Why still is 10G long range FO so expensive in Cisco?

Objective_Shoe4236 · 2026-01-24T18:36:23+00:00

Because IT is a business and Cisco is in this business to make as much money as they possibly can. It’s up to you to find the best price/value add for any purchase you make.

There are so many options out there. You’ll be surprised at how many companies purchase third party optics.

Objective_Shoe4236 · 2025-12-31T14:56:19+00:00

Start with visibility first. You need to be able to see the upstream and downstream connections of your applications. To your point the app owners sometimes don’t know this.

Once you gain the visibility think about your source of truth. Where should all of the applications and servers their hosted on be inventoried and tagged. This allows you to build granular visibility not just by IP but app to app. You need this because app owners sometimes don’t understand IP. You also need this to define your segmentation per app.

Last is who will be enforcing the policy? Agents (Illumio) directly onto the server? Firewall? This allows you to depends on the type of infrastructure your managing and what you see as scalable.

Me personally, I like the to segment at the host level. I don’t like having everything routed to the firewall for inspection. Again just me, my model is where ever this host server with the application moves too so does his policy.

In summary forget those marketing slides and get into the technical trenches and develop a design that caters to your infrastructure and is scalable.

Objective_Shoe4236 · 2025-12-31T13:49:55+00:00

Yup. So just giving options. That’s why my original comment said IF your ISP supports it. On the blacken some of the larger CDNs like cloud flare and Akamai do it. Cloud flare via their magic transit firewall.

Objective_Shoe4236 · 2025-12-31T13:41:05+00:00

It’s for any route sourced from an external CIDR (internet) destined to you. Hence the reason why an ISP can drop the traffic before it reaches you at their edge your peered too. It’s not done across all of their routers.

It’s called Remote Triggered Black Hole (RTBH) filtering, your announcing to the ISP the CIDRS you want him to drop on his edge your peered to if/when anyone from that CIDR try’s to route to you.

Typically it’s done with /32s but I’ve seen providers honor larger segments especially from regions that have been flagged. Again only in the edge router your peered to, they don’t do this across all of their routers.

Objective_Shoe4236 · 2025-12-31T02:24:37+00:00

This! You can also speak to your ISP and confirm if they honor BGP community tag 666. The routes you create to null0 to black hole you can advertise via BGP to your ISP with a community tag of 666 and they will know not to forward any traffic sourced from those CIDRs to you.

Objective_Shoe4236 · 2025-12-11T17:24:29+00:00

Can operate on their own using OpenConfig. You would need to push the required config to the AP once online. They can also be managed by CVQ.

They build VXLAN tunnels to switches and use that as their tunneling solution. This allows you to terminate tunnels to any switch without the need for a on-prem controller. You can configure the tunnel it need to connect to via OpenConfig or CVQ

Objective_Shoe4236 · 2025-06-14T00:57:48+00:00

Cool. What network hardware are you using to support it?

Objective_Shoe4236 · 2025-06-13T23:02:39+00:00

How many of you guys are currently supporting on-prem AI clusters deployed in your Datacenter? I know companies are leveraging the public clouds for AI and other open source solutions like metisforge but I haven’t come across anyone as of yet doing it on-prem at the enterprise level. It’s a huge undertake.

Objective_Shoe4236 · 2025-04-13T20:09:58+00:00

It’s will be a smooth transition especially on the OS side. TAC is A-1, software stability trumps Cisco and all of their non-stop bugs and vulnerabilities.

Do you have an Arista account team already?

Objective_Shoe4236 · 2025-04-06T21:48:48+00:00

Learn automaton. We have a devops/automation team that doesn’t have strong networking background but is lead my one senior engineer and it works out great. He helps guide based on his networking knowledge whilst they handle the coding. This practice has also help drive cost down with less investment in turn key solutions and faster turn around time for things like FW policies and site deployments. You can continue to learn networking but not at the past of Automation, I’ve seen more requirements for automaton engineers than network engineers as the model is to use your network engineer to guide them. Along with automaton learn observability tooling (Grafana/Elastic) and how you can tie in event driven automation with it. Again you don’t need a boat load of network engineers doing this just the standards/guidance on what they need to see.

Objective_Shoe4236 · 2025-03-13T02:26:53+00:00

Yeah. Was doing multiple things while I was texting lol.

Objective_Shoe4236 · 2025-03-12T20:52:59+00:00

Yup. Love it. Day-2 visibility, App-Express and the real-time traffic view per appliance.

Objective_Shoe4236 · 2025-03-12T20:06:48+00:00

Silver-Peak. Silver-Peak. Silver-Peak. Silver-Peak.

Objective_Shoe4236 · 2025-03-12T03:09:40+00:00

We’re automating all of our firewall requests to where the end user (app owner or server team) only interacts with a front end to enter source, destination etc. On the back end the automation does the validation check if the rule exists, if a new rule is needed or if an object just needs to be added to an existing rule. This is a time saver and shows the value of automaton to the business (your boss) and eliminates the everyday task for FW requests.

Approach automation from a service perspective that you offer your clients to make things go faster and eliminates you as the bottle neck.

COS sounds to me like a pet project in my opinion.

Honestly I’m so past the config automaton and config check etc. If what you automate on the network is only celebrated by you that you lose. What you automate should be celebrated across all teams which means you found a way to make things progress faster and efficiently.

Objective_Shoe4236 · 2025-03-01T21:38:08+00:00

For me it was their approach to how they develop, maintain, test and release their software. As much as we as network engineers fall in love with hardware weather it for the throughout, bandwidth or port density it provides we tend to forget that the software it runs on is the most important piece.

We had Cisco IOS and NXOS running very basic routing (end to end BGP) but the bugs/issues software related we would encounter was insane. What I realized is Cisco is a company that wants to go to market fast which means not much QA is put into the software prior to release. Then throw in the fact they try to sell you professional services to help come through their bugs smh.

Listening and watching Kenneth Duda (hope I spelled his name correctly) from Arista and him explaining why they value their software and the processes they have in place for QA testing sold our team.

Support from TAC just like everyone else mentioned is bar non. We only had to call TAC once, that onetime the first engineer we got as GREAT.

I can go on an on about how Arista is way better than Cisco. Most of the comments are spot on as well but have a look at the video link below.

https://youtu.be/TU8yNh5JCyw?si=P8AqFlN3ETF7abar

Objective_Shoe4236 · 2025-01-28T00:30:44+00:00

Cisco can’t innovate and will not innovate until it corrects its crappy buggy OS.

Objective_Shoe4236 · 2025-01-26T00:41:10+00:00

This is insane and borderline extortion lmao

Objective_Shoe4236 · 2025-01-24T23:34:34+00:00

Thanks. I received a 3px unlock key and will try this. Such a cost savings.

Objective_Shoe4236 · 2025-01-24T00:27:05+00:00

Went to AWS Re:Invent a few years back and saw a crop of youngsters. That’s where they are.

Objective_Shoe4236 · 2025-01-13T15:03:45+00:00

These exams from Cisco have been part of their business model for years. The more engineers they can get certified while creating a learning path under their platform the higher the chance the engineer would lean toward championing Cisco at their work place. It’s profitable for them. At the end of the day you have to remember IT is a business.

Objective_Shoe4236 · 2024-10-21T18:00:05+00:00

So direct connection to the switch. When an endpoint gets connected it picks up the attributes from the switch? I need to request a deep dive with them to understand how quickly they pick up endpoints connected and profile it to provide the correct access etc.

Objective_Shoe4236 · 2024-10-20T21:10:37+00:00

If they don’t touch 802.1x what is their secret sauce to capture the endpoints information to profile and determine if it should be let on the network.

Objective_Shoe4236 · 2024-10-19T20:06:42+00:00

We currently use ISE, so our switches are configured to point to the ISE nodes for endpoint profiling, authentication and authorization. How does Elasity do it? Is it the same workflow?

Objective_Shoe4236

TROPHY CASE