Show Us Your Racks

This is our comms room at work. Bear in mind that this is what its like when I first started and re-cabling it would take ages.

DSC00294.jpg


Had to re-patch a few workstations the other month and gave up in the end. We have got other wiring cabinets, and I've managed to tidy them up.
 
Yep its a ******* state. I've been saying this since I've started here, but nothing gets done about it. You should have seen the server room before I had a clean out.
 
atomiser said:
how do you like those junipers? i'm running a pair of 2000's at the moment in active/passive. brilliant pieces of kit!
Click to expand...

Not bad, a few problems, like they occasionally take half an hour to bring BGP back up after we fail a comms path (we're still in testing). The problems of using firewalls as routers I guess.

They are great firewalls though, and they're fully loaded with the IDP modules as well. We're running active/backup at each site too.
 
hmmm, thats interesting about the bgp, we're changing the way we do our internet service provision shortly so it will be interesting to see if we have similar issues. what code are you running on the boxes? one of the guys here wants to investigate active/active but im not convinced.

i'm still undecided about the idp blades, did some training on them not so long ago and wasn't very keen on the fact that you could do some stuff at the command line on the actual sensors when they were discrete units, but in the isgs you can only control them through nsm? i've no experience in a production environment though.
 
atomiser said:
hmmm, thats interesting about the bgp, we're changing the way we do our internet service provision shortly so it will be interesting to see if we have similar issues. what code are you running on the boxes? one of the guys here wants to investigate active/active but im not convinced.

i'm still undecided about the idp blades, did some training on them not so long ago and wasn't very keen on the fact that you could do some stuff at the command line on the actual sensors when they were discrete units, but in the isgs you can only control them through nsm? i've no experience in a production environment though.
Click to expand...

We're on the latest code (and to be fair, juniper are trying hard to help) but we haven't found a fix yet. We're running EBGP on them, though between data centers rather than to the internet.

We ran active active previously on our old (actually still in production) firewalls for this client, we were apparently the only people around silly enough to try active/active between datacenters (and it worked with some tweaking) but the new solution calls for increased redundancy and they don't mind coughing up for duplicate firewalls at each site.

We should have bought 2000s actually, with HA ports taken out we only have 6 gig ports available, we have about 20 security zones so we're running loads of sub-interfaces.

I'm not wild about only being able to manage IDP blades through NSM as you say, it's something of a pain (though it has finally got my boss to shell out for NSM, which we've needed for ages). The design on this project isn't my own so I'm having to go with it for now (if it had been me I'd have left the ISGs as firewalls and added some 6500s to do the routing and put Cisco IDP blades in those...
 
bigredshark said:
We're on the latest code (and to be fair, juniper are trying hard to help) but we haven't found a fix yet. We're running EBGP on them, though between data centers rather than to the internet.

We ran active active previously on our old (actually still in production) firewalls for this client, we were apparently the only people around silly enough to try active/active between datacenters (and it worked with some tweaking) but the new solution calls for increased redundancy and they don't mind coughing up for duplicate firewalls at each site.

We should have bought 2000s actually, with HA ports taken out we only have 6 gig ports available, we have about 20 security zones so we're running loads of sub-interfaces.

I'm not wild about only being able to manage IDP blades through NSM as you say, it's something of a pain (though it has finally got my boss to shell out for NSM, which we've needed for ages). The design on this project isn't my own so I'm having to go with it for now (if it had been me I'd have left the ISGs as firewalls and added some 6500s to do the routing and put Cisco IDP blades in those...
Click to expand...

i've just taken delivery of a pair of ssg140 advanced which we are going to use to proof of concept our new isp design. this will be the first opportunity i've had to play with the new generation kit and also screenos 6 which im quite excited about.

ha, we're in a bit of a daft situation with our isg's - we have the 2000's for the high physical port count but were not even remotely stretching them - they sit at around 2% most of the time. we ideally need to consolidate individual security zones down into shared dmz's to make the configuration and management simpler.

i'm not a huge fan of nsm to be honest. i can see it's merits if you need to template an ipsec vpn rollout for lots of spoke sites, for example, but management of a small number of firewalls, particularly clusters seems pretty horrible...it attempts to update both boxes, which in turn try and sync their configs...so one ends up winning which causes the whole system to bog down. we're running nsm in vmware though so i suppose we only have ourselves to blame! we invariably have to run several update operations to get everything back in sync. i suppose we could turn off config sync between the boxes to get around this though.

thanks for the ammunition against active/active, i would rather see individual boxes at each data centre and let the routing on the network take care of the high availability rather than go with an overly complex active/active design! another one to forward up to the senior guys!!!
 
bigredshark said:
...snip...
Click to expand...
Off topic, but how did you get into what you do? Which im asuming is enterprise level network...?

Got our delivery today of all our new kit.
Should have it all rackmounted in a few days (not a lot of time to do it. :().
I'll post a pic when its all in.:).
 
Cant really post pics but 6000+ (uk only) machines not including EMC or network kit. IBM (blades mainly), HP DL's and pretty much everything from SUN, more recently 5220's and 4600's though we are now getting heavily into virtualisation.
 
atomiser said:
i've just taken delivery of a pair of ssg140 advanced which we are going to use to proof of concept our new isp design. this will be the first opportunity i've had to play with the new generation kit and also screenos 6 which im quite excited about.

ha, we're in a bit of a daft situation with our isg's - we have the 2000's for the high physical port count but were not even remotely stretching them - they sit at around 2% most of the time. we ideally need to consolidate individual security zones down into shared dmz's to make the configuration and management simpler.

i'm not a huge fan of nsm to be honest. i can see it's merits if you need to template an ipsec vpn rollout for lots of spoke sites, for example, but management of a small number of firewalls, particularly clusters seems pretty horrible...it attempts to update both boxes, which in turn try and sync their configs...so one ends up winning which causes the whole system to bog down. we're running nsm in vmware though so i suppose we only have ourselves to blame! we invariably have to run several update operations to get everything back in sync. i suppose we could turn off config sync between the boxes to get around this though.

thanks for the ammunition against active/active, i would rather see individual boxes at each data centre and let the routing on the network take care of the high availability rather than go with an overly complex active/active design! another one to forward up to the senior guys!!!
Click to expand...

ScreenOS 6 is nice but evolutionary rather than revolutionary, I haven't come across a huge benefit for our implementations yet. Still, better than 5 and not too many bugs so worth the upgrade.
 
BoomAM said:
Off topic, but how did you get into what you do? Which im asuming is enterprise level network...?

Got our delivery today of all our new kit.
Should have it all rackmounted in a few days (not a lot of time to do it. :().
I'll post a pic when its all in.:).
Click to expand...

I fell into it by accident...my degree has nothing at all to do with IT.

Started with a small IT company doing all sorts, did a few back office support contracts in the city after that and then started working for a business ISP which has become a managed service provider. We run an ISP network but also provide 'cloud computing' for a number of companies (the kit in the picture is just an implementation for one client, I'll grab a photo of the 16 slot MPLS PE routers sometime). I got promoted a few times and now I design infrastructure, which covers everything, I tend to focus on high end networking and SAN stuff these days mostly.
 
bigredshark said:
I fell into it by accident...my degree has nothing at all to do with IT.

Started with a small IT company doing all sorts, did a few back office support contracts in the city after that and then started working for a business ISP which has become a managed service provider. We run an ISP network but also provide 'cloud computing' for a number of companies (the kit in the picture is just an implementation for one client, I'll grab a photo of the 16 slot MPLS PE routers sometime). I got promoted a few times and now I design infrastructure, which covers everything, I tend to focus on high end networking and SAN stuff these days mostly.
Click to expand...

guessing you had training along the way :D
 
tidied up one fo my switches last night, not massively neat but most cables were production so I had to work with what I had!

before
http://premium1.uploadit.org/willgill//IMG00363.jpg
after
http://premium1.uploadit.org/willgill//IMG00366.jpg

few more inception projects
Image020.jpg

Image011.jpg

this is the back of a mad super secret IBM server thats cooled by liquid nitrogen or very similar
ibm.jpg


built a small sunbox the other day and was staggered by the memory, 128gb in a 2u server, just wow, i remember selling 64mb sticks for £800 in the day!
IMG00331.jpg


my fav project im on at the moment is for an arbitrage fund and im building 80 servers (20 in 4 sep countries and then split between country sites), so each rack has 10 servers, stacked switches and trunked san connections oh and each one also has a dedicated ntp clock soldering the co-ax cables is sooooooo dull
IMG00335.jpg


soz if the piccies are too large its late/early
 
You must log in or register to reply here.
Back
Top Bottom