Justin Shore jus...@justinshore.com writes:
While my installs may not be perfect, they are far better than
average. I don't need someone second-guessing my work with a tool like
RAT.
Agreed. But (IIRC) you can write your own rules for RAT. Combine this
with rancid and you have a great way
Does anyone know if you can use or even would want to use a GSS appliance
without an ACE Module or Appliance? I like the idea of having data center
redundancy/global site selection, however I'm not so sure the load
balancing features of the ACE appliance are yet a requirement for a
particular
Nick,
The primary benefit to these things, AFAIK, is the ACE integration for load
balancing. I'm pretty sure there are other options (mostly software)
available to do the same DNS load balancing without ACE's, but - ACE's are
a great way to add redundancy to a site, and GSS+ACE can handle load
So say I had 2 datacenter locations geographically disperse and I'm not
running BGP. I have similar web and smtp servers at each locations. I'm not
so much concerned that traffic gets load balanced to a cluster of servers
when traffic enters a particular data center (which is an ACE application),
We're interested in the same sort of question.
In our case, we have server groups who already handle local load
balancing internally within their clusters. My group, the network
team, wants to provide load balancing and automatic failover of
traffic between our two campus data centers but we
Right, my question was does it require ACE appliance or modules to work? I
have the need for Global Site Selection, however I don't I need the
application level load balancing at this point that is offered by the ACE.
Also, are there any ties to particular vendor DNS servers, ie CNR?
Gracias,
On Apr 22, 2009, at 10:50 PM, Eric Gauthier wrote:
We're interested in the same sort of question.
You can play all kinds of DNS games with GSS based upon load (via
probes), perceived topological distance, up/down status, et. al. It
has some DNS DoS self-defense mechanisms built in,
You can use the GSS without an ACE (or CSS, or IOS-SLB...). You'll be
limited to the basic keepalive checks (icmp ping, http head, etc.) to
detect site availability; you won't be able to make load-based
decisions, for example, but it will otherwise work fine. I just use the
http head check
On Apr 22, 2009, at 11:10 PM, Nick Griffin wrote:
Right, my question was does it require ACE appliance or modules to
work?
No, can work independently, no problem.
Also, are there any ties to particular vendor DNS servers, ie CNR?
It can hook into CNR, and is also its own DNS server
Great, thanks to all. So am I to assume if I have X Data Centers, I need 1xX
GSS's for redundancy? In other words if I had 2 sites and one GSS and the
GSS is at the site that lost internet connectivity, its not going to do me
much good.
TIA
On Wed, Apr 22, 2009 at 10:21 AM, Roland Dobbins
I can't say I've ever done this but the GSS does have the ability to probe
other devices/brands via SNMP. Also, there is good scripting capability.
So, my initial answer is yes.
Keep in mind, GSS isn't a real DNS server. It's more of a DNS proxy...
tv
- Original Message -
From:
Saying that the GSS is it's own DNS server isn't quite right - while it
performs DNS resolution for configured host records (based on rules), I
don't believe that it can recurse on behalf of a client, nor can it
actually perform AXFRs, as far as I am aware. In other words, it does some
DNS-related
On Apr 22, 2009, at 11:33 PM, Nick Griffin wrote:
Great, thanks to all. So am I to assume if I have X Data Centers, I
need 1xX
GSS's for redundancy?
I'd put a cluster of 2 at each IDC, something like that.
---
Roland
On Apr 22, 2009, at 11:39 PM, robbie.ja...@regions.com wrote:
. In other words, it does some
DNS-related functions exceptionally well (rules, monitoring, etc) it
does
not do others at all.
You're right - I should've said, . . . task-specific, limited-subset
DNS server.
Good catch!
;
On Apr 22, 2009, at 11:34 PM, Tony Varriale wrote:
I can't say I've ever done this but the GSS does have the ability to
probe other devices/brands via SNMP. Also, there is good scripting
capability.
Yes on both counts.
It's actually a neat little box. Not many folks seem to know about
You can always do F5 GTM if you need a full fledged DNS server (runs
BIND I think).
Vijay Ramcharan
-Original Message-
From: cisco-nsp-boun...@puck.nether.net
[mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Roland Dobbins
Sent: April 22, 2009 12:02
To: Cisco-nsp
Subject:
Agreed. The learning curve on it is roughly equivalent to SVR4, but once
you've gotten the basics down, it's a remarkably awesome device.
--
robbie
Roland Dobbins
or purchase the appropriate CNR licensing for the GSS and install it. the
basic box license just isn't really a full fledged DNS server, but can have
CNR and/or the cisco guard anti-DDoS functionality installed on it.
--
robbie
We recently supplied (4) ACE20-MOD-K9 to a customer overseas for $17k/ea.
These units were previously owned spares, unused, box opened to inspect
contents. All units were complete with sealed software package and EULA
paperwork. The customer had a problem with recognition of the card in 6509
On Wed, Apr 22, 2009 at 5:27 AM, Justin Shore jus...@justinshore.com wrote:
on all interfaces including con0. I have TACACS+ set up with local auth as
the backup (and only one user account on the devices which I've gone to
great lengths to protect). Aux is explicitly disabled. He just
Anyone from this forum replaced (I'm sure) or fork-lifted an upgrade to
something greater than the suggested upgrade path for a Catalyst 4006??
Responses welcomed.
Jay Murphy
IP Network Specialist
NM State Government
IT Services Division
PSB - IP Network Operations
Santa Fé, New México
Hi Team,
I am prospecting a short contract from a client (an ISP) who wants to
redesign their internal and edge networks.
Among other things, their requirement is for their HSRP or GLBP routers to
automatically synchronize their running configurations.
So that when configurations changes are
What are the requirements?
Quite honestly, I'm trying to forget anything 400x :)
tv
- Original Message -
From: Murphy, Jay, DOH jay.mur...@state.nm.us
To: cisco-nsp@puck.nether.net
Sent: Wednesday, April 22, 2009 4:13 PM
Subject: [c-nsp] Replacement for a Catalyst 4006?
Anyone from
Not sure if this is a question or a statement...but...
I would look to run high SXF (12?) or SXH1. Note, some folks are having
issues with SXH so it really depends on their load out and features.
As for VSS, you shouldn't really be running SXH VSS. SXI or higher only
please. :)
tv
-
Yeah, good boxes. A lot of the functionality was already in the CSSes but
stripped in the ACE. :)
I've only done them with ACE and just a couple. That market is dominated by
someone else. :)
tv
- Original Message -
From: Roland Dobbins rdobb...@cisco.com
To: Cisco-nsp
Doesn't really exist AFAIK. You would have to script something maybe
through EEM and/or management.
Note the CSSes have this but it's just a canned script. :)
tv
- Original Message -
From: Felix Nkansah felixnkan...@gmail.com
To: cisco-nsp@puck.nether.net
Sent: Wednesday, April 22,
Sync between each other? Yeah, you will have to look at something external,
something that would have write perms (like through SNMP or AAA). Maybe a
tacacs+ system can do this? I know there are products/scripts that can tftp
off / snmp read the config and store them off. There maybe a push
Graham Wooden wrote:
Sync between each other? Yeah, you will have to look at something external,
something that would have write perms (like through SNMP or AAA). Maybe a
tacacs+ system can do this? I know there are products/scripts that can tftp
off / snmp read the config and store them off.
On 4/22/09 10:39 AM, robbie.ja...@regions.com robbie.ja...@regions.com
wrote:
Saying that the GSS is it's own DNS server isn't quite right
Not true. GSS can also operate entirely as a full blown DNS server.
Using software versions 2.0 through 3.0(x), GSS product capabilities have
been
Felix Nkansah wrote on 2009-04-23:
Among other things, their requirement is for their HSRP or GLBP routers
to automatically synchronize their running configurations.
You could avoid the problem entirely, but still meet the objective by using VSS?
Rgds,
- I.
--
Ian Henderson, CCIE #14721
At 12:00 AM 23-04-09 +0800, Roland Dobbins wrote:
On Apr 22, 2009, at 11:33 PM, Nick Griffin wrote:
Great, thanks to all. So am I to assume if I have X Data Centers, I
need 1xX
GSS's for redundancy?
I'd put a cluster of 2 at each IDC, something like that.
Why 2 at each IDC? Since each
At 09:45 AM 22-04-09 -0500, Nick Griffin wrote:
So say I had 2 datacenter locations geographically disperse and I'm not
running BGP. I have similar web and smtp servers at each locations. I'm not
so much concerned that traffic gets load balanced to a cluster of servers
when traffic enters a
On Apr 23, 2009, at 12:26 PM, Hank Nussbacher wrote:
Why 2 at each IDC? Since each box acts as a backup for the other,
if IDC #1 goes down - then the GSS at IDC #2 takes over.
Because if IDC #1 goes offline entirely, your DNS for whatever
services you're running are now hanging by a
On 23/04/2009 1:07 PM, Ian Henderson wrote:
Felix Nkansah wrote on 2009-04-23:
Among other things, their requirement is for their HSRP or GLBP routers
to automatically synchronize their running configurations.
You could avoid the problem entirely, but still meet the objective by using VSS?
34 matches
Mail list logo
