longer has its DHCP address. DHCP lists the original name.

Upon ipconfig renew, the VM gets its IP back.

@dafyre said in Vagrant/DHCP problem:

@jimmy9008 Is this happening wiht a Windows VM or Linux?

If Windows, edit the base VM and go to the registry:

HKLM\System\CurrentControlSet\Service\tcpip\Parameters

Add a D-Word entry by the name of "ArpRetryCount" and set the value to 0.

That will help the DHCP issue.

Both. Randomly. Maybe 1 in 50/100 runs.

@stacksofplates said in Vagrant/DHCP problem:

Just for understanding, why Vagrant on the remote machine and not Terraform? Vagrant in my experience had been for local dev. Not saying it doesn't work and I thought I saw recently about remote systems with Vagrant, but terraform would most likely work much better.

Interesting question. I actually am not sure. The host and VM are development hardware. The tool made by the Devops guy is to spin up development environments of our various software we make, so assume that's why he uses vagrant. I do not know specifically though as I'm not in the development team.

Hi folks,

Long post...

So, we have a DevOps colleague who has setup automation with Vagrant to one of our Hyper-V hosts. I am not familiar Vagrant at all, but the allows his code to build VMs on one of our Hyper-V hosts. I am trying to rule out DHCP being the issue.

Most of the time the VMs are made successfully and get a DHCP address. Every once in a while, one of the automated VM fail to get a DHCP IP (well, they actually don't). (from being generated new)

We setup Wireshark to capture traffic for one of these failed events. When this fails I can see:

1 - the broadcast from the mac of the VM asking for any DHCP servers on the subnet
2 - the DHCP offer with the MAC of the client and the IP available
3 - the actual DHCP request from the client MAC with the IP which is available from step 2
4 - the DHCP Ack from the DHCP server confirming allocation complete

I have checked the DHCP server and can see the record. Correct IP, MAC, and a machine name. Now, at this point I believe the entire flow has been successful. Now, this is where it goes wrong.

I connect to his VM in Hyper-V and login with the password he gave and type ipconfig /all
I get no IP, no subnet, but I do see DHCP = Yes, Gateway and DNS servers. I now type 'hostname', and the hostname is different to what is in DHCP!

What I suspect:

1. Vagrant makes the machine, it boots, gets an IP and is written to DHCP
2. At some point, the code written gets the VM to change its host name and the VM reboots
3. The VM (with its new name) asks DHCP server for the same IP
4. DHCP server refuses as the hostname does not match the IP in its records
5. Vagrant VM is left in a stage having no IP

Does this sound reasonable? I assumed if this were the case though that the DHCP server would send a NACK or something refusing the IP renewal/request, but do not see the traffic in Wireshark.

If I restart the VM or do ipconfig /renew, it does get the correct IP, and DHCP updates with the new name of the machine.
This once in a while happens to his Linux VM and his Windows Server VM which are made via Vagrant, leading me to believe the issue is Vagrant.

The fact DHCP has a record of the IP, Name and MAC of the host before name change makes me think the issue is with Vagrant/his code rather than DHCP server.

Cheers

Laughing my ass off at red tape. Get a project. Reach out to specific vendors and get get the pricing and options. List four good options, with a #1 recommendation suitable for us. Get together with the C levels, and get it shot down as 'C' levels want to verify what we actually need from the options (which I did already). C levels spend several weeks in meetings, internally, externally... and come back with the exact same #1 recommendation. Pfft.

Hi folks,

We have quite a few servers running outdated firmware. Due to an issue with the current firmware version, we have been going server by server updating to a newer bios firmware. These are Dell servers, all the same model and under warranty.

We have so far done about 20 servers and they went fine. However, the 21st server developed a flapping issue on one of the NIC interfaces causing unplanned downtime to the VMs.

Management are asking us to identify which of these servers, as we have many remaining to patch, will develop an issue following patching such as a flapping problem, so they can be done at a different time to lower the impact of an outage.

My thoughts are that we cannot know if a server will develop an issue from a patch before doing the patch. But, they want a plan to know which to avoid.

Any advice here on how we could accomplish this? My plan would be to plan the patch, as the patch is valid for the server, and then leave the server out of the cluster for 24h and monitor for flapping/blue screen/whatever, then put back in the cluster. I do not think we could ever know beforehand if any one server will happen to develop an issue from a patch which is for that server.

Looks like upper limit is 100k in those areas then. Cheers folks

@nadnerb said in Senior sysadmin salary in Perth and Brisbane:

@Jimmy9008 You thinking of heading down this way?

No. We are expanding the team with two more people. Probably a senior system admin in Perth and a senior network admin in Brisbane. Just looking for suitable salaries to add on my budget request.

Hi folks,

Would you happen to know a rough salary range for senior sysadmin in Perth or Brisbane, with the following abilities? I am London based and understand tech salaries out there are higher(correctly?), but have no idea what is suitable for budgeting for the position.

Competencies:

• Windows Server/AD - core requirement

• Experience supporting VMWare and Hyper-V - core requirement

• Cisco UCS & Dell Servers – an asset

• Generalist experience of networking – an asset

• Storage (Nimble) – an asset

• RHEL – an asset

Cheers

@nadnerB
Cheers, if no improvement I'll take a look at some of those.

Keep in mind today was the go live for the switch over and only now have they spoken up about these problems. Way too late. Until now all we have had is the project is going to plan and they have configured correctly and are ready for the switch.

I got access to the new server via the old network earlier today and then found all these issues.