I have DMVPN with two hubs and an EIGRP relationship to a firewall (as well as to the spokes.)
The problem I am running into is that all of the DMVPN traffic is trying to egress Via one of the two VPN  hubs - HUB 1 - it's at capacity for passing encrypted traffic.

SPOKE----HUB 1----FW
SPOKE----HUB 2----FW

HUB1 is assigning a metric to the routes it learns from the spokes which is preferable to HUB2.
So that's why the FW is sending all the traffic to HUB1.

HUB1
 redistribute eigrp 300 metric 100000 0 255 1 1500 route-map EIGRP300-TO-EIGRP100

HUB2
 redistribute eigrp 300 metric 100000 10 255 1 1500 route-map EIGRP300-TO-EIGRP100

The firewall and the HUB DMVPN routers speak via EIGRP100. Hub to spokes via 300.

What I want to do is for the firewall to prefer one hub for half of the sites roughly. I could put in some static routes as a quick fix out of the traffic jam. I could remove HUB 1 from half of the spokes and that would make the HUB 2 the best path for half of the spokes. But surely there's a more elegant approach using route maps.

Something to the effect of..

If you match ACL SAVE-MY-DMVPN, you have a better metric than HUB 1. Otherwise you keep the same metric you have now and let HUB 1 keep doing its thing.

???
spiker.png

Hello Experts,

I am looking for feedback on this.

I have client that is expanding and the clients signed a contract for unmanaged wavelength from their data center on premise to the new site office ,  do you know what to expect exactly from the ISP.

The internet access will be from the data center.

Thanks,

What logs would house information on NTP?  I'm trying to see if I can ingest these logs into Splunk to check and see if any servers times on the network are off.

We just migrated second link on BGP on for customer. The link is up and advrtising customer prefix to the internet and is load sharing the traffic w/ another (different) providers' link (Separate from ours). The customer thinks that the Route distribution on our link is at least 20% less than other providers'. Can anyone comment on what could happening ? I looked thro' looking glass portals and our BGP link is not preferred (Mostly).  Please comment.

My initial question is does it depend on type of ISP Provider, (the other link is provided by Tier 1 ISP Provider)?

Thanks;

Dear Experts

I am looking for the best practice network design to connect 03 offices which is 3 different locations with secured links with redundant links. Below explained
Data center where business applications are hosted in the location 1 here the business applications which are web-based applications, windows AD for authentication, file server, email server are maintained, cisco 1010 FTD and Cisco FMC is in place and two ISP’s.
Location 2 which is far of distance is going to be connected to location 1 data center with MPLS VPN link and for redundancy broad band link planning for SD WAN solution. Finalized and implementation is in progress.
Now that all the employees who were so far working in location 1 that is at data center location to be shifted to the location 3 which is of little distance from location 1.  However, we are not shifting data center and our employess are of 20 users who is going to work from location 3 and they have to login for authentication to location 1 where the windows AD and file server for their document store and business application they use CRM.
1.      Please suggest the best network design to connect location 3 to location 1, should I have to plan for MPLS VPN as one link and secondary link as leased line and use SD WAN solution here or any other best practice please.
2.      How much bandwidth would be needed between location 3 to location 1 for web-based and store documents in the folder
3.  as we have 20 users is it required to setup …

Client has a /16 and wants to advertise a /24 within the /16 via a new carrier at one of their smaller sites. Are there any things I need to discuss with the current carrier or the new carrier to make sure the new peering doesn't interfere with the existing route advertisements? Any other gotchas to consider in this operation? Thanks!

Hi, we use haproxy with round robin on a few servers which works amazingly well
However now we need to use it for tcp sessions from different ports

basically, gps iot devices create connections to our server via TCP
When I run a netstat, I see lots of devices sending data from same IP address but different port
here is a snap shot
TCP myServerIp:9001 141.86.25.16:60046 ESTABLISHED
TCP myServerIp:9001 141.86.25.16:62084 ESTABLISHED
These are not the same device, they are using a mobile/cell network with same IP but different ports

So I would need a configuration for HA proxy to route to different servers based on IP and PORT
All the examples I’ve seen so far just use IP, which would not work well for me as it would batch a bunch of devices to same server.
I guess it would work, but it may overload one server and under-load another (if that makes sense)

Something else i’m not sure about, some devices also send data using UDP, and these would also need to be routed to same server, not sure if this would work or if i would just have to route all UDP devices to 1 server

Any feedback, pointers and help appreciated
Thanks

First, I'm a novice with SSIS, having mostly just maintained existing packages.  I have a project that I upgraded from SQL Server 2008 R2/Visual Studio 2008 to SQL Server 2016 (deployment model) in VS 2017.  All of the packages work running locally on my machine just as they always have, with the exception of one.  

This loops through oledb source servers  using a connection string built by variables received from a query.  Then it starts the control flows, which each has a series of data flow queries.    The weird thing is sometimes it runs fine.  Most of the time I get errors like this:

…

Anyone has handon experience with a grpc reverse proxy ?

The context is anonymising queries to speech.googleapis.com. i have a valid api key, express agreement from google, and a production proxy that handles http queries to the same service. But unfortunately not http2

The future would be a smarter proxy that connects and authenticates against google services and multiplexes client requests to the service. I am also interested in simple client implementations in go. the front protocol might not be grpc in that case, though it would make it simpler.

For now, i played quite unsuccessfully with nginx, haproxy, and a bunch of socats and other tools to decapsulate ssl. Unfortunately i fail to undrstand the authentication mechanism used by google. Any knowlege in that field ?

I am also interested in a working grpc stream decoder

Thanks for your time

Ps : please do not answer with a random tutorial. I already read those, and still struggling.

BGP Configuration with and without another IGP

in the topology below, I would like to know if :

-- BGP needs to be configured on R1  R2,R3,R4  without any other IGP (OSPF)configured on the same routers.
-- Or BGP can be configured only on R1 and R4, but IGP (OSPF) should be configured on all 4 routers R1,R2,R3,R4

Thanks

Hi, I ran this wireshark network protocol analyzer with no programs open, including no background programs. I ran it for three minutes. I have the report in csv and in pcapng format.(I've changed the latter to a .txt extension to upload).

Can someone let me know if there's any odd network activity going on? Thanks. If you need more information, let me know, this is way over my head.
packet-dissection.csv
packets---Copy.txt

NFS on netapp filer - very slow only when over a hop


hi out of the blue. - juniper in the core  CIFS has slowed to crawl off a netapp - engineer did put a route in but only in prep for a change - it seems from that point on NFS browse to the netapp is soo slow its unusable
we since removed the route - but its just as bad no difference
dont even know if what he did was related

anyway if you are on the same subnet as the cifs netapp filer  (eg on a server in the same subnet )CIFS  performace is fine!!!
as soon as a hop to get to filer cifs share - its hopeless

Netapp 8.3 data on tap - Juniper core switched HELP