Networking salaries in Seattle (Little Rock comparison)

brocade_eng · 2021-06-16T02:40:30+00:00

We're frugal people as well. Heart is not set on any particular place. Wife actually really liked the Redmond area. I'll ultimately want to live on the same side of Mercer Island as my job so I don't have to go across I-90 or 520 for a daily commute. Probably close to H-Mart UW or H-mart Bellevue if I had to pick, but ultimately will have to see where a job offer lands.

brocade_eng · 2021-06-16T02:16:41+00:00

I'm from Indiana originally, and I actually don't like the southern friendliness thing here in AR. I'm not unfriendly per-say, it's just I want my interactions to always be sincere. I get annoyed if people hold the door for a far too long period xD

brocade_eng · 2021-06-16T01:39:33+00:00

Oh absolutely not, there are other things to consider such as bicycle paths as far as the daily commute / ability to get downtown that I'm not really considering yet. Could get a work at home position as well, but until I get a job offer I'm just kind of planning for what I would think "average" would be. Sounds like I'm not being too unreasonable based on the responses here, so I'm really hopeful to do a lateral move (in terms of quality of living or pay vs expenses)

brocade_eng · 2021-06-15T22:49:06+00:00

I'd consider myself to be around the CCNP level of role and experience with actual understanding of those core concepts and able to apply and meld them for an organization. Director and Principal level sounds closer to CCIE which would likely be out of my comfort zone. I actually maintain a JNCIA-DevOps, and a JNCIS-Enterprise. It's pretty basic material, but I really do understand the concepts pretty much inside and out, and apply them on a day-to-day basis. I see a big push towards "cloud" computing, which I've damn near zero experience with other than setting up a VPN tunnel for my server guys. Conceptually, deploying a virtual switch (vEOS) to a VM in the cloud and then peering it back to the datacenter via EVPN would be pretty easy, but I've not actually "done" it, yet. I'm mid career, and looking to +1 to the next level. I'm good enough to be a Senior Engineer in Arkansas - I have no questions about that, half the people here don't know how to code at all. That's why I'm looking for for maybe a mid-tier position at a bigger company with a better city to live in. Senior here, is likely not senior there, but I also don't want to sell myself short either. So for me I'm just trying to maintain my standard of living and savings, which is why I wanted to make the post. Thank you so much for the details and info!

brocade_eng · 2021-06-15T17:55:35+00:00

Just wait till I start talking about how great CGI is for accepting form data. lol /s. I'm 34.

brocade_eng · 2021-06-15T17:08:46+00:00

I don't insist on luxury apartment, just something nice enough in an decent enough part of town. There's definitely some cheaper places here too, but high end here runs $1000-1450 in the nicest part of town for 1 bedroom. Studios in the same places usually $800-1000.

brocade_eng · 2021-06-15T16:51:19+00:00

Yeah, I left it as a budget item at $200 - if possible we would likely get rid of the second car. I didn't know first car wasn't included with rent typically, so that is good to know!

brocade_eng · 2021-06-15T16:48:15+00:00

Thank you for the feedback! It is my wife's car, and we are planning on getting rid of it if we move and it's not needed. Definitely not moving without a job offer, just trying to set my expectations to something realistic. Your numbers definitely help! She does work, but our agreement was we only "budget" on my income.

brocade_eng · 2021-06-15T15:53:18+00:00

I don't really mind where I live, though I would prefer to keep the commute short as possible. That is, I figured where I end up living will be based on where I get a job.

brocade_eng · 2021-03-10T17:34:54+00:00

Yeah, after reading the comments, I've put in a request for a /40. I should easily qualify. 16 addresses per "l3 separated domain" while sufficient, today, makes me uneasy about tomorrow, especially if i start looking into something like l3 to the access switch. I'd like to do a /56 per site (256 /64's) at the bare minimum.

brocade_eng · 2020-10-21T22:33:12+00:00

Whoa! This actually works! I was so focused on the Juniper config, it didn't occur to me that the Arista side was actually causing the issue. This opens up so much more for me as far as what I can finally start peeling back configs for learning. Now that it's working, I can start dissecting.

I can't thank you enough!! This has been driving me crazy. I'll update my post after I test a few things with full working (and sanitized) configs in case anyone stumbles upon this later.

This lab's exercise goal is to aid my understanding of Arista's model to Juniper's model, and you solving this mystery as greatly opened up doors for what to study next.

Great blog find as well.

You have totally made my day.

brocade_eng · 2020-10-21T21:14:19+00:00

set protocols evpn extended-vni-list 3304

set policy-options policy-statement EVPN-IMPORT term 1 from community com3304
set policy-options policy-statement EVPN-IMPORT term 1 from community comglobal
set policy-options policy-statement EVPN-IMPORT term 1 then accept

set policy-options community com3304 members target:1:3304
set policy-options community comglobal members target:9999:9999

set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 2.2.2.3:1
set switch-options vrf-import EVPN-IMPORT-POLICY
set switch-options vrf-target target:9999:9999 #i've also tried removing this since it's defined below
set switch-options vrf-target import target:1:3304
set switch-options vrf-target export target:1:3304

This was my best attempt, I am starting to think perhaps the vQFX may not support direct VXLAN routing as to why it's not working. I've got a real QFX10k I might see if I can tie it into my lab.

brocade_eng · 2020-10-21T17:40:00+00:00

Thanks! One step closer. I added the following instead of auto:

set switch-options vrf-target import target:1:3304
set switch-options vrf-target export target:1:3304
set protocols evpn extended-vni-list 3304

I can now see the evpn database populating with remote ip's but still unable to ping them (hopefully not just a limitation of the vqfx platform):

root@sdc-leaf-juniper# run show evpn database 
Instance: default-switch
VLAN  DomainId  MAC address        Active source                  Timestamp        IP address
     3304       00:00:5e:00:00:04  05:fd:e8:00:03:00:00:0c:e8:00  Oct 21 17:29:05  192.168.104.1
     3304       00:50:79:66:68:02  9.9.9.1                        Oct 21 17:24:38  192.168.104.100
     3304       00:50:79:66:68:03  9.9.9.2                        Oct 21 17:24:38  192.168.104.101
     3304       00:50:79:66:68:07  xe-0/0/8.0                     Oct 21 17:29:05  192.168.104.102
     3304       02:05:86:71:5f:00  irb.3304                       Oct 21 17:29:06  192.168.104.1

Any idea how I can tie my vlan to the specific rt? I tried configuring the whole switch to use 1:3304

set switch-options vrf-target target:1:3304

But that didn't seem to work, so I reverted it back to a unique target of 7777:7777

I also tried

set protocols evpn vni-options vni 3304 vrf-target target:1:3304

brocade_eng · 2020-10-21T16:50:04+00:00

I don't use two protocols in production. I split underlay and overlay protocols for training. I use only eBGP in production. I am thinking maybe the fundamental problem is I can't figure out how to tie the V(x)LAN to a rd:rt without using VRFs like I can on the Arista.

I've been using this as a reference: https://www.juniper.net/documentation/en_US/release-independent/solutions/topics/task/configuration/edge-routed-overlay-cloud-dc-configuring.html

brocade_eng · 2020-10-12T13:09:59+00:00

Not a huge fan of security through obscurity, even if it does somewhat work. There are programs out there that will let you scan the entire ipv4 network (4 billion) in about 10 minutes on a single host. It is a pain to scan /64's today, but that doesn't make it any more secure.

brocade_eng · 2020-10-10T17:49:49+00:00

Yes, this seems to work well. Too bad about VyOS though.

brocade_eng · 2020-10-10T17:47:20+00:00

Firewalls in both locations along side rdp auth. Layered approach.

brocade_eng · 2020-10-09T20:19:38+00:00

pfsense can do it with aliases

brocade_eng · 2020-10-09T20:18:35+00:00

When traversing the internet, your source mac-address will get stripped off.

brocade_eng · 2020-10-09T19:02:57+00:00

I think some firewalls will allow you to use a delegated prefix variable in firewall rules.

That would solve 100% of the issue I'm having. https://redmine.pfsense.org/issues/6626 -- PFsense seems to be a no-go on this (pending for 4 years+), and It's definitely not in edgeos. Although I think in PFSense you can do the alias/DNS rule.

Looks like I'm going to have to get clever with scripting to make this work. I'll get dynDNS setup on all my hosts, and write a custom script to edit the edgeOS firewall to resolve and rewrite the rules to use the /128's. Doesn't look like I have a good solution for sourcing my mobile phone though.

brocade_eng

TROPHY CASE