Imagine the scene...I'm moving in with the Peachy goddess (in whose presence all things are possible), and she's eyeing up the armful of teal boxes that are heading towards the office....
I know I should have done it while she was out... the washing up needed doing anyway... ;)
When I started on this journey of discovery around all things Netflow I decided that looking at real traffic was the only way to get a good perspective on what you might expect in a network (you don't know until you look!)
So having a router at home seemed the logical answer...a few clicks later there's a couple of Cisco 881 routers on the way!
Then the decision is where to put it...I've been both ways on this...infront of the work virtual office router (so it sees the encrypted traffic going back to Corporate, and the TVs, smarthub stuff, etc.) or behind/alongside the CVO router (with my own lab of stuff behind it).
At the moment, I'm going with the C881 in parallel to the CVO and TVs etc. but with the other lab stuff behind it...
So what's in the lab side of the network?
Well early on I decided to make it office/home friendly I wouldn't go for anything noisy or dragging too much power...
Enter the Gigabyte BRIX range of cube sized, low power, SSD friendly PCs...think Intel NUC but just a beefier box...virtually no fan noise and powerful enough to run Fedora 20 for the PMACCT netflow collector and Splunk, and another one for the Windows Server with LiveAction's LiveNX 8.3.1 running in HyperV)
From time to time there's a ISR 4321 router, a Meraki wireless AP (for client app testing from various platforms), a couple of Raspberry Pi's for fun and a smartTV...
UNTIL recently...
Again the Peachy goddess is all seeing so the large box containing a Cisco DNAC, SG250X switch and wireless sensor didn't slip through the net! Probably gonna be a Fabric in a Box Cat 9300 at some point just to make it toasty/noisy from time to time in the office too!
At a minimum, I'd say put a small router infront of most of your home traffic...it's very insightful...I always put NAT and ZBFW on the router to ensure some level of security (never got around to configuring the ASA525...) but a cautionary note recently was around router throughput...it's an obvious thing but when we got our place we slogged through with an AT&T DSL connection for months!!!! I call them the years in the wasteland!...Then along came my Spectrum Business connection...a blistering 400Mbps down and 25Mbps up...of course the ISR4321 can't cope with that topping out at 50Mbps (or 100Mbps with the performance license running)...for the moment the C881 sitting on the side with just the lab behind it is enough and sees enough traffic to gain insights! I'll talk more about collectors and what to do about the traffic at a later date...that's where the real journey begins...
Back to the lab...Earplugs anyone?
Beards out ? ; {)
Subscribe to:
Post Comments (Atom)
-
So in a previous post we talked about getting App Visibility data out of switches using our standard AVC/FNF config templates... But thing...
-
The life of a nettie has sure changed in the last 20+ years... Especially in the last 5 or so years! And especially for me.... And these...
-
In the last blog we scratched the surface of what can be done through APIs with Cisco's DNA Center... Now let's turn our attention...
No comments:
Post a Comment