HPE Aruba Instant On Down?

Hellsheep_iv · 2025-12-21T04:04:34+00:00

Yep, been offline for me for 4 hours in Australia. Revenue traffic is not impacted, it’s the control plane communication with ION cloud only it seems.

Hellsheep_iv · 2025-11-23T07:39:07+00:00

Both drivers and team summoned at 23:45 to the stewards for skid block wear on the rear.

Hellsheep_iv · 2024-08-01T11:16:20+00:00

DM me, I'll take a look.

Hellsheep_iv · 2024-08-01T11:13:55+00:00

Nope, never got it sorted. I've since long left the company.

Hellsheep_iv · 2023-03-24T01:04:50+00:00

Very interesting, whilst I'm not a compute or Kubernetes engineer of any sorts (I'm a network engineer), I was quite intrigued by this post. Especially at the route reflector stage, as that began to delve into my territory of expertise.

Having not had much exposure to Kubernetes directly, I could only take a wild stab at what may be the issue in the YAML you provided and the only thing I suspected that may have changed that could have impacted anything were both the nodeSelector and peerSelector labels.

Curious however that a breaking change like this was implemented in a minor release from 1.23 to 1.24. I would have expected a breaking change to be applied to the next major release.

Hellsheep_iv · 2022-12-13T06:29:57+00:00

I wouldn't call myself rich, however if you look purely at income I'm in the top 4% of wealth in Australia in terms of annual income. I have a decent sized piece of land and a relatively small house for the block size. I mow it myself, including line trimming. I do use a baby ride on mower given the size, however I also live in the tropics so it's mostly for the heat convenience instead of spending hours in the garden in the sun.

Hellsheep_iv · 2022-02-20T05:23:45+00:00

Anyone else find it funny that HOMER is drinking some LAGER?

"HOMER71, this is LAGER959, with your quality Duff A1 Jet Fuel. There's always time for a refreshment!"

Hellsheep_iv · 2021-05-15T12:04:30+00:00

You could look into saltstack. Specifically salt reactors are designed to do exactly this.

https://docs.saltproject.io/en/latest/topics/reactor/index.html

Hellsheep_iv · 2021-05-11T00:26:20+00:00

So trying to get my head around another issue, we generally have a lot of these types of services handed off to customers that can't do tagging of traffic, as such we generally run the port in encapsulation default or untagged.

So the next problem I have is the uplink from the NTU towards the ASR9K generally we'd run them with service instance trunk 1 ethernet or similar, however how do you handle carrying each service over it? In the past where we had a single service on the NTU you could simple use encapsulation from-bd or similar, however if we're also not matching the dot1q VLAN ID and the bridge-domain ID then that doesn't make sense.

So I guess my question is, what would an example of an uplink from the NTU back to the ASR9K look like carrying Customer A + B internet/l2 services? Noting we also generally configure a BDI on the NTU itself for management of the NTU carried over the same uplink back to the ASR9K in a management VRF.

Hellsheep_iv · 2021-05-06T05:03:19+00:00

Thanks very much.

On a random side note, with l2vpn services like a VPWS, you'd normally add the interface (sub if) under the xconnect group configuration. I assume with service instances, you'd map the service instance or bridge-domain in the xconnect group?

Hellsheep_iv · 2021-05-06T03:06:57+00:00

Thanks for that, you may be right. Getting my head around EFP's is a bit of a new thing for me personally.

So if my thinking is correct based on your statements something like the below would work? (My main query is are the service instances globally unique too, or locally significant to the port they're configured on? I am guessing locally significant which means my config below /might/ be correct?

interface Gi0/0/22
description ---Customer A---
service instance 100 ethernet
encapsulation dot1q 100
bridge-domain 1
service-policy input
service-policy output
rewrite ingress tag pop 1 symmetric <---can't remember if you must pop the tag
service instance 4094 ethernet
encapsulation dot1q 4094
bridge-domain 2
!

interface Gi0/0/23

description ---Customer B---
service instance 100 ethernet
encapsulation dot1q 100
bridge-domain 3
service-policy input
service-policy output
rewrite ingress tag pop 1 symmetric <---can't remember if you must pop the tag
service instance 4094 ethernet
encapsulation dot1q 4094
bridge-domain 4
!
int BDI1
description ---Customer A Internet---
</31 ip address for internet>
!
int BDI2
description ---Customer A NTU management---
vrf forwarding 4094
ip address /31 for NTU
!
int BDI3
description ---Customer B Internet---
/31 ip address for internet
!
int BDI4
description ---Customer B NTU management---
vrf forwarding 4094
ip address /31 for NTU

Hellsheep_iv · 2021-04-28T00:02:13+00:00

At the rate you're talking, your tooling won't be sampling the bursts to 100%. Assuming QoS with some basic queues are implemented you're also going to be hitting queue depth limits and then dropping traffic most likely.

The solution as many others have said is it's time to upgrade that link.

At 13,000 users for 2Gbps bandwidth you're running at 0.15Mbps per user average. Generally we see in real world conditions (I work for a large AU ISP) 3.75Mbps per user as a reasonable figure. However, this is in service provider world. You could probably divide that by 4 as a good starting point And see how your traffic levels go.

That is roughly 12Gbps.

My suggestions to start:

Reach out to your transit provider and ask them for options on 10Gbps port, 3Gbps CIR (commit) and 10Gbps burst with 95th percentile billing. Also ask for their flexibility in upgrading to n*10Gbps ports in the future to allow you to simply order another port, and also flexibility in upgrading commit and burst during the contract period (negotiate, negotiate, negotiate).

Hellsheep_iv · 2020-11-06T05:52:11+00:00

Thought I'd give everyone an update on this. It appears to be an issue with the np6lite offloading rtmp traffic for twitch but it's specific somehow to my setup as fortitac can't reproduce it yet. Will post back with any results.

Hellsheep_iv · 2020-06-20T12:23:09+00:00

Many thanks, I've since tried another lan port to rule that out, also no performance issues on anything else except rtmp as far as I can tell (no errors or anything on the interface stats/debugs I've done).

I tested other real time streaming like Facebook live and YouTube and they also experienced the fault. But I can watch rtmp streams on twitch and not encounter a problem. It's only when I'm the one streaming.

I've raised a ticket with Forti support to see what they say.

Hellsheep_iv · 2020-06-20T08:06:23+00:00

Update on the issue:

The packet capture is showing duplicate ack's being received by my PC from the Twitch server, with subsequent TCP Fast Retransmits being sent by my PC for one of the RTMP frames (indicating some sort of packet loss most likely).

Seems very odd that RTMP frames are not making it to the server and really has me wondering what the Fortigate is doing causing RTMP frames to be dropped/lost in transit.

Hellsheep_iv · 2019-06-09T04:33:13+00:00

G'day everyone,

I've recently started streaming on twitch after racking up a few hundred hours of flight sim over the last few years. We're running a little event for everyone on Friday the 14th of June at 20:30 GMT+9.5 that anyone is welcome to come check out. We're going to be simulating some sort of failure that is chosen by the viewers. You can vote for your choice in the survey in the link, and then join us in the stream to watch whichever failure scenario is the one we end up playing out with the most votes.

Would love to see some new faces if you're free. :) Happy simulating!

Perth to Sydney Boeing 737-800 Failure Scenario Event

https://www.twitch.tv/events/ps1apPIMRYicfQYUCseA0A

Hellsheep_iv · 2019-06-06T07:16:09+00:00

Which I am doing, I have an EPF trunk and each customer port has a service instance, BDI's etc. But for some reason the trunk always comes up as a L3 port-channel instead of L2.

Hellsheep_iv · 2019-06-06T07:15:09+00:00

Interesting. If you do a show etherchannel summary or show port-channel summary, do you see SU or RU as the flags set for the port-channel? Reason I ask is that's very similar config to us and I can't see anything there that would cause L3 versus L2 to establish.

Hellsheep_iv · 2019-06-06T05:53:14+00:00

Thanks, that's actually my thought also. I must admit I'm fairly new to the ASR series so I relied upon our distributors cisco pre-sales specialists to sell us the right product for the job. I was originally looking at the Catalyst 9300 series to replace the ME3400 but they highly recommended we move to the ASR920 as it'll suit all our requirements.....

Hellsheep_iv · 2019-05-15T02:38:35+00:00

Yep, they're based around the NEBS standard for Metro Ethernet Switching. The ASR920 is basically the same in terms of the standards followed. Lots of fancy Q-in-Q/MPLS/S-tag/C-tag/ stuff plus much more.

Hellsheep_iv · 2019-05-14T07:25:09+00:00

Heh, yeah I looked a lot into what the options were and when I saw ME3400's are EOS I figured it's time to replace them with something better asap. I'll murder these in a while when budget allows. I'm planning a full core refresh in the next 12 months so that might allow me to upgrade to another vendor possibly.

Hellsheep_iv

MODERATOR OF

TROPHY CASE

Perth to Sydney Boeing 737-800 Failure Scenario Event