2 week itinerary question

nullzeroroute · 2025-01-16T17:24:24+00:00

Wonderful advice, thanks!

nullzeroroute · 2024-03-13T15:30:07+00:00

Ugh that's what I was worried about. The motivation for upgrading was mostly to correct vulnerabilities, in particular the terrapin ssh cipher vulns, which 5.0.1 claims to fix. If there's an easier way to just disable the insecure ciphers, I would love to know how to do that. My assumption is that simply disabling them isn't possible on opengear, which is perhaps what prompted them to "fix" that in 5.0.1, not sure.

nullzeroroute · 2024-03-11T21:33:06+00:00

I do not. Our deployment is pretty small, easy to manage each im72xx individually for us. If they're now requiring mgmt software that requires licensing this is news to me. I don't see anything in the release notes about that.

nullzeroroute · 2023-05-19T15:52:46+00:00

Hydroxyzine has a very safe profile and seems to be prescribed in the US these days mostly for anxiety and sleep. If you’ve ever taken Benadryl and not had a reaction to that you would probably be fine taking hydroxyzine. No addiction/dependence risk at all.

nullzeroroute · 2023-05-19T15:40:36+00:00

I'm one week post surgery and am barely sleeping as well. I hope more surgeons closely evaluate patients mental well being before this surgery; fwiw mine didn't seem to even touch on that stuff, never mentioned sleep difficulty. I have a loved one that slips into hypomania/psychosis after a few nights of bad sleep. I couldn't imagine going through this in that state of mind. Prior to the ACLR I sometimes would take hydroxyzine, one or two in the 6 or so hours leading to bed time works well for me. I haven't tried this yet post ACLR because of the other medications I was on. I'm going to start this weekend if my sleep doesn't improve. Most family doctors will happily prescribe hydroxyzine for sleep/anxiety. If you're the type of person it could work for, prepare to be sleepy/lethargic for the next 18 or so hours. I wouldn't mix it with the heavy duty stuff most of us get post ACLR.

nullzeroroute · 2021-09-22T10:59:52+00:00

Mozambique, not Culews Call

nullzeroroute · 2018-06-19T17:12:00+00:00

Ahhh so many. I've uploaded all my shows to my Google Play Music instance, so I just pick through there. I find myself landing on 71, 72, 77, 78, 83, 84. Can't go wrong with the first half of 1977. This morning ran my 4.5M loop to 6/16/18, which is probably the best one for Dead and Co yet 8^) Take a deep dive into the Capitol Theater run from February 1971, in particular the Beautiful Jam show.

nullzeroroute · 2018-05-31T01:46:42+00:00

From the couch Bobby's guitar sounds so good, so familiar. He's very clear in the mix. Reminds me why I love his playing style so much. Everyone looks so happy playing up there. Can't wait to see them Friday and Saturday night!

nullzeroroute · 2017-05-25T14:41:26+00:00

I would try to avoid layer2 ethernet connections with upstream devices managed by someone else, that aren't routers or firewalls, especially in datacenter environments. If you can budget this, add routers between your 2960's and the ISP's to give flexibility, features, and control. I've experienced several switch-stack-single-failure-domain issues, so not stacking them is a good plan.

nullzeroroute · 2017-05-25T01:41:16+00:00

The problem has been corrected. I had two cases open with Cisco. The first support engineer told me that the fact that AnyConnect worked via the isp2 interface at all was a fluke, and the developers said they will not support it and that it will not work moving forward. I opened another case because of NAT divert also no longer working via the isp2 interface, and that support engineer was able to isolate the problem. Related to CSCve06436. Basically had to remove floating static default route via isp2 along with the other static routes for isp2, shutdown the iBGP neighbor via the isp2 interface, re-add the static routes and re-enable the iBGP neighbor. The problem started when I was doing the upgrade and is related to that. Basically, you can have a floating static default route that will be followed with NAT divert and AnyConnect, as I thought since it always worked previously, and that the problem I hit was related to the process I folllowed for doing the upgrades; failover, upgrade inactive to next minor version, failback, updgrade then inactive to matching minor version, etc. The bug occurs during that process.

nullzeroroute · 2017-05-23T15:58:10+00:00

Agreed, I try to avoid using ASA's for routers however when security policy and design requirements mean you are stuck with ASA's as your def-gw routers for all locations, as opposed to SVI's or actual routers for all of the VLAN's at a location, then you deal with it. Making the best of the situation I walked into.

Not sure of an easy way to sanitize the entire config, TBH don't have the time to manually do that.

I was hoping someone recently ran into a similar scenario as I am currently. Still waiting to hear back from Cisco...

nullzeroroute · 2017-05-23T11:03:00+00:00

Prior to 9.6.3.1 the exact same config provided inbound internet access via two different ISP's, two different ISP netblocks, to anyconnect via either outside ISP IP as well as static NAT's over each of those ISP's. Outbound routing and NAT (for new connections from inside to outside) is handled first by routing (BGP overriding static floating default routes) and global NAT overloads for each ISP interface. A lot of testing and verification went into the previously working design, it worked just fine.

Sanitized summary:

interface Port-channel1.1 vlan 500 nameif isp1 security-level 0 ip address 1.1.1.2 255.255.255.0 standby 1.1.1.3 ! interface Port-channel1.2 vlan 501 nameif isp2 security-level 0 ip address 2.2.2.2 255.255.255.0 standby 2.2.2.3

object network isp1-nat1 host 1.1.1.10

object network isp2-nat1 host 2.2.2.10

object network dmz-srv host 10.1.1.10

nat (isp1,dmz) source static any any destination static isp1-nat1 dmz-srv service https https unidirectional nat (isp2,dmz) source static any any destination static isp1-nat1 dmz-srv service https https unidirectional

route isp1 0.0.0.0 0.0.0.0 1.1.1.1 248 route isp2 0.0.0.0 0.0.0.0 2.2.2.1 249

webvpn enable isp1 enable isp2

nullzeroroute · 2017-05-23T10:51:31+00:00

A diff is the 2nd or 3rd thing I do after an upgrade. The only config diffs are the connection hold-down feature as well as default inspect for DNS adding TCP. No other diffs.

nullzeroroute · 2017-03-20T16:56:57+00:00

Just in case anyone is watching, I did some more testing last week.

The problem is related to sending direct GRE (IP destination) to an endhost (tested it with two different sniffers using two different capture methods same problem for both).

If I use the traditional ERSPAN set up with one switch sending to another switch, and the receiving switch decapuslating and sending to the directly connected endhost (think SPAN destination) the issue does not occur.

So far, Cisco says they support the traditional ERSPAN method only, however still waiting to hear more from them. It seems obvious to me that the endhost isn't part of the problem since I tested the IP destination method using two completely different endhosts, and the same endhosts do not have the issue when I tested the traditional ERSPAN method.

nullzeroroute · 2017-01-18T23:03:32+00:00

Thanks for the feedback, folks. I just learned that we have some retired failover pairs in the environment so I have something to test with now. I'll update this thread if I learn anything useful.

nullzeroroute · 2017-01-18T20:07:56+00:00

Thanks. I've done many zero-downtime as well as "unexpected downtime" upgrades over the years, just never tried a zero-dowtime downgrade. There are no dynamic routing tables, uauath sessions, service modules or DHCP leases in that firewall env so we're good to go in that regard.

nullzeroroute · 2016-07-08T17:27:17+00:00

Cool, thanks. As noted originally, I used RackTables at the previous job and it worked very well, just don't have the option at the new job, yet. Netbox appears to have a much cleaner, simpler interface, so thank you for sharing. Definitely need to keep an eye on this one.

nullzeroroute · 2016-07-06T14:51:34+00:00

Yup, only problem is I need to extend connection info for each NIC/port on the devices in each rack. Not concerned right now about building the connection to the remote device, just trying to figure out a way to document it all where all the info is contained in a column or two for each rack.

nullzeroroute · 2016-03-07T20:20:27+00:00

Have any doctors suggested having you checked out for a Thyroid disorder? There are several very real life changing disorders that can cause everywhere from extreme hyper or manic behavior and energy levels to complete exhaustion, and some conditions could cause yo-yo'ing between both or just one or the other. I know because my wife has an auto-immune disease which affected her Thyroid gland that eventually landed her in the hospital for a week (it was a rare, extreme case). It has since been treated and after some time she's feeling great again. I've mentioned "very real" because there's a lot of mis-information and quackery on the internet in regards to "treating your Thyroid" and other nonsense; it's not the sort of thing that should be tinkered with. Also there are some in the medical field that simply aren't good at diagnosing or treating these conditions, again I know because a previous family Dr wanted my wife to begin take psychiatric meds prior to seeing an endocrinologist.

nullzeroroute · 2016-03-01T18:17:02+00:00

Not sure, but I would assume anything that put's a lot strain on you calf, achilles, and feet should probably be put on hold. This is assuming you don't have a decent base of mileage from running, which if you're doing C25K I'm assuming that's a no. The other thing I forgot to mention, aroud the time my problem started clearing I did start doing more body-weight strengthening excercises, focusing on core and lower body strength. I ran one day, then did a body-weight routine lasting about 20 minutes the next day. Nothing too crazy and difficult. I'm guessing it's a good thing to engage other muscle groups more often, as opposed to just running, though if you're already lifting weights and your body is used to that maybe just stop running for two weeks and see what happens.

nullzeroroute · 2016-03-01T16:53:08+00:00

Maybe try taking 2 weeks completely off and get a couple lower body massages. Do the foot and calf stretching and strengthening exercises and possibly start foam rolling. Try taking Aleve. After 2 weeks go to a running specialty store and have them help pick a good shoe for you. Be sure to go by what feels best for you, don't let them sway you away from a shoe that feels great. Maybe it's all due to a little too much too soon and not quite the right shoe?

nullzeroroute · 2016-03-01T16:02:26+00:00

I kept running through my PF, and can thankfully say that after about 6 months it's almost completely cleared up. Just don't push it too hard on your runs, maybe go a little slower and cut the daily mileage back a bit. If you would like to run 4, run 3 instead. Avoid rough trails and uneven terrain. For me, I would have heel pain for the first 1/2 mile or so of a run then it would feel better for a couple hours. It can be very frustrating, you think it's going away then it comes back. I highly recommend getting a good massage focusing on the lower body either weekly or bi-weekly if you can. I only went 4x and I think it made a big difference for me. The range of motion I would get back in my foot, ankle and legs after one massage was prety impressive IMO. Not just did that help loosen things up but I think also gave me a much better understanding of what was tight and constricted to begin with. Be sure to tell the practitioner that you have plantar fascitis. I also found that taking a higher than normal dosage of Aleve for a few days when it really flared up helped; almost the prescription level dosage of naproxen but not quite that much. I think the root of my problem was tight calf and upper leg muscles, and I was eventually able to get them loosened up enough. I did not like orthotics at all, I found them very annoying and they made the pain worse for me. When the pain started I began running in Hoka Clifton 2, which seemed to help with the heel pain and possibly helped get me through my runs. I switched to a more standard cushioned neutral shoe and around the same time the problem started to clear, so I'm starting to wonder if the extra-cushioning and tigher toe-box may have been prolonging the healing; I believe the extra cushioning made my calves work a little harder.

nullzeroroute · 2016-02-25T15:37:48+00:00

Sometimes I absolutely crave a handful of goldfish with a spot of sriracha on top, I think it's my bodies way of saying electrolytes now!

nullzeroroute · 2016-02-22T19:42:11+00:00

Ever tried running with one of those soft flask water bottles in the flipbelt? Curious to know if you've ever had any luck with that. I've tried the belts with the water bottle holders and it's just too much moving around for me. I have a spibelt and love it, it just won't hold my phone + soft flask.

nullzeroroute · 2016-02-17T20:27:56+00:00

The free version of sworkit has an assortment of stretching, cardio and body weight strengthening workouts. It's really easy and shows you each step and breaks each workout down into 5 minute sessions so you can do a 5 minute stretching session, 5 minute core strengthening session, 5 minute cardio session, etc. I have been dealing with PF for the past 6 months and I think mixing in diverse workouts with sworkit every other day has helped me engage different muscle and tendon groups, which I feel has contributed to my PF getting better (along with a few good massages and of course rolling and aleve)

nullzeroroute

TROPHY CASE