Current State V1 - Campus Network Engineering Meeting Notes 2025 10 06

Attendees: Dennis, Bill, John, Mark Karls, Scott, Jeff Robertson, Greg, David, Jeremy, Eric, James, Kalai, Sam, Tom Christie and Josh Patch.

New Items

Discuss the push back we are getting from DDC about right sizing the BAN-BAS subnet at a new Athletics building (Kalai).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

06OCT25: We discussed the push back from DDC about right sizing the BAN-BAS subnet at a new Athletics building. The end point devices are expected at some point to be swapped out from serial based to IP based connectivity which will require a lot more IPs. Consensus is to have the builder tool require a /24 for BAN-BAS and BAN-DOORS. Refer to [Link for document 5981 is unavailable at this time] Kalai will co-ordinate with Mark Karls.

Standing Items

CCI - campus computing infrastructure (Nick).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

06OCT25: Nick, Chris and Terry not able to attend.

New Network Application Tool Requests (Everyone).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

06OCT25: Tom Christie brought up the ticket created by David for the radial builder needing work.

Discuss static vpn IP assignment cleanup including ACLs (Everyone).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

11AUG25: Dennis did not have a chance to follow up with Jeff Savoy. Dennis will follow up with Jeff Savoy to get a reply. Review in 2 months.

Previous Meeting Notes

27JAN25: We discussed the static vpn IP assignment cleanup including ACLs and/or firewalls. The example that brought this up was Bruce LaBuda’s static IP that should be cleaned up because the ACL counter for Bruce is increasing, and he is retired. We need help identifying who belongs to the IP’s. SEO has the list per Mark Tinberg for SEO managed. Who has a view into access.services.wisc.edu to assist with figuring out what can be cleaned up. We discussed having this added to off boarding personnel. We discussed “Last Used” with date of 1/1/1900 and N/A meaning never logged in or imported from old system so they could be cleaned up. Mark Tinberg believes that SEO is removing static IP’s after a year of not being used. We discussed that we need an audit that will find IP’s that need to be cleaned up. Scott let us know that we need to have a conversation with WAMS to let them know what we need. Ask WAMS for a report so cleanup can be done. Scott said a user can delete themselves and then no clean up would happen due to not knowing they deleted their entry. We would have to see a release report so clean up can be done. We discussed removing static vpn as a service and instead use jump boxes or another method. We discussed taking this to upper management to get input. Dennis is going to add this to the NAG agenda to inform members. Dennis will take this to upper management. Mark Tinberg is sending an email to WAMS. Eric put a spreadsheet (VPNStaticIPAdress) in the chat so we can get counts. Review on 10FEB25.
10FEB25: We discussed the last login information to verify if it is working. Dennis brought this to the NAG meeting and some discussion. Dennis will add it as a line item for next NAG meeting. We discussed coming up with a script to help server admins cleanup their IP tables. Josh said he could reach out to SE to give them a heads up that this is coming since they will have a lot of this cleanup to do. Nick will ask Terry to see what he has been doing with IP table information. Dennis brought this to Pat to start the conversation. Next steps are to ask SE and come up with a sample script to clean up IP’s in the notification that is sent when the static IP is requested to be cleaned up. We discussed sending the entire list of what needs to be cleaned up to all admins in WiscNIC. We discussed creating a tool to upload IP tables to check against the list of IP’s that need to be cleaned up. We discussed taking this to Jeff Savoy to let him know what is happening. Dennis said he would take this forward to Jeff Savoy/Cybersecurity. We discussed asking SE about how to meaningfully get this out to campus and get information about what needs to be cleaned up on servers (Linux, Windows…). Dennis will take this to Pat and ask Pat to take it to Jeff Savoy. Review in 2 weeks.
24FEB25: Dennis mentioned this to Pat and does not know if Pat took this to Jeff Savoy. Review in 2 weeks.
10MAR25: Dennis will follow up with Jeff Savoy to get a reply. Review in a month.
14APR25: Dennis did not have a chance to follow up with Jeff Savoy. Dennis will follow up with Jeff Savoy to get a reply. Review in a month.
02JUN25: Dennis did not have a chance to follow up with Jeff Savoy. Dennis will follow up with Jeff Savoy to get a reply. Review in 2 months.

Ports randomly going offline and don't comeback - causing network instability in 3 locations - UBay800/HCWhite/MSB (Cisco 3650 stack) (Kalai).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

08SEP25: Dennis did not have a chance to work on this. Review in 2 months.

Previous Meeting Notes

09OCT23: We discussed what happened at ubay800 and that the in the end the solution was to replace the copper patch cable for ubay800. James will and this to the KB after the definitive solution for HCWhite and MSB are determined. We don’t provide the station cable (cable going from data jack to end device) so the LAN admins buy them. The ability to run the tdr test is an option in our Looking Glass tool that LAN admins can use. We could share our preferred cable manufacturer and share that with LAN admins. Dennis said we could add the preferred cables to Shop UW(https://shopuwplus.wisc.edu/) too make it easier for LAN admins. Dennis will bring this up in the next NAG meeting. Scott did the tdr test and changed the 1Gig speed to 100Meg(uses less strands in the cable) which was a work around until the good patch cable is installed for ubay800. This will be brought up in the NS manager meeting by Bill/Dennis. There will be a recommendation sent to LAN admins. Leaving on agenda. Review after next NAG meeting which is in November. Review on 20NOV23.
18DEC23: Dennis brought getting the correct patch cables up at the NAG meeting and is going to get this into the catalog at Shop UW. Communication will go out to all LAN admins after the correct cables are put into Shop UW. This will include station cables as well as patch cables. Review in a month.
22JAN24: Dennis is working with DoIT Communications. Review in a month.
04MAR24: Dennis is working with DoIT Communications. Review in a month.
15APR24: Dennis is working with DoIT Communications. Review in a month.
10JUN24: Dennis is working with DoIT Communications. Review in a month.
26AUG24: Dennis and John went over the details. Dennis is going to try to get the parts into ShopUW+. Ron is currently ordering these cables through Anixter since they have not been added to ShopUW+. Dennis will work on getting them added to ShopUW+. Review in a month.
30SEP24: Dennis did not have a chance to work on this. Review in a month.
28OCT24: Dennis did not have a chance to work on this. Review in a month.
02DEC24: Dennis did not have a chance to work on this. Review in 2 months.
03FEB25: Dennis did not have a chance to work on this. Review in 2 months.
05MAY25: Dennis did not have a chance to work on this. Review in 2 months.
07JUL25: Dennis did not have a chance to work on this. Review in 2 months.

Getting rid of the 2511RJ and 2511 Cisco terminal servers (Everyone).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

29SEP25: We discussed who has a term server at their desk so it can be added to the list for ordering an Opengear replacement:

Jeff: 8 port model
John : 8 port model
Eric : 8 port model
Greg : 8 port model
Jeremy: ask Jeremy
OpenEng: Just one for communal use. 8 port model

Consensus is to get the 96 port model for the Techlab one in each row. Review in a month.

Previous Meeting Notes

14JUN21: We discussed getting rid of the 2511RJ and 2511 term servers. The reason is that we have no 2511's left to replace the hotspares. Consensus is to install our newest model of terminal server at csc. This will allow us to remove the last two 2511 terminal servers (t-animal-122a-1-mgmt and t-csc-101h5-1-mgmt). t-animal-122a-1-mgmt is only needed because of devices supporting t-csc-101h5-1-mgmt. Currently we have 4221's at DET datacenter, Jeremy Clark thinks we should use 4331 terminal servers that the WAN team is using. Jeremy is going to ask Paul Nazario how well they are working. Dennis will not order until it is decided if we are going with the 4331 or 4221. Leaving on agenda.
21JUN21: Ran out of time.
28JUN21: Ran out of time.
19JUL21: Ran out of time.
26JUL21: Ran out of time.
02AUG21: Ran out of time.
09AUG21: Jeremy did send an email to Paul Nazario, but has not gotten a reply. Consensus it to go with the Cisco dual power supply terminal server model ISR 4431. Dennis said we can proceed with ordering 5. Dennis will proceed with order when Jeremy sends the necessary information. Mark Tinberg created JIRA NS-5097 to add support to config builder and menu builder tools for the ISR 4431.
16AUG21: Jeremy needs to have a conversion with Chris Dahlke regarding licensing.
23AUG21: Ran out of time.
30AUG21: Jeremy heard back from Chris. The licensing should be fine. Jeremy let us know that there is a new model replacing the ISR 4400 series with ISR 8000 series. Consensus is to go with the ISR 4431 with 2 power supplies. Jeremy will get a hard count for how many old terminal servers to replace plus hot and cold sparing needed for placing an order with Dennis. JIRA NS-5097 was created to update the existing terminal server menu and config builder tool for ISR 4431. Jeremy will work with Mark Tinberg on the changes needed for the new terminal server ISR 4431.
20SEP21: Tom Christie is working on refactoring the current 2900 terminal server builder tool and then he will work on the 4431 terminal server builder tool. Jeremy has sent the 4431 part request to Dennis this morning.
27SEP21: Dennis has the parts list and is creating the order. After the gear arrives Jeremy and Tom Christie will work on the tool.
04OCT21: Dennis let us know that the order is being worked on. Review in a month.
08NOV21: Review after the first of the year when the order arrives.
31JAN22: Review in late March.
28MAR22: The Cisco order got pushed back again.
11APR22: New order date is the end of September.
26SEP22: Dennis said we are expecting to get 8 4431’s by the end of this week. Check again next week.
10OCT22: The 4431’s are not here. We discussed adding ssh to the serial ports. Jeremy confirmed that yes adding ssh is planned. Check again in a month.
21NOV22: The 4431’s are here. Jeremy has not had a chance to work on them. There are 7 in inventory. A Netbox entry needs to be completed. Review in a month.
23JAN23: Jeremy said this is now in progress. Jeremy is working on the template and then will work with the tools team to get a tool for the 4431’s. Review in a month.
27FEB23: Jeremy has the 4431 in the Techlab. Review in 2 weeks.
27MAR23: Jeremy needs to go in to continue the work. Check back in 2 weeks.
10APR23: No updates. Check back in a month.
05JUN23: Jeremy is going to work on them this Wednesday. Check back next week.
12JUN23: Jeremy let us know that the terminal server in the Techlab is connected and he is finalizing the configuration. Jeremy will work with the tools team after the configuration is finalized.
26JUN23: Jeremy has finished the configuration. Jeremy is working on getting the configurations to the tools team. Jeremy has created more equipment requests for replacing the 2511 terminal servers with the 4431’s. Review in 2 weeks.
10JUL23: Jeremy has a 4431 prepped for Animal. Jeremy is waiting for the builder tool to be updated. Tom Christie said it is on the next sprint. Review in 2 weeks.
31JUL23: Jeremy let us know that Tom Christie continues to work on the builder tool. Jeremy has ordered 2 more 4431’s to work on. One is for the hotspare and one is for CSC. Review 2 weeks.
14AUG23: Jeremy let us know that more work is needed for the builder tool. Review in 2 weeks.
28AUG23: Jeremy is meeting with Tom Christie to finalize the builder tool and will work on replacing the ones he has configured. Review in a month.
25SEP23: Jeremy created tickets for animal and CSC term servers. These can go away versus being replaced when the 4500X radial is replaced by James; so the tickets/work does not need to be done to replace those term servers. Last remaining ones are lab, hotspare and b116 term servers. Of those only the lab one needs to be replaced. Review in a month.
30OCT23: Jeremy has the hotspare ready to go. Review in a month.
27NOV23: No updates. Review in a month.
08JAN24: We discussed replacing the Cisco 2500 term servers in B116. Consensus is to look at a different vendor like Opengear. Jeremy will get part numbers to Dennis to order some Opengear devices for testing. Review in a month.
12FEB24: Paul Nazario reached out to see if we want to test the Cisco 1100 terminal server. Jeremy might have time to look at this in June. Consensus is to proceed with the demo to see if it will be better than Opengear. Review in June.
17JUN24: We are waiting for CSC 4500X switches to get upgraded and t-csc-101h5-1-mgmt to be decommissioned. James is working on CSC. The other 2511 is t-animal-122a-1-mgmt. The hotspare is on Jeremy’s desk waiting to be racked and cabled. Review in September.
14OCT24: Once the CSC 4500X is replaced with 9300X switches then the last 2511 term servers can be decommissioned. The CSC migration for the VA portion is coming this Thursday. Review in a month.
27JAN25: Jeremy is going to follow up with CDW to get demo units in the next couple weeks. Review in a month.
03MAR25: The Opengear equipment is arriving this week and will be installed in the Techlab on Tuesday in rack B4. Review in a month.
05MAY25: Testing is in progress but is on the back burner due to 400Gig projects. Review in 2 months.

Managing and routing 10 space on campus (Everyone).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

06OCT25: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.

Previous Meeting Notes

14JUN21: Consensus is all of 10 space is managed, but not all will be routed. We will explicitly put in what is routable. Where is the canonical source? Request a tool to notify/email us when something is being routed that we don't want it to be routed. Scott has a perl script that he ran and showed us. Check routing table against WiscNIC. If it is in the routing table it should be in WiscNIC. GNMIS numbers to graph. FIDO alerts maybe. Michael might have some of this tooling for sysnet. vrf monitoring. Dennis will work on communicating to campus that we want to manage all of 10 space. Timeline asap. Reach out to Space Science. Update KB 3988 to include all of 10 space after communication is completed. This process was started with an email from Dennis on 11/1/2018.
21JUN21: Ran out of time.
28JUN21: Ran out of time.
19JUL21: Ran out of time.
26JUL21: Ran out of time.
02AUG21: Ran out of time.
09AUG21: No change.
16AUG21: Dennis on vacation.
23AUG21: Ran out of time.
30AUG21: No change.
27SEP21: No change. Review in a month.
25OCT21: No change. Review in a month.
29NOV21: No change. Review in a month.
03JAN22: No change. Review in a month.
14FEB22: No change. Review in a month.
14MAR22: No change. Review in a month.
16MAY22: Dennis let us know that communication was done at the last NAG meeting. Scott let us know that updating object groups in Panorama and rules needs to be done. Greg let us know that the work order was approved. Dennis will do a communication after the work has been completed as an additional reminder for customers.
11JUL22: JIRA NS-5264 is not being worked on in the current sprint. This will be added to the next sprint. Review in a month.
22AUG22: JIRA NS-5264 is not being worked on in the current sprint. This will be added to the next sprint. Review in a month.
26SEP22: JIRA NS-5264 is not being worked on in the current sprint. Review in a month.
21NOV22: JIRA NS-5264 is not being worked on in the current sprint. Review in a month.
23JAN23: JIRA NS-5264 is not being worked on in the current sprint. Review in a month.
27FEB23: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
24APR23: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
26JUN23: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
28AUG23: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
30OCT23: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
18DEC23: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
19FEB24: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
22APR24: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
24JUN24: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
26AUG24: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
28OCT24: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
27JAN25: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
02JUN25: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.
04AUG25: JIRA NS-5264 is not being worked on in the current sprint. Review in 2 months.

Power requirements going up for all TR's due to increased need for PoE (Everyone).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

08SEP25: Still waiting on FP&M. Review in 2 months.

Previous Meeting Notes

15FEB21: We discussed how to get current power available. The new AP will be needing 60 to 90 watts. Neil let us know that our current power standard is two 20 amp circuits per closet. We discussed adding two 208 20 amp circuits to existing wiring closets. Most new electronic devices (switches, laptop, testing equipment...) that we use a power supply that is an auto-ranging and supports input voltages of 110/208. We discussed calculating power for each wiring closet versus having a standard implementation. We discussed if we still need 110 volt circuits. We discussed creating a list of closets with 3 or more switches. We discussed calculating PoE of all devices (AP's, phones, cameras...) currently connected to the edge switches. We believe we would do a one for one replacement of AP's of the new 60-90 watt AP once the current AP refresh project is completed. 3-5 year is expected before we would do the next AP refresh. We discussed including VOIP phones that are currently using power bricks. We discussed needing to see what we are currently storing in MRTG for power statistics. Chris Lund recommended using L21-20 for 3 phase 20 amps as is done in the datacenter since it gives 5700 watts and flexibility to get the outlets that are commonly needed. We discussed putting the power information in OpenDCIM/Netbox. We discussed coming up with a list of a few building to derive a process for determining power requirements. We discussed heat load increasing due to increasing power usage. Consensus seems to be to double the power and it will be close after the buildings have been converted to the current AP's. We discussed engaging the Electric Shop power engineer to help with this project. The buildings that have DC plants installed will help verify power used. Scott has a script that polls for power statistics. Mark Tinberg sent an email with the current power supplies being used by the switches. Dennis would like to have some information to look at in two weeks. Mark Karls is going to work on this with Scott. Keeping on agenda to discuss in two weeks.
01MAR21: Dennis did not get the information yet.
08MAR21: Dennis did not get the information he was looking for yet. Scott has a script that polls the switches for power information. Mark Karls showed us how to use Scott's script. Dennis needs more time to think about how we should proceed.
15MAR21: Ran out of time.
22MAR21: No change.
29MAR21: No change.
05APR21: No change.
12APR21: No change.
19APR21: No change.
26APR21: No change. Wait for two weeks to get the next update.
10MAY21: No change. Wait for two weeks to get the next update.
24MAY21: No change. Wait for a month to get the next update.
28JUN21: Ran out of time.
19JUL21: Ran out of time.
26JUL21: Ran out of time.
02AUG21: Ran out of time.
09AUG21: No change. Wait for a month to get the next update.
27SEP21: We have the list of switch models. Scott listed the power requirements on the Visio diagram that he created and sent to Dennis. Dennis is going to contact FP&M and Neil to get a meeting to go over what needs to be done for power in the TR's.
04OCT21: Dennis did not have time to do this. Review in a month.
08NOV21: Dennis has an email out to Dan Volk. Review in a week.
29NOV21: We had a meeting with Dan Volk on 15NOV21. Someone was supposed to come up with what we would like as a standard going forward. Review in a month, follow up with NIAG.
03JAN22: No change. Review in a month.
14FEB22: No change. Review in a month.
14MAR22: Dennis will follow up with Neil. Review in a month.
16MAY22: The specs were given to Neil. Review in a month.
20JUN22: Dennis discuss this with peers at Cisco live and they going with entirely 208v. Dennis let us now that Neil is going with 220v and pdu solution. We are waiting on formal documentation from Electric Shop and Neil. Dennis will follow up with Neil to see when this can be done. Review in a month.
01AUG22: Dennis discussed this with Neil, but no solid plan. Dennis will try again to get this formalized. Review in a month.
12SEP22: Dennis did not have a chance to work on this. Review in 4 weeks.
21NOV22: Neil and the Infrastructure team needs to setup a meeting with Dan Volk. Review in a month. We are having weekly Wednesday meetings. Review in a month.
23JAN23: Dennis is going to follow up with Neil or his replacement. Dennis thinks Neil’s job is posted or going to be posted soon. Review in a month.
27FEB23: We will discuss this with Neil’s replacement. Review in a month.
27MAR23: We will discuss this with Neil’s replacement. Review when the new person starts.
10APR23: Bill will review documents to come up to speed. To get this into the division 27 documents. Review in 2 months.
12JUN23: Bill let us know that Pat has moved this to high priority for Bill’s list. We have about 60-70 days to get the division 27 documents/requirements done. Bill has asked Chris and Marce to do a review of division 27. There will be collaboration between Infrastructure, LAN and Field Services to update division 27. Review in 2 weeks.
26JUN23: Bill let us know that Chris and Marce are working on updating the division 27 document to get input/feedback they should be done in 2 weeks. Review in 3 weeks.
17JUL23: Chris, Marce and Jeff Ruttman reviewed the division 27 document. They want to review this with Bill prior to presenting to the larger group. Review in 3 weeks.
07AUG23: There was a meeting with reps from each NS team to go over documentation; more meetings are needed to finish. Review 3 weeks.
28AUG23: Bill is going to reach out Dan Volk. Review in 4 weeks.
09OCT23: Bill has scheduled a meeting 19OCT23 with Dan Volk. Bill is also meeting with a manager to update Division 27. Review in 4 weeks.
20NOV23: Bill had a meeting on 16NOV23 and is planning to have the summary sent out to the people that were on the call. Review on 29JAN24.
29JAN24: Bill will setup another meeting to verify consensus. Review in a month.
04MAR24: Bill talked to capital planning and they are going to work on this. Division 27 updates were gone over with Infrastructure team. Bill will setup an additional call with NS teams. Review in 2 months.
20MAY24: Bill will have a call this Thursday with Bob Bucci to discuss what requirements are needed. This is moving forward and will take time. Review in 3 months.
09SEP24: Bill met with Bob Bucci. Bill provided the list of pilot buildings and the list of requirements. Bill needs to provide a project charter to Bob Bucci. Review in a month.
14OCT24: Bill provided the charter to Bob Bucci. Review in a month.
25NOV24: No updates. Review in January.
27JAN25: Bill had a meeting and capital planning group is still working on it. Review in 2 months.
07APR25: No update still waiting on FP&M. Review in a month.
05MAY25: Bill had a call on this trying to co-ordinate funding trying to get this started before the end of summer. Waiting on FP&M for funding several buildings were identified to review and upgrade the TR’s to get representation for costs and processes. Review in 2 months.
07JUL25: Still waiting on FP&M. Review in 2 months.

Cleanup FIDO alerts (Everyone).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

06OCT25: We discussed the SMPH alerts, the IPv6 address alerts in the Techlab on 992, the crawler-cssc and Citrix load balancer alerts.

Get consistent location information for network equipment (Everyone).

Priority: N/A.
Target Date: N/A.
Action Items: N/A.

18AUG25: The Animal Science area building migrations from the Cisco 7010s to the Cisco 9606s was completed except for the cleanup. Bill let us know that there are some solutions to go beyond the 300 foot limitation for copper cabling. Testing will be done for cameras and APs. Other Big Ten schools have implemented this solution with success. This would be a potential solution for "emergency" situations. Bill will ask for use case scenarios from the manufacturers.

Previous Meeting Notes

27JAN20: We discussed having consistent row, column and RU locations for equipment in datacenters and supernodes. CSSC has good row, column and RU information. We do not have this for Animal or 432NM. Will Crickman has created several quick searches in WiscIT on our dashboard. MFCOB and OneNeck probably have good location information. We have API access to query WiscIT for fields that are missing for location information of the network devices. We discussed the need to have a process for adds/changes/deletes. The goals for this is to figure out where devices are so we can make connections to them. We discussed using NetBox since it can model racks and WiscIT does not model racks. Can we create a mechanism/tool to get the information into WiscIT or NetBox. We discussed using the snmp location in the configuration of the network devices. We can then use the snmp location and put it into WiscIT or NetBox. We discussed adding fields to WiscIT for location of equipment but not everyone creates tickets for equipment install/removal/change. David is going to work on figuring out the pattern for the snmp location configuration. Keep agenda.
03FEB20: Ran out of time.
10FEB20: No change.
17FEB20: Ran out of time.
24FEB20: Ran out of time.
02MAR20: Ran out of time.
09MAR20: David talked to Mark Tinberg and Tom Christie about pushing more information into the Cherwell cmdb. David will go back to Mark Tinberg to ask about doing this for Animal Science and 432NM. NetBox is also being looked at for the future equipment tracking. If NetBox is going to be used we should not be spending time on the Cherwell cmdb. This will be discussed tomorrow at the tools meeting.
13APR20: Ran out of time.
20APR20: On hold until we decide if NetBox or some tool is going to be used to track network equipment location.
21SEP20: Consensus is to use OpenDCIM to track network equipment locations.
28SEP20: Waiting for OpenDCIM to be installed in test and production.
05OCT20: Waiting for OpenDCIM to be installed in test and production.
12OCT20: OpenDCIM has been installed in test.
19OCT20: Ran out of time.

Discuss Next Gen backbone design.

Action items: N/A.

06OCT25: RDNS-CSSC1 and RDNS-CSSC2 were successfully migrated on Sunday, 05OCT25.

Previous Meeting Notes

12MAY11: Several diagrams were drawn and discussed. We believe we have one that could work. Jeff will create a Visio diagram of this plan and we will go over it at the next meeting.
19MAY11: Discussed how to move forward with Animal Science supernode move, CSSC supernode move and Next Gen network. How to take advantage of the moves? How much fiber is needed?
Dennis will setup a meeting to go over requirements and discuss design. Pat and John will bring fiber concerns/questions to NIAG (Is Next G using existing fiber or was new fiber installed for all needs? Is conduit available to add more fiber?).
26MAY11: We discussed more options. Possibly move functionality of the -9 and -10 into border routers. Consensus is we are proceeding with the spiral core design.
02JUN11: Ran out of time.
09JUN11: Ran out of time.
16JUN11: Ran out of time.
23JUN11: Ran out of time.
30JUN11: Ran out of time.
07JUL11: We discussed several more designs. Jeff volunteered to update the working Visio to incorporate what we think might work. We need to create a list of concerns to be tested in CPOC.
14JUL11: We went over the updated Visio diagram that Jeff produced from our last discussion (tabs 5 and 6). These diagrams are on peleus. We will go over the requirements list on 18JUL11.
21JUL11: Finished going over our list of "Current and Future Network Services Offerings". Discussed pseudo wire designs. Discussed the possibility of a design without ASR's.
28JUL11: Nothing to discuss at this time.
04AUG11: Ran out of time.
11AUG11: Ran out of time.
18AUG11: Ran out of time.
25AUG11: Nothing to discuss at this time. Putting on hold.
12APR12: We had a meeting 11APR12. We are moving forward with the 7K design. We went through the services list and updated it. Jeff will update Visio diagrams with the changes we discussed at the meeting.
19APR12: We had a meeting 18APR12. Dennis will be setting up a meeting with Cisco experts (Al and others) to go over design solutions.
26APR12: Dennis, Dale, Greg and Jeff met with Cisco engineers Al and Ryan Tischer on 25APR12 to discuss the logical designs. The POC target date is July. The Nexus 7K's do not support vpls nor psuedowire. OTV can be used on a limited basis if needed. A committee needs to be formed to decide who can get OTV services. Next step is to work on the test plan.
03MAY12: There was a meeting on 02MAY12 during which we discussed the current and future services. The next meeting will be used to come up with CPOC testing.
10MAY12: There was a meeting on 09MAY12. We worked through POC requirements. Bill collected data/traffic for analysis. Ryan (Cisco SE) commented that Cisco is committing to OpenFlow in the ASR 9000 and that the Nexus 7000 will not due to TRILL. We are still heading down the Nexus 7000 path due to concerns for IOS features. Ryan is looking over a configuration that Greg sent him. Next week we will continue vetting the test plan.
17MAY12: We met this week and worked on the POC. We discussed the Nexus 7K versus the ASR 9K some more. We discussed performance metrics.
24MAY12: There was a meeting on 23MAY12. Items to test in the POC were discussed. Control plane scaling is a concern. The POC drawing is being worked on. Cisco reps will be here next week to go over POC planning. Dennis will see if he can get a Breaking Point rep to help do some testing here in our Techlab.
31MAY12: There is no VSS for the 4500's at this time. Consensus is to not test VSS on the 6500 platform. vPC does not work as we thought it would. One can not mix and match vPC with L3 routes on the same link. There are two work arounds for this; static routes or double the number of links.
07JUN12: We are waiting on Ryan to get back to us for POC. Please send Dale feedback for additional tests for the POC.
14JUN12: No change.
21JUN12: POC tentative date of July 27th, but parts not available at this time. We had a discussion on using the 6500 with sup 2T as a possible solution.
28JUN12: We met Wednesday and talked through a number of topics. The week of July 23rd is reserved for POC. We need to finish the test plan. We don't have a Nexus 7k so Cisco will need to create the configs. We need to do surveys at the radials for power and space. VSS field try might be available in September per John Hranka. The functional requirements and prioritizing them will be done at the next meeting.
05JUL12: The POC is going to proceed. Cisco testers are not able to generate some of the tests (e.g. ARP's/sec). Cisco engineers stated that downstream routing is not supported on the Nexus 7k's when using vPC. We started generating a service focused requirements list.
12JUL12: The POC is going to proceed (no change). Ryan has come up with a way to do some of the tests that we have asked for (e.g. ARP's/sec).
19JUL12: We met on Wednesday. We discussed design issues and went through all of our current vlan scenarios. We have a goal of updating these scenarios with the Next Gen features.
26JUL12: Ran out of time.
02AUG12: We reviewed the POC results. We are moving forward with the 7k demo's for more requirements testing. We will discuss the POC results with NAG members at the next NAG meeting. Datacenter consolidation is probably 5-10 years out per Pat and Terry.
09AGU12: We discussed the POC results with NAG. We discussed the Next Gen network design with NAG. Terry let us know that row DD at CSSC Datacenter is reserved for co-location of servers. We discussed a two network design (Core and Datacenter). Dale sent out notes from our design discussions to lan@lists.wisc.edu. Dennis will post these notes on peleus in the \NS_Shared_Docs\Projects\Next Gen Network folder. Scott and Bill were on the conference call this morning for the 4500 coming in for demo.
16AGU12: The 4500's shipped last Friday and there is an expected 5-7 business day delivery. A lead engineer needs to be decided on for the supernode relocations; this was brought up at the fiber regrooming meeting.
23AGU12: The 4500's actually shipped on Tuesday (21AUB12) from Texas with the same 5-7 business day delivery via Fedex. We met and went over the tool list one more time too make sure we had the Next Gen Network tools listed.
30AGU12: The 4500's arrived. We discussed space and power requirements at 432 N. Murray. 4500 testing should be completed by mid October.
06SEP12: We met on Wednesday and gave updates on 432 N. Murray site visits. We will be moving the network equipment in rack A3 to B3. This has the following advantages over moving the 6500's from rack A2 which was the initial thought:
1. Moving less connections (21 connections in rack A3 vs 140 connections in rack A2).
2. Will allow us to swap out A2 and A3 2 post racks for 4 post racks (once the next gen equipment migration occurs A2 will be empty).
3. The high density connection network equipment will be closest to the fiber racks.
4. Easier to move the power.
Dennis and Neil will be putting in a request to see if we can get the room to the east of b3a at 432 N. Murray. This would get us a 10 ft x 31 ft room to expand into.
13SEP12: Had a meeting yesterday to go over the tools list.
20SEP12: We spent the Wednesday meeting going over a budget exercise with Ryan (Cisco SE).
27SEP12: We discussed the supported and unsupported tools list at the Wednesday Next Gen Network meeting. We went through the list to decide if we need the tool or not.
11OCT12: We met on Wednesday and discussed the network budget, some test plans and the possibility of using the Wednesday meetings to do configurations of the Nexus gear with the whole group. Dale would prefer to use the Wednesday time for design instead of configuration.
18OCT12: We have 60 days to work on the Cisco Nexus 7010's starting on 15OCT12. We met on Wednesday and discussed how many vDC's we think we will need and did some design work on the whiteboard (Jeff R. took a photo and sent it to the group). We discussed possible monitoring taps for the new network: use MUX's to drag traffic back and use span ports back to a VM cluster. We will be thinking more about this as we work on the Nexus 7010's. We also agreed we will not be keeping the 6500's so we will be needing the 1Gig boards for the 7010's.
01NOV12: We met on Wednesday. Consensus was to setup the one radial as legacy and one as future/final design. Dennis submitted a request to provide an enterprise architect to go over our design, with the goal of week after next. Dennis asked Al to provide a 3850 presentation, no confirmation on when this will happen. We discussed eliminating the -7 and -8. Concern was brought up that in the future we could hit the connected host limit so we should keep the -7 and -8. We discussed equally balancing the -7 and -8 and moving engineering to them.
15NOV12: We met on Wednesday and worked on creating a spreadsheet for test features and results. Dennis will post this on peleus.
29NOV12: We met with Ryan and discussed ARS 9k's. Ryan will get us ASR 9k's for demo/eval goal is to have this gear by next week. The gear will be order with AC power. Terry Bradshaw believes he can have the AC power in the Techlab ready next week for the ASR 9k's. We will be testing for feature functionality.
06DEC12: We met on Wednesday and worked on a BOM (bill of materials) for the core/supernode for upper management.
13DEC12: We met on Wednesday and reviewed the BOM (bill of materials) for the core/supernode for upper management. The ASR 9k's arrived were racked and cabled.
03JAN13: We met on Wednesday and went over the spreadsheet of parts that were approved and ordered. The spreadsheet is on peleus: P:\NS_Shared_Docs\Projects\Next Gen Network\quote17451-1.xls.
10JAN13: We met on Wednesday and went over what is coming from the order and when. Dennis will follow up with Ryan to get a schedule so we can work with him.
17JAN13: We met on Wednesday and went through the upgrade procedure for the ASR 9000.
24JAN13: We met on Wednesday. Consensus was to use rx- for the naming convention for the ASR 9k. Bill will work with Charles to get this added to the "Device Naming Tool". Radius is not working on the 9k with the new code. Dennis will follow up with Eric/Janet to prioritize getting the 9k's into cms. Desired timeline for the cms checkin of the 9k and 7k is one month or less. Delivery dates for the Lab ASR 9k's was given by John Hranka, but not for the other 2 ASR 9k's. The Nexus 7k licensing are not available for the 2 Nexus 7010'2 currently in the Techlab.
31JAN13: We met on Wednesday. We agreed to put the r-cssc-mdf-2 at 432NM, r-432nm-mdf-2 at Animal Science and r-animal-mdf-2 at CSSC. We agreed to put the ASR 9922 in the back row rack on the end next to the aisle. The -9 will be at CSSC and the -10 will be at Animal Science. We need to make sure we review the path diversity for the core connections. Dennis will invite Al Sauer to our next meeting to go over this. The Techlab ASR's have shipped. Dennis discussed our Cisco contract issues with John Hranka (e.g. not being able to see what gear is on what contract and who is on what contract). John Hranka said that CoreBTS needs to fix this.
07FEB13: We met on Wednesday and worked on upgrading the standby ASR 9006. We got a quick overview of MPLS from Ryan.
14FEB13: We met on Wednesday. We discussed cutover ideas:
1. Only connect the -9 and -10 to the ASR 9922's.
2. Connect the 6500's to the ASR 9922's and move routing to the 9922's.
We discussed where to physically store the licenses for the 7k's and 9k's, but did not come up with a decision. Greg proposed moving vlan 494 behind one of the new firewalls and we agreed this made sense.
21FEB13: We met on Wednesday. Al Sauer attended and went over the fiber path diversity. The Power Point drawing and pdf is on peleus
- \NS_Shared_Docs\Projects\Next Gen Network
- Al let us know that Housing has 24 of their 33 aggregation buildings have singlemode.
- Ryan T. let us know that Cisco is coming out with a new smaller 6500 with a new sup that could be a good radial instead of the 4500X. The new 6500 will be announced this summer. Ryan also let know that he and Al Kluender have created ASR 9k training. The State of Minnesota will be the first customer to take it. We will be the second and it is scheduled for:
  - When: Wednesday, April 03, 2013, 9:00 AM to Friday, April 05, 2013, 5:00 PM. (UTC-06:00) Central Time (US & Canada)
  - Where: Madison (maybe Cisco office on the eastside or at Union South).
  The format that was described was we would be given a task to configure and we would look up how to do it via the internet. We would be given a show command to let us know if what is configured is correct. We would be given the directions/training on how to configure. This does not use up any training credits. All engineers, OpEng, Mark Tinberg and Michael Hare are interested in attending (11 people in all). Consensus is to have the time changed to 8:00a.m. to 4:00 p.m.
28FEB13: John took notes and posted them here.
07MAR13: We did not meet this last Wednesday.
14MAR13: Ran out of time.
21MAR13: Ran out of time.
04APR13: We went over the diagrams that Jeff created (peleus \NS_Shared_Docs\Projects\Next Gen Network\detailed backbone.vsd). We went over the tech lab tab and the distributed datacenter backbone tab. Consensus is to work towards this design. The naming convention for the VDC's was also agreed upon as depicted (e.g. sn1-core1, ddc-router-leaf1...). We agreed to create the port channels in the Techlab, but only put one port in them.
11APR13: Ryan sent out XR training syllabus:
1. Intro to 9K a. Hardware b. Software c. Packet walks
2. Intro to XR
3. XR software architecture
4. XR Operations Tools
5. IOS XR Routing 6. IOS XR RPL 7. MPLS 8. Multicast 9. QOS 10. L2 11. Software Upgrade
18APR13: We met Wednesday. We discussed Techlab power requirements and HVAC. Consensus is to find out how much power can be brought and to get a measurement of the current draw. We should then add at least 50% more for growth. We discussed prioritizing ISP fiber upgrades for campus building. Consensus is to base this on bandwidth and start with the top 10. Training for the ASR 9k sessions invites will be put in our calendars by Dennis (the rooms have been reserved). Bill let us know that the passive copper twinax cables do not work on the 9k's. We discussed using the Animal Science DC power rectifier order for CSSC since the CSSC order just went out and may not get here in time.
02MAY13: Rick Konopacki and Mike Ippolito attended our meeting and we went over the Med School concerns for the whole meeting. We discussed: general plan for DR at CSC (room B30 and 101H5), 96 strands of SM from 101H5 to B30, MM from TR's to 101H5 to B30, 1 Gig connections, some 10 Gig will be needed, some TR's only have MM, using vrf's on 9k's, encryption requirements, distributed datacenter using TRILL with 5k's connecting to 7k's and separate client/server networks. The details need to be worked on, but there were no show stoppers to going to a collaborative model from the technical aspect.
09MAY13: No change. No meeting this Wednesday due to ASR 9k training.
16MAY13: We met on Wednesday. We went over the questions that Mike Ippolito had sent Jeff. Jeff took notes and emailed the answers to Mike. We discussed the possibility of adding another supernode in CSC. We would use the 7k's that we have for the CSSC datacenter since we will most likely use Nexus 6k's instead of the 7k's. The Nexus 6k's are preferred due to having more MAC address capabilities (256k vs 128k for the Nexus 7k). We discussed connecting the 6500's to the ASR 9k's for layer 3 before we move the layer 2 to the 7k's. This would require more fiber. No decision was stated, but we seemed to be leaning towards moving the layer 2 and 3 at the same time.
30MAY13: We met on Wednesday. We went through the OpenGear terminal server demo. We will connect r-cssc-9 to the 9922 with 20 Gig. Per Dennis to meet the 100 Gig requirement we need to have a 100 Gig connection to BOREAS with the services that are currently on r-peer-1. We also need to provide connectivity to researchers, but they will have to fund the optics/board if they need 100 Gig. The timeline is 7/31/2013. We discussed creating an itemized list of what needs to be done for deploying the 9922's (e.g. code upgrade, DC power, racks installed, fiber tray installed, work on the templates in the Techlab...). We discussed creating a draft document for DDC and presenting it to NAG (e.g. centralized view for available resources: power, cooling, cpu, disk, memory, generator, 24 x 7 staff...). The DDC service should be tied into the AE campus plan. We went over a network diagram that Scott created. Greg upgraded the 9922 code to the same version that is on the 9006.
06JUN13: We met on Wednesday. We discussed University Apartments remodel and wireless design. A recommendation for a switch order needs to be created. We need to review the 2960X switch since it does support v6 ACL's. We asked Dennis to arrange a meeting with Cisco to go over the technical specifications of the 2960X. Dennis let us know that the Cisco order was placed last week for the 5596T's, 3850's, 4500X's, 4500X modules and one 100 Gig card for the 9922. Dennis is going to follow up with Al Klunder for the XR training slides and follow up answers to the questions we had. 13JUN13: We met on Wednesday. Ryan gave us an update on 2960X's, 4500X's and 6880X's. The 6k is dimensions are 4 RU high by 23" deep by 19" wide (we can also center mount which would make it 11.7" deep). We will look at the 2960X's and 6880X's again when pricing is available.
20JUN13: We met on Wednesday. We agreed that we will be configuring the Nexus 7k's and 9k's as soon as they get DC power. The 7k's and the 9k is racked and awaiting DC power at CSSC. The 7k's for 432 N. Murray are going to be installed by Field Services next week. Mark Karls and Scott will be focusing on FISMA since it is due in August. We discussed setting up user groups for read only access on the new equipment (e.g. read only for NOC...). Dennis let us know that the camera system on campus is converting to IP cameras. The following is the list of who is working on which Nexus 7k pair:
- Greg and David: CSSC-1 and CSSC-2 Bill and Will: 432 N. Murray Jeff and John: Animal-1 and Animal-2
We will also configure the ASR 9k as it relates to the Nexus 7k pair that we are configuring.
11JUL13: We met on 26JUN13. Dennis let us know that the batteries for Animal and 432 N. Murray will be ordered and we will try to have them installed the same day that they arrived here. Housing support was gone over. David let us know he is working on creating a KB 31279 document with tips/info (e.g. diagram location, config location, Nagios monitoring...). Dennis let us know that the 01JUl3 date is a soft deadline and that Satish will be on vacation for 5 weeks. Bill let us know that he is working on getting the 4500X's connected to the Nexus 7k's in the Techlab. We met on 03JUL13 and discussed moving L3 to the 9k's. Move the standby HSRP to the new -10 fail over, then move the primary to the new -9, remember toprepopulatethe MAC addresses to the firewalls beforehand. Wej and Chen discussed the battery options for runtime with us and consensus is to go with the extra string of batteries since the cost is low and we would not have to deal with operational load shedding. Help files for the NOC for FIDO alerts are needed. We met on 10JUL13. Mark Karls volunteered to make sure all of the HSRP pairs on the 6500's are version 2. John will order the Nexus 7k's via the Equipment Request Tool for Animal Science. We agreed to use the vlan number for the group number on the ARS 9k's. We discussed DNS for 4500x pair at CSC and MFCOB, but did not come to a decision (e.g. maybe use both building names in the hostname). Dennis let us know that there will be a Cisco Lunch and Learn on 08AUG13 which will overlap with our normal Thursday engineering meeting.
18JUL13: We met on 17JUL13. DC power at CSSC should be done this week or next. Animal Science DC cables should be done this week. The PDU's are on order and expected here in 2 weeks. Tabur will come back hopefully the first week of August to finish. BFD (bidirectional forwarding detection) configuration was completed by Bill. The Nexus 7k's will be installed at Animal Science next Monday and the ASR 9k will be installed next week. The 4500X template configuration is installed on the FISMA switches per Scott. We need to upgrade code on all of the ASR 9k's the following is who will upgrade which ASR 9k:
- Jeff/John : Animal Science 9922
- Greg/David: CSSC 9922
- Bill/Will: Techlab 9922
- Mark/Scott: Techlab 9006
The 7k boards have been installed at CSSC and 432 N. Murray. We will install the Animal Science ones when they are racked up. We need to have terminal server and network connections run at each site. We will have to install terminal server and management switch at Animal Science room 226.
25JUL13: We met on 24JUL13. IPv4 HSRP is done. Need to work on IPv6 HSRP, IP helper address, cms and montioring. DC power is not ready at any site, but is getting close to being done at CSSC. Tabur did all of the work they could with the parts that were here. The AC feeds are half done at CSSC and the rest should be done by end of the week. The AC feeds at Animal are being worked on by Wesphal.
01AUG13: The following is an email from Bill with the meeting action items for 31JUL13:
- "Here are the action items from this mornings Next-Gen Backbone meeting, if I have missed something please let me know.
  
  Thanks,
  Bill
  - Tom follow-up:
    - IPv6 virtual address ??
    - HSRP authentication corrected in 4.3.1 - already answered still not available in 4.3.1
  - UW follow-up:
    - BFD
      - keep horseshoe between 9Ks or P2P between 9K & 7K?
      - Use BFD on physical P2P vs Logical HSRP - test response time and try to determine which combination is most appropriate
    - OSPF
      - better redistribution than just "redistribute connected" best practices
    - HSRP - test response time of using BFD vs HSRP timers"
08AUG13: We met on 07AUG13. The 9922 and the Nexus 7k's have been powered up. We need to run the cabling for the connections to the management network and the core network. The terminal server and the 3750X for OOB needs to be installed. The 9922 needs work on radius. CMS needs work. Michael will work with Bill on assigning ports for WAN connections and updating the Visio diagram. Animal Science is not ready: need to install the 9k, 7k's, power, fiber, terminal server, OOB management switch... Michael went over the WAN design with us and Tom Glennon (Cisco SE).
15AUG13: Cisco gave a Nexus 6k briefing. Mark Karls will work with Greg and Field Services to get jumpers run from the r-1 routers to the ASR 9k in preparation to moving routing from the r-1 routers to the the ASR 9k. Bill is working on getting the monitoring taken care for the ASR 9k.
22AUG13: All new equipment for the core network is racked and has all of the cards in them. We are waiting on DC power and fiber work to be completed. The Techlab Nexus 7k has been checked into cms and we need to verify that we can restore the configuration from scratch using the stored configuration. Bill let us know that he has a case to have the OOB management network equipment installed by Field Services for Animal Science.
29AUG13: We met on Wednesday. We discussed moving our network (Network Engineering) to the 9k to test on ourselves prior to moving DoIT networks. Mark Karls and Greg will work on cabling and setting this up in the Techlab so we can practice there first. John, Jeff and Tom Kakuske worked on fixing the problem 10 Gig links going from the ASR 9922 (rx-cssc-b380-1-core ports te0/9/0/0 going to r-cssc-b280c-9-core t7/2 and rx-cssc-b380-1-core ports te0/9/0/1 going to r-cssc-b280c-9-core t7/4). We are going to wait to move campus routing until the Animal Science 9k is ready. Make sure togo into WiscNic to reserve OOB subnets.
05SEP13: We met on Wednesday. Dennis let us know that there are 7 buildings that have been identified to move to the research network and that these buildings have a higher priority than the rest. Consensus is to move L3 and L2 at the same time to the 7k's and 9k's. Nexus 7k connectivity/cabling needs to be done. There is a MSDP (multicast source discovery protocol) problem on the ASR 9k and Michael has opened a Cisco case. There is also an rpf bug on the ASR 9k where you have to up/down a port/interface to get it to work.
12SEP13: We met on 11SEP13. We went over the DC status for Animal Science (supposed to be done by the end of this week). 432 N. Murray and CSSC waiting on parts to finish. Wej is working on a temporary DC power solution for 432 N. Murray (waiting on a breaker to come). David let us know that he has the licensing for the 7k's on peleus in \NS_Shared_Docs\Projects\Next Gen Network\licensing. Dennis will be checking on the front covers for the ASR 9k's since we can not find them. We will temporarily use the wall outlets at Animal Science to provide AC power for the terminal servers when they are installed. Alton Seymour joined visited us and we went over out contracts and found out that the 2626530 contract is expired and can not be used any more a new one has to be created.
26SEP13: We met on 25SEP13. We are waiting on DC power to be finished. Wej has the 9k and one of the 7k's done at Animal Science. He plans to have the other one done this week. Wej has all of the parts for 432 N.Murray and will work on that after Animal Science is done. Consensus is to get licensing to allow for vrf's at the radials for: FISMA, BAN, PCI, OOB, ATOS, camera network... We need to create new types similar to the vlan type KB and post it in the KB.
03OCT13: Ran out of time.
10OCT13: We met on Wednesday 09OCT13. We discussed the wireless future design (e.g. routing on the Cisco ASR 9922's, Nexus 6k's, Aruba 7240 's, captivators...). We reviewed and updated the list of edge switch requirements. We need to look over Cisco options for switches (e.g. 2960X, 2960XR, 3850X, 3750X...) to determine what would be the appropriate switch (e.g. meets all requirements and cost the least amount). We are supposed to do this and be ready to discuss the options this coming Monday 14OCT13.
14OCT13: No change.
21OCT13: Dale wanted to know if we are connecting high bandwidth customers to 9k's directly. He also asked if we have set priorities and target dates on what we should be working on. Consensus is to connect to the Nexus 7k's since the interfaces are more cost effective. We need to define high bandwidth customers. We are going to think about this and discuss it again at the next meeting.
28OCT13: We discussed creating a list of major tasks and how to track them. Consensus is to use the Milestone Tracker and spend all of next meeting doing this as a group.
04NOV13: Wej and Chen have cabled both Nexus 7k's. They powered both up but the room temp is too high so they un-powered one. We ended up powering the other down also due to the heat load. We did not get to the Milestone Tracker entries because we ran out of time discussing the HVAC and power requirements at 432 N. Murray.
11NOV13: The HVAC at 432 N. Murray is better, we will be turning on the Nexus 7k that has the 100 Gig card in it to see if the HVAC can handle the load. We have not heard back from FP&M on our power requirements at 432 N. Murray. Consensus is to cutover our network first to the new gear (vlans 3042 and 42), then vlans 644 and 645. We need to create standard radial builds similar to the vlan types KB 3586. No one volunteered to do this. We created the entries in the Milestone Tracker for the core build.
18NOV13: Consensus is to move r-peer-2 to the Animal Science ASR 9922. We will turn on the two cards in the Nexus 7k's at 432 N. Murray to see what the power draw is (have Chen check the reading on the DC PDU).
25NOV13: Consensus is to work on getting all 6500's connected to the Nexus 7k's.
02DEC13: We discussed having the management network in a vrf or not. Scott created, emailed and presented several diagrams for this discussion. Consensus was to mull this over and continue the discussion next week.
09DEC13: Consensus is to use a vrf /25 management network per supernode. Consensus it to keep the OOB network as OOB as possible. The diagrams Scott created depicts the radial connection scenarios.
16DEC13: The test network is in place. We discussed needing a new weather map or updating the one we have. We discussed creating VM's on the OOB network versus using our own PC's on the OOB network for testing purposes. Consensus is to try using our own PC's first.
13JAN14: Consensus is to move vlan 643, 648 and 649 (David is working on this). Janet and Mark Karls will work on the ASR 9k interface tool builder.
27JAN14: Greg let us know that he has upgraded the Techlab ASR to 4.3.4 and it fixes many of our bugs and is the preferred software per Cisco. Consensus is we should put this code on rx-animal and run it. Greg will create a meeting for us to upgrade rx-animal as a group.
03FEB14: We discussed a proposal for packet capture using a 4500X aggregator. Greg let us know that Jeff Savoy is working on a diagram for the Gigamon connections. Greg let us know that there is fix box attached the the Gigamon that we can use for troubleshooting.
10FEB14: We discussed the cutover process from 6500's to 7k's. We discussed upgrading the code on rx-cssc-b380-1-core maybe Spring break. Consensus is to move routing after we are operationally ready.
17FEB14: Greg let us know that the SNMP SMU needs to be added to the Techlab 9k's for testing. Greg will follow up with the WAN team to see if MPLS is needed. Scott created 3 new projects in the milestone tracker tool.
24FEB14: Greg let us know that the WAN team does not need MPLS. Mark Karls will talk with Janet about creating an interface builder. Michael let us know that r-wan is connected to the -9 and -10 for routing and is using the ASR 9k for layer 2. Our external peers are layer 3 connected to the ASR 9k. The ASR 9k code upgrade time will be changed by Greg to our standard 8 hour window on the 16th of March. Michael recommended removing the "router bgp 59" stanza and copy it back in when the code upgrade is completed. This is to prevent bgp flapping and dampening by our peers/providers.
03MAR14: We discussed the following for a radial migration strategy:
- Cutover service by service or everything for a building all at once? No decision made.
- Consensus to use 3850's as radial/access switch for buildings that have 4 or less equipment closets ( 1 MDF and 3 IDF's).
- Consensus is to have 2 PoE 48 port 3650's per access switch stack if we go with the 3650's.
- We need to draw up diagrams to help with decisions/discussions for how to implement the cutover. Scott has a diagram that we did not have time to go over.
- Mark Karls and Scott let us know that the camera network is targeted to be completed by October 2014.
10MAR14: We went over the Visio diagram that Jeff Robertson created using the 3850's as the radial feeding 3650 access switches. Consensus is to proceed with testing this design in the Techlab. We will be doing a code upgrade this Sunday morning for the CSSC ASR 9922. We will perform the upgrade from CSSC room b106. We need to test removal of "router bgp 59" stanza for disabling bgp prior to the code upgrade.
17MAR14: We discussed introducing a Cisco Nexus 7k as a third router for a third HSRP configuration to mitigate future configuration mistakes (e.g. adding a new vlan and forgetting to have add in the command). Consensus is to pre-trunk vlans instead of adding a third router. We went over Patrick's charter. Patrick put some of the high level items on the whiteboard for the Next Gen Network rollout. Patrick took a picture of what was on the whiteboard. Patrick will setup meetings for cutting over the research departments with the individuals that will be doing the work.
24MAR14: Patrick Hare met with most of us last week to come up with timelines for cutting over the 7 research departments. We went over the timelines for the research cutovers, special networks, radial departments and CWDM. Dennis let us know that the grant requirement is to have the 7 research departments cutover by September, but he would like them done a bit sooner.
31MAR14: Consensus is to install the extra Cisco firewalls in the Techlab on the Cisco Nexus 7k sn-cssc-b380-1-node-pri31s and sn-432nm-b3a-2-node-act31s. This will help with migrating to the new firewalls and reduce hairpinning of traffic. Greg is working on this and expects to be done in a week or week and a half. The special network meeting occurred and diagrams are being worked on. We discussed and agreed on the mtu sizes for the 9k's, 7k's, radial and edge network devices. Patrick Hare got updates from the engineers on moving forward with the 7 research departments.
07APR14: Patrick asked us for updates on the research department cutover projects. Patrick will work with John on the milestone tracker and bring back to the group for discussion. Consensus is to cutover CSSC building to the new network using 4500X radials as the first building to be cutover using our new process. Enterprise NAT is needed. Outside vlans are not going to be trunked to the access switches in the new design. Communication needs to be sent out using mail by device. Greg will work on the verbage and bring back to the group prior to sending out to local LAN admins. The ASR 9k interface template was worked on by Jeff Robertson and Mark Karls. It is ready to be made into an interface builder tool.
14APR14: Patrick asked us for updates on the research department cutover projects. Patrick went over the milestone tracker NextGen - Research Migrations and NextGen Radial Migrations projects with us. Mark Tinberg did some testing in the lab on the Enterprise NAT configuration for moving the Enterprise NAT service to the ASR 9k's. Greg configured the new OSPF management transit networks (vlans 2405 and 2406). Greg completed the configuration for this in the core (CSSC, 432 N.M. and Animal Science) and for most of the radials in the CSSC area.
28APR14: Patrick asked us for updates on the research department cutover projects. Patrick let us know that all of the research departments have been added to the Milestone Tracker and for us to please update as we progress. Patrick asked Mark Tinberg for an update on the Enterprise NAT. Janet is working on the ASR interface builder. Greg finished the verbage for not trunking the outside vlans in the new design. MACsec has been added to the 4500X template. Consensus is to add dual active detection to the 4500X template. Consensus is to use the following standard port mappings:
- ```
Te1/1/1   VSL 1
Te1/1/2   VSL 2
Te1/1/3   Uplink
Te1/1/4   TR 1
Te1/1/5   TR 2
Te1/1/6   TR 3
Te1/1/7   TR 4
Te1/1/8   TR 5
Te1/1/9   TR 6
Te1/1/10  TR 7
Te1/1/11  TR 8
Te1/1/12  TR 9
Te1/1/13  Uplink - reserved
Te1/1/14  Dual-active detection
Te1/1/15  VSL 3
Te1/1/16  VSL 4


Te2/1/1   VSL 1
Te2/1/2   VSL 2
Te2/1/3   Uplink
Te2/1/4   TR 1
Te2/1/5   TR 2
Te2/1/6   TR 3
Te2/1/7   TR 4
Te2/1/8   TR 5
Te2/1/9   TR 6
Te2/1/10  TR 7
Te2/1/11  TR 8
Te2/1/12  TR 9
Te2/1/13  Uplink - reserved
Te2/1/14  Dual-active detection
Te2/1/15  VSL 3
Te2/1/16  VSL 4
```
- NOTE: BAN ASAs will have to be connected to the s-bldg-mdf-2-access stack due to lack of 100 Mbps support on the 4500x.
- Scott has created Visio masters in the DoIT-Base-Stencil stencil located in the NS_Shared_Docs/Networks/Radials/0000_EXAMPLE folder.
05MAY14: Patrick asked us for updates on the research department cutover projects. Mark Tinberg discussed the Enterprise NAT migration plan, moving the policy route from the -9 and -10 to the ASR 9K's. Dennis will review Greg's verbiage.
12MAY14: Patrick asked us for updates on the research department cutover projects. Dennis will send out the notification to the authorized agents about not trunking the outside vlans. Greg let us know that there is a bug when using MACsec and udld so we have to remove udld until it is fixed.
19MAY14: Patrick asked us for updates on the research department cutover projects. Janet has finished the ASR 9k migrator tool. Janet will be working on the ASR 9k and Nexus 7k interface builder this week or next week. Greg let us know that he will be changing the totally stub area to NSSA to allow redistribution of RIP into OSPF this Thursday for vlans 2405 and 2406.
16JUN14: We discussed which version of 4500X code to run in production. Mark Karls and Bill will test in the Techlab to see if the most current Cisco code fixes the NTP acl problem. Mark Tinberg discussed the enterprise NAT design with us. The UW Hospital does not honor our 10 space routes so we will be creating an acl to direct RFC 1918 IP space traffic destined for the hospital through our NAT to get public space to get to hospital resources.
30JUN14: Patrick went over the JIRA list of projects with all of us and we set a 2 week goal to get specific projects worked on.
14JUL14: We discussed David's packet capture plan for the Nexus 7k's aggregating back to a 4500X which will connect to m-csscplat-b380-13-mgmt. David has fiber connection requests into Field Services to connect the 7k's to the 4500X. Mark Tinberg will get a 10 Gig port on m-csscplat-b380-13-mgmt. Consensus is to proceed with using the 4500X and change it out later if necessary. David let us know that he has asked Tom Glennon to weigh in on the best way to get packet captures for vPC, maybe using ERSPAN. We discussed configuring MGO for HSRP on our ASR 9k's and consensus is to proceed. Greg has tested in the Techlab and the next step is to configure MGO for our Network Services engineering network. Patrick asked us how well the sprints were working for our first two week trial. Patrick asked us what could be improved and we listed items to work on for our next 2 week sprint.
28JUL14: Should we split s-cssc-b380-15-mgmt into two locations (Animal Science and CSSC )? Consensus is no, leave it as is. Janet will send out a draft of the vlan rules that we discussed and we will discuss the draft at the next meeting.
04AUG14: We discussed our current use of vlan 2405 and possible modifications. Consensus is to go with using "VLAN per -radial, per -core Router" design which will be added to the detailed backbone diagram on peleus in \NS_Shared_Docs\Projects\Next Gen Network directory as a new tab called "Radial Transit".
11AUG14: We are moving ahead with adding more interfaces from the 7k's to the 9k's to allow for more cutovers at CSSC. Greg let us know that Jordan is working on running the connections from the 7k's to the 9k's this week. Greg was not able to re-create the HSRP limit exceeded error in the Techlab, we might have to use the BreakingPoint to generate enough traffic to cause the error. We went over diagrams to consolidate them into one reference backbone diagram and called it 2013-14_Backbone-9k_7k. Consensus is to move the backbone diagrams for the new network to \NS_Shared_Docs\Networks\Next_Gen_Backbone directory. We added MGMT P2P and Service P2P tabs to 2013-14_Backbone-9k_7k diagram to show how we are going to do management connections. We also moved the new radial building diagram template with the 3850's, 3650's and 4500X's to NS_Shared_Docs\Networks\Radials\0000_EXAMPLE directory. We discussed using sup 2T's in the 6500's to move routing to the 6500's versus the ASR 9k's. Most of us would like to do this. Dennis would prefer not to purchase sup 2T's due to the annual support cost for the 6500's, which is $120,000 for all of them and the cost of the sup 2T's. Dennis has directed us to continue with routing on the ASR 9k's. Consensus is to use radius for the console access to our devices.
18AUG14: David has a list of items to go over next week when Greg gets back. Mark Karls let us know that Cisco TAC engineer needs to do some testing on the ASR 9k for the OSPF problem. Mark Karls will get more specifics from the Cisco TAC engineer and schedule a time to do the testing.
25AUG14: Consensus is to remove acl "G-T-ProtectBldgMgmtNetworksIPv4" and "G-T-ProtectBldgMgmtNetworksIPv6" from the existing management transit vlans. Consensus is to not use these two acls for future management vlans. Cisco TAC says our recent (and ongoing) OSPF problems are due to a bug. We can upgrade to 5.1.0 or higher or install a SMU. Consensus is to wait for the 5.1.0 or higher versus installing the SMU. This is also supposed to fix our HSRP limitations. Consensus is to remove MACSec from the radial and Nexus 7k since it breaks cdp (which in turn breaks FIDO and other tools) and udld. Consensus it to finalize our switch templates/GUI tools and then audit our equipment. Consensus is to use /31 subnets for p2p overlay networks. Consensus is to use the first address from the subnet to the core router and the second to the radial. Consensus is to use globally scoped vlans for p2p's. Consensus is to have the keep alive and peer links on the 7k pairs take diverse fiber paths to help protect against fiber cuts/failures. Consensus is to use areas 11, 12 and 13 for loopbacks versus area 0. Consensus is to test in the Techlab split brain scenarios to see if spanning tree costs applied to physical interfaces work. Consensus is to not use IPv6. Consensus is to configure OSPF costs for p2p links.
08SEP14: Ran out of time.
15SEP14: We discussed pre-turnking vlan ranges 2-899 and 1100-3899 northbound from the 7k's to the ASR 9k's, the 7k peer links and from the radial to the 6500's. Consensus is yes do this. We agreed to pre-trunk vlan ranges 2-899 and 1100-4093 between the radial and the access switches. Scott will update the vlan reuse document. Consensus is to load 6.2.8a on the Nexus 7k's. We went over Janet's vlan reuse draft. Janet took notes and will update the document (e.g. how to process service vlans).
22SEP14: point-2-point/transit/mgmt (/31s & /32s)will be using the existing pools and service transits would be out of the new point-2-multipoint pool. David will document this. Should each department have its own vrf on the 9k'? Consensus is to do this only as needed (e.g. kiosk, BAN, PCI...). Consensus is to use vlan translation (7k's) to get a common vlan number in all radial buildings (e.g. 4071). This would eliminate vrfs at the radial and that would be a huge software cost savings for the radials. We could use the translation command to get the information to keep track of the translations and put this into WiscNic.
29SEP14: Mark Karls sent out an email detailing the restrictions of doing vlan translations on the Cisco 6500's. Due to the short coming of having to set the vlan translation per port group versus more granular settings we are not going to use the Cisco 6500's for vlan translations. Consensus is to dual home radials to the 7k's for radial cutovers. We discussed creating a vlan translation record in WiscNic similar to what we do with the firewall context records. Janet asked someone to write up the format, what we are proposing and why. Jeff Robertson volunteered to do the write up.
06OCT14: We discussed Janet's vlan reuse document and there is a desire to work on it too make it more concise. Scott volunteered to update the document and send it out to us prior to next week Monday so we can go over it next Monday.
13OCT14: Greg has loaded the new code on the ASA's and will reload the -1 and -2 tomorrow. Scott will reload the dev/test pair on Sunday. We will decide when to do the rest next week. Mark Karls volunteered to do the Nexus 7k code upgrade in our next code upgrade window. We have a limit of 200 routes when running ipbase at the radials so we need to figure out our plan for routing at the radials. We discussed having 20-40 radials per supernode area or having a separate area per building. We discussed how we keep the ASR XR code up to date with patches (there is a Cisco java tool called ACT (ASR9000 Craft Tool) that can be downloaded to check what patches are recommended). We decided that the interval to check is 2 months prior to our scheduled code upgrade windows. Janet and Scott will meet tomorrow with the goal of having the vlan reuse document done and sent out by the end of the day.
20OCT14: We discussed Janet's vlan reuse document. John and Scott gave feedback. Charles is reviewing the document. Consensus is to wait one more week and then activate the KB. We can make changes as needed after the activation. We discussed reloading the ASA's to go to new code. We will wait a couple of days and do the next batch. Greg will do the next batch this Thursday and Friday . Dave Delveaux is not responding to the messages the Greg has sent about making the change to this building. The rest of the ASA's will be scheduled to be done after this building if there are no problems. Janet has tested the OSPF radial area design for default only going to the radial. She verified that multiple independent areas work as expected. The scaling needs to be tested/verified. Greg brought up that we could use the Nexus 7k to test the scaling; this would also test the scaling on the Nexus 7k. Mark Karls volunteered to work on this. We discussed the 3650 deployment scenarios. Mark Karls and Jeff Robertson have a matrix of common deployment scenarios. We will be using 3650’s with ipbase for the radials with 4 or less wiring closets in the building. Jeff Robertson will come up with a spreadsheet and diagrams to go over next week. We discussed the code upgrades for Nexus 7010’s. Bill is creating CR’s for them in January. The Animal Nexus 7k pair will be done first.
27OCT14: We reviewed Janet's scoped vlan reuse document. Charles had some comments for clarification. Janet is going to start coding based on this document. We need better documentation on our processes to help with coding going forward. KB 44141 will be the authoritative document. Creating a matrix to help with determining the scope of vlans would be very useful. Consensus is to take the vlan range KB 3631 and add this information to the new KB 44141; putting the information at the top of KB 44141 for ease of finding the vlan ranges. Consensus it to create a reservation record to resolve the confusion of global versus service vlans. There will be a reservation table in WiscNIC. Consensus is to define two new ranges; one for services and one for intrabuilding vlans. Consensus is now that we have agreed on the rules, we need to do WiscNIC clean up. Janet and Mark Karls will come back with a proposal for the clean up and the matrix. We discussed the 3650 deployment scenarios. We went over the template design diagrams that Jeff Robertson created for the 3650 deployment scenarios. Diagrams are on peleus in the \NS_Shared_Docs\Networks\Radials\0000_EXAMPLE folder. Consensus is to use the 3850 switches that we have as radials until we are out of them. Jeff Robertson will follow up on the hot and cold sparing for the 3650's. Consensus is to proceed with the the 3650 designs as depicted in the diagrams.
03NOV14: Mark Karls updated the vlan allocation KB 3631 with Jeff Robertson. Jeff Robertson and Mark Karls met with Logan to work on the point to point vlans to scope them. There are approximately 300 more point to points that need to be scoped. The scoped vlan reuse document is not active. Mark Karls will update the vlan reuse pdf with the changes from KB 3631. Consensus is yes to upgrade to 8.2 for the ASA's. Scott has a script to do the upgrade. Scott will verify that it works and if not he will engage OpEng to help as needed to do the upgrade. Dennis had asked that we run the OSPF nssa plan passed Ray Blair (a Cisco ASR expert). Mark Karls will ask Ray “What is the maximum number of areas that the ASR can run?”
10NOV14: Janet activated vlan reuse KB 44141. Everyone should review KB 44141. Janet will update the vlan allocation tool with the information from KB 44141. Mark Karls will follow up with Janet to get the newest information from KB 3631 into KB 44141. We discussed HSRP multiple group optimization versus having HSRP on a per network basis. Bill has been working on this in the Techlab. Consensus is we want to have fail over of 10 seconds like it has been for the past many years. Consensus is not to change anything until we have gotten information from the Cisco expert (Ray Blair) to help with this decision. Dennis let us know that after the OSPF questions are answered the policer/HSRP questions will be asked if there is time. Mark Karls and Jeff Robertson are going through the point to point list to free up more vlans for use. Dennis lead a discussion for budgetting of capital items for the next 5 years. The FTE fee is 3.6 million per year for the cns group. We looked at dependencies, wireless, core, radial, edge upgrades, DDN, load balancers and firewalls for capital purchases over a 5 year period. Housing is not included in the 3.6 million that is a separate source of revenue. The items were listed on the whiteboard and a photo was taken by Dennis. Consensus is to have one hot spare and one cold spare for: WS-C3650-48PQ-S, WS-C3650-48PD-S, WS-C3650-24PD-S, WS-C3650-48TS-S and WS-C3650-24TS-S. Dennis will request the 3650's be added to CBS by Randy/Jason. David will add the 3650's to the hot and cold sparing KB 4315.
17NOV14: Dennis is working on getting a meeting setup with Ray Blair and Tom Glennon to go over OSPF area limits (the BU is supposed to give them the response). Janet let us know she needs to activate KB 44141 and update it with the information from Mark Karls.
24NOV14: We discussed a naming convention addition for ddn equipment: example sn-ddncsscplat-b380e10-1-access. This is needed to help differentiate equipment purposes so that we can keep it straight when converting departments over. Consensus is yes to proceed and to treat b380e10 as a room, so we would increment numbers in the rack column. Instance numbers will be unique to the rack column. This means there will be serveral -1-access switches in b380 since the uniqueness is in the rack column. Examples sn-ddncsscplat-b380e10-1-access and sn-ddncsscplat-b380hh10-1-access are legitimate numbering. The rack location is only being used in large rooms like the datacenter. We discussed using a database in the future to do the lookup for rack column location. Terry let us know that currently there is a backup of the WiscIT CMDB on one of the NOC PC’s, so that if there is a network failure and we can not get to the cloud Cherwell source we can still do the lookup.
- USB drives for 7k's. Consensus is to make sure they stay in the 7k's in the log flash port. Format the usb drives. Need to make sure they are in log flash port. Will let us know that he is working with Jim Shaft to move the ones at 432 to the log flash port. Consensus is we need an auditing tool too make sure the usb drives are in the correct port and formatted. Janet will add this to the daily cms report and put it on the Network Services LAN Team Programmer ToDo List.
- Ordering Transition Networks serial extender parts: Consensus is to get 1 fully populated chassis and 1 Cisco 2901 per supernode and reserve space for future expansion.
- Consensus for ordering cwdm equipment is: 2 chassis per supernode with fully populated MUX modules. Ordering takes 4-6 weeks. Spare on all of the colors being ordered, totally populate 3 colors to start with 66% 1 Gig and 33% 10 Gig. 2 spares per color. Using the first two colors for 1 Gig (1471 and 1491) and the last color for 10 Gig (1611). This will allow us to grow from both ends towards the middle.
- State of Wisconsin looking to borrow some spare 7k cards for 3 weeks per Greg. We have 1 gig boards in our 7k’s that we probably will not need now. Consensus is yes on the 1 gig cards.
01DEC14: We discussed which code version to load on the Nexus 7k’s. The 6.2.8b version has been tested in the Techlab, the 6.2.10 version has not been tested. Consensus is to go ahead with 6.2.8b.
- We discussed extending routing down to the 7k’s vs ASR 9k’s. One of the questions is if the number of OSPF areas is supportable and best practices to do this on the 9k’s? Tom Glennon said yes, it would work but is this widely supported and deployed. We discussed doing something that looks closer to other deployments vs being a corner case. We discussed doing an area per building due to limitation on code running on the radials. We discussed building a separate vDC for routing on the 7k’s. We discussed minimizing the number of routes getting to the radial/access level. We discussed using mpls with the radial being the CE and 7k’s being the PE. How many customer networks per radial? What is the limit? Greg let us know that there are 663 firewalled networks on campus on our firewall service. The current plan is to migrate Cisco firewalls to the Nexus 7k’s. We were considering moving firewalling to the ASR 9k’s. We need to address arp, mac address and multicast limits. We discussed using a service box for cross campus layer 2 separate from the dedicated wireless Nexus 6k’s. Tom Glennon let us know that he will go back to the Nexus BU and follow up on our questions about gotcha’s/limitations. Tom took notes on what to follow up with. We will continue this discussion on Wednesday, Dennis will get a room reserved for this. We discussed using FEXes connected to the M2 cards for 1 Gig connections to the radials.
08DEC14: We discussed going to a newer version of code for the Nexus 5500’s that has the default interface command (all of the 6.x and 7.x code releases). Consensus is yes to go to a newer version of Nexus 5500 code. Remember to not change code on equipment in b240. David will work on figuring out which version to go to. Bill will work on the 4500X’s code testing in the Techlab.
- Dennis let us know that Kevin Schmidtke invited him Friday to attend a meeting to discuss monitoring services. Not all network performance events are detected by FIDO. Jim Winkle has created some latency and ping tests that did detect the service issue when we had the ASIC issue with the Cisco 6500’s. There is a desire to figure out how to incorporate Jim’s tests into FIDO. Possibly using Solar Winds to monitor applications will also be discussed. End user experience monitoring is also desirable.
22DEC14: We discussed what SMU’s to load on the ASR 9k’s. We discussed if service pack 1 is needed? This was sent to Tom Glennon for his opinion. Consensus is no for service pack 1 since we will not have time to test this in the Techlab for our upcoming window. Consensus is to go to service pack 1 for the spring window. Bill has tested 3 SMU’s (ssh, lldp and dhcp) in the Techlab. Bill will investigate the fan SMU. We will be installing the regular upgrade and the 3 hitless SMU’s mentioned above on 04JAN15.
- WiscNic global vlan cleanup is needed for 220 global vlans that are also area scoped. This will be added as a JIRA item. Logan is working on the tool for auditing this.
- We went over the Techlab layout depicted on the whiteboard in Mark Tinberg’s cube. What code base to use for radials (LAN versus ipbase) will be determined by testing in the Techlab.
29DEC14: Consensus is to take vlans for wirelesss and AP jumbo supported management out of the current wireless range 3500-3899 using 3500-3699. We discussed the Techlab QA environment. We discussed having a separate firewall for wireless only. Consensus it to put dorms off of one supernode pair, Animal Science probably.
05JAN15: The code upgrades were completed. We have not heard back from Cisco regarding the questions we had for limitations from our last discussion and we will move forward with the Techlab design as though there are no limitation problems. The Techlab will be configured to be what we have in production to help us with migrating to the new backbone design. Consensus is to put new networks on CSSC ASR 9922 bundle 2 as needed until we go to the new design. Bill let us know that he tested configuring 500 networks on the ASR bundle in the Techlab with the new ASR code. Dennis let us know that he will follow up with Tom Glennon to get our questions answered. Consensus is to route management networks on the Nexus 7k’s. Tom Glennon is working on bringing in Ron Fuller (Cisco Nexus 7k expert) to come in and work with us on migration strategies.
12JAN15: Tom Glennon replied via email on the vPC orphan port question:
- “Scott, Dennis and Team,
  
  Sorry for the delay in getting back to you on this question. I’ve been out with the stomach flu most of this week. We are still working to get a Nexus 7k engineer for an on-site visit( waiting for the TME manager to provide us with a replacement resource for Ron Fuller). Also, I have another engineer mocking up the scenario or having an L2 orphan port on the same physical trunk as other L3 interfaces. So far it looks like it should be supported but we would like take a few more days to confirm this configuration. Again, sorry for the delay in getting a definitive answer on this question.
  
  Thanks,
  
  Tom Glennon”
- David and John have the 9k configurations in the Techlab almost ready. Mark Karls and Jeff Robertson are almost done with the 7k configurations in the Techlab.
26JAN15: We are continuing to work on Techlab setup. The 7k’s are ready. Consensus is to use vDC’s 3 & 4 for the current existing backbone configurations and vDC’s 5 & 6 for the future “routed” versions. We expect to be done with the Techlab configurations by the end of this week.
02FEB15: The inventory team wanted to know when the 9500’s need to be brought back to B221. Scott will order them through the equipment request tool when they are needed. The timeframe is probably this summer when the power in the Techlab is ready. The ASR links are up, basic infrastructure is there. The customer LANs have not been added. Mark Tinberg is working on the BGP. We need to add global and vrf service networks routed on the ASR using the new tool that Scott created. The customer networks on the Nexus 7k’s need to be configured.
09FEB15: Continuing to work on Techlab setup.
16FEB15: Continuing to work on Techlab setup.
23FEB15: Continuing to work on Techlab setup.
02MAR15: Continuing to work on Techlab setup. Terry let us know that we will get 4 racks from the E and G rows in the CSSC datacenter to use for marking the holes in the floor tiles for B217. Scott let us know that Janet fixed the ASA configurator.
09MAR15: Continuing to work on Techlab setup.
16MAR15: Continuing to work on Techlab setup.
23MAR15: Continuing to work on Techlab setup. Model cross campus network in Techlab bridging on ASR. Use existing physical connections but only to the primary ASR. Scott let us know that the M2 boards in the 7k’s have to be forced into the port channel before configuring the port or the vlan translation will not work. The F2 and M1 boards do not have this issue. There will be an error message when forcing and the configuration tool has the correct order and commands to make this work. Bridging between the old and the new network is to go north from the -9 to the ASR.
06APR15: Continuing to work on Techlab setup. Scott is going to focus on the Nexus setup so that Janet can code against it. We discussed monitoring the fan speed for the ASR 9922 so we will know when the filters need to be cleaned or if there is an HVAC problem. The FIDO alert should state something like rpm has increased check HVAC or dirty filter. The FIDO alert should be displayed for anything other than normal (e.g. warning and critical).
13APR15: Continuing to work on Techlab setup.
20APR15: Continuing to work on Techlab setup.
27APR15: Continuing to work on Techlab setup.
04MAY15: Continuing to work on Techlab setup. Dennis let us know that Tom Glennon is setting up a Cisco roadmap for the week of June 8th or the 15th via telepresence. Dennis will ask to get the slide deck from Cisco so that we can prepare questions for the upcoming roadmap. We discussed using the 9300’s versus the 4500X’s for radial switches. We discussed asking if there is a new 3850 10Gig aggregator switch coming.
18MAY15: Continuing to work on Techlab setup.
01JUN15: Continuing to work on Techlab setup.
08JUN15: Continuing to work on Techlab setup.
15JUN15: Greg asked Mark Tinberg to connect the ESX server off of the FEX and onto the Nexus s-cssclabqa-b217-4-access on the 15/16 pair. Continuing to work on Techlab setup.
22JUN15: Continuing to work on Techlab setup.
06JUL15: Jeff Robertson let us know that the Nexus 7k’s have been converted to allow routing on the 7k’s as we had previously discussed. Tool changes are needed to accommodate the conversion. Continuing to work on Techlab setup.
13JUL15: Continuing to work on Techlab setup. Jeff let us know we will be renaming the Nexus core devices from sn- to rn-. The Cisco Nexus interface builder is in the drop down list at https://www.net.wisc.edu/cgi-bin/NextGenNetBuilder.cgi
- The PCI builder is on hold because we need input from Mark Karls. The radial builder tool needs to link to Scott’s NextGenNetBuilder tool to get the Nexus interface configuration. Use the NextGenNetBuilder without the firewall option to build point to points. Configuring the transit using the Next Gen builder from the BAN cgi tool. BAS (vlan 4072) is one network behind the ASA, note that this is not the transit for the ASA. BAS will eventually become a vrf. The ASA5585’s have been moved to the Nexus 7k’s per Greg, so CoE can have their context moved there.
20JUL15: We discussed cutting customer networks over, doing the management networks last (this will be added to the Milestone list) and dual homing the radials. We discussed using a new ASA5505 with the new management style and taking the existing one to use in the next building. Scott let us know that we are ordering 50 micron OM4 jumpers. Randy and Jason need Dennis to ask for min/max levels so that we have these in stock. Dennis will work with Gary Northey to determine the different lengths for the min/max levels. We discussed reason and remarks fields in WiscNic. Consensus is to keep both. The reason field is used to state why the record is being created/deleted. The remarks field is used for special notes. We discussed 1 and 10 Gig WDM optics for cutting customer networks over to the Cisco Nexus 7k’s. Consensus is to use 1 Gig for existing radials and the 10 Gig optics for new radials. Consensus is to put this in the Milestone Tracker too make sure we track what has been done. Scott will go over the current list in the Milestone Tracker project NextGen Radial Migration and send it out when done to go over next week with the projector.
27JUL15: We went over the milestones in the Milestone Tracker for the NextGen Radial Migrations that Scott created. Scott asked that we send him an email to update the milestones as we work through this process. The first buildings to work on are the ones that are dual connected (e.g. the milestone campus video security ones).
10AUG15: Neil is going to be sending a list of building to cutover that are off of the Animal supernode, to alleviate the congestion on the tie cable going between rooms 226 and 122a. The 3850 switch demo units are on Jeff Robertson’s office and are ready to go in the Techlab. Jeff has put the current version of code on them, set the switch number and priorities.
17AUG15: Continuing to work on Techlab setup. John forwarded the email that Neil sent with the list of buildings to cutover.
24AUG15: Tom Glennon asked when we would like to have him go over MPLS design options (sometime in September using the Wednesday meeting time that does not conflict with the JIRA sprints). What are our requirements/use cases? The use cases we came up with are: PCI, SA, BAN, camera network vrf’s trying to provide glue between the supernodes for vrf to vrf communication. Some vrf’s will talk to global routing. Departmental vrf’s to reduce number of firewalls to admin. Getting traffic to the Palo Alto which would allow/disallow communication between networks. MPLS would removes the necessity of having to plumb vlan/network pt to pt’s all over between the supernodes, this does not scale. The 3850 try and buy are racked in the Techlab and being worked on by Jeff Robertson and John.
31AUG15: Continuing to work on Techlab setup. Neil let John know that the priority for the Animal Science buildings is up to us. John setup a meeting with Tom Glennon to come in on 09SEP15 to go over MPLS designs. The 3850’s have been configured. John, Jeff and Logan went over the tool changes needed for the 3850-24XS radial builder.
14SEP15: We discussed going to version 6.2.12ES(special image) on the Nexus 7k’s so that we have the netbios support. This is also supported in 7.3 per Cisco TAC case SR 636265279. Consensus is yes to put the 7.3 early deployment code in the Techlab if we can get it. We went over design options of using the 6500’s and 3750 network equipment for the College of Engineering. We discussed using a new Cisco box to do the UDP traffic for the engineering like a 3750 with code to support configuring an SVI. This is an advantage if you have to back out due to something not working, it would be easier to use different boxes versus using the 6500’s so you don’t have to reconfigure the 6500’s. The ip helper address is not needed on the 7k’s for College of Engineering, since their license server is L2 connected. This needs to be tested in the Techlab to verify that it works. We discussed using a stack of two 3750’s for the College of Engineering. Netbios is used for the College of Engineering licensing servers. Dennis let us know that he is going to engage College of Engineering to go over current status. Consensus is to wait until we can get the 7.3 code off of CCO and not run the ED (early release) code in production. 6.2.14 code will fix the spanning tree problem so we might go to this over Winter break pending 7.3 code release date/timing.
- Scott let us know that 10 gig portal channels at 432nm and CSSC had traffic stop, rebuilding it corrects the problem. Creating the ports first then the port channel is the recommended order, but this still created the problem with the WEI configuration. Tom Glennon will be going over MPLS options this Wednesday.
- Mark Karls and Will let us know that PCI has urpf problem that causes dhcp to not work. We went over the milestone tracker project NextGen Radial Migrations and assigned people to buildings.
21SEP15: We had the MPLS discussion and we have another meeting scheduled for 30SEP15 to go into more detail. We had a power problem in the Techlab on 19SEP15 that blew all of the motors in all of the HVAC units. It is estimated that the new motors will be replaced by the end of the week 25SEP15. Scott turned on jumbo frames for Mem Union to test that it works for the wireless AP’s and UPS’s that are on our management vlan.
28SEP15: Ran out of time.
05OCT15: The next MPLS meeting is this Wednesday. Jeff Robertson let us know that the s-csscplat-b380-20-mgmt died this weekend and should be replaced. Scott let us know we could move the connections to the DDN equipment. Mark Karls volunteered to replace the 3750 (s-csscplat-b380-20-mgmt) old switch to one of our new models or DDN access switch this needs to be investigated. Mark Karls will work with Bill on the replacement. When we go to Lync we will no longer have LAN lines so the modems in the terminal servers won’t work. Peleus does not have a modem. Jeff Robertson let us know that there are some 3650’s that have stackwise port failures. Two of the ports are showing down. K5X3 at CSC is where the switch stack is located. Scott created a script to determine what has been cutover to the new backbone.
12OCT15: The Techlab is almost ready to come back up. Filters need to be installed on the HVAC exhaust to catch the loose burnt carbon debris for 6 months.
19OCT15: We discussed going to 6.2.14 for Nexus 7k code since the 7.3 code won’t be ready. The 7.3 code ES (engineering special release) will be ready the second week of November and the general release will be ready no later than the second week of February 2016 per Cisco. The 6.2.14 code fixes the spanning tree and vlan translation problems (maybe). Consensus is to put this in the Techlab and shoot for Winterbreak to upgrade code. Should we move CoE to the firewalls on the new backbone? Consensus is yes. Bill let us know that the code on the wireless controllers needs to be upgraded. Mark Karls volunteered to work on the 6.2.14 code upgrade. Bill will be installing the ASR SMU to fix the OSPF v3 mismatch in the Techlab.
02NOV15: We provide services that are not datacenter dependent. We pulled out wireless, should we have separate connections to the ASR 9k’s for these central campus services? Should we use a 9300/9500 pair of devices for this? There is a hierarchy of services, (e.g. DNS, DHCP, network, …). Greg was separating out the firewalls for peleus for resiliency and there was no network equipment available to make a connection. Most services depend on login.doit.wisc.edu which is in the datacenter. DNS and DHCP do not need login.doit.wisc.edu. Consensus is to get 9300 switches for Animal Sciences this will replace the FEXes and move the routing from the Nexus 7010’s to the 9300’s. Scott added this as a JIRA task. Consensus is to add a new Network Services management network to DDN for managing our equipment using a new vlan and use the existing subnet from vlan 1102 in the datacenter.
- We discussed trunking our vlan in the Techlab to test the new Nexus 7010 code. We could dual connect our network in the Techlab to make it easy to flip back and forth. We could do HSRP on 4 routers instead of 2. The lab Nexus 7k’s would route our traffic when we go into test mode. We could also change the weight on the ASR 9k’s so it prefers the Techlab Nexus 7k’s during the testing. There is a risk of layer 2 loops. Can a loop in one vdc impact another vdc? Can we setup vm’s in the Techlab for testing instead of using our network? This would be beta testing in addition to proof of concept testing. There will have to be a freeze on Techlab activities when doing the beta testing. Would this replace deploying on one third of campus? We will think about this more and we will have to discuss this with everyone on the 144.92.67.0/24 network (e.g. WAN team, Field Services, Programmers…).
09NOV15: Tom Glennon has an engineering special code that fixes the vlan translation bug that should be available the week of Thanksgiving. Consensus is to test the special release code in the Techlab when we get the code. We discussed having a documented test plan.
16NOV15: Jeff Robertson and John put 6.2.14.1E on the Nexus 7k primary in the Techlab. Greg put 6.2.14.1E on the secondary Nexus 7k. What are we going to do for the “no mdix auto” command that causes older devices (e.g. UPS, printers, BAN, card swipe machines …) to not connect? The current work around is to use the “mdix auto” command along with the speed and duplex being auto. Scott let us know that he had a 3650 48 port switch where the first 24 ports were not working and a reboot corrected the problem. The 3750X switch at SWAP had “no mdix auto” configured on a port with a UPS connected. The UPS did not connect when moved to a 3650 with “no mdix auto” until the setting was changed using “mdix auto”. The command to verify mdix only shows half of the output from the command on the 3650. Consensus is to have Tom Glennon work on this. John will work with Tom and copy Dennis. Consensus is to have this toggle in edgeconf for lan admins. Cisco recommends that speed and duplex be set to auto when enabling mdix auto. Spanning tree root and vlan translation are supposed to be fix in 6.2.14.1E. Consensus is to put 6.2.14.1E on sn-cssc-b380-1-node-pri31s the second week of December and pushed out to all of campus in the January window. The test for the vlan translation will be to reboot/reset the module that the vlan translation is configured on. The spanning tree root can be tested by logging onto a radial that is using a 10 gig interface going toward the 7k’s. The re-ordering of the stanzas (e.g. the description at the bottom of the stanza) is supposed to be fixed in 7.x code. Greg let us know that the logging on the Nexus box needs the baud rate setting increased since 9600 is not enough to get the output for interface changes. Consensus is to have logging monitor to be on as a standard configuration for the Nexus 7k’s. Mark Karls volunteered to remove the “no logging mon” on all devices.
23NOV15: Ran out of time.
30NOV15: Jeff Robertson and John tested the 6.2(14E1)code in the Techlab and it works for vlan translation and spanning tree root. The Nexus 7k cards were reloaded, removed and the 7k chassis was rebooted. The re-ordering of the description line in the interface stanza did not get fixed in the 6.2(14E1) code. We discussed 40 Gig options for ASR 9k’s and Nexus 7k’s. We have an empty slot 9 and F2 cards in slot 10 in our Nexus 7k’s. We could trade in M1 and F2 cards to get M3 or F3 cards for the Nexus 7k’s. How long will the chassis be supported? Tom Glennon was engaged to get information for us on the M3 cards. Is it worth going to the F3’s or should we wait on the M3’s? John will send Tom Glennon and email about having a matrix and release date for the M3 cards. We could use the Wednesday standing meeting time if Tom Glennon is ready with the matrix information . Scott is moving the platform firewalls to DDN core this coming Saturday. Jeff Robertson, Mark Karls, Will and John went over the hot and cold sparing KB to update what we should have for sparing. Seven models were removed. We will be using the extra stock ones that were never deployed in the Techlab for the new rows. The code upgrade for Cisco Nexus 7010’s will be done on the cssc pair by Mark Karls and Jeff Robertson. The rest will be done during the standing outage window on January 10th, 2016.
07DEC15: The code upgrades for winter break are for the wireless controllers in the pilot environment the rest of the Nexus 7k’s (e.g. the 432nm pair, animal pair and Chamberlain).
14DEC15: No change.
21DEC15: Tom Glennon will be here tomorrow to verify what we think works together cardwise/matrixwise. We need to know the M3 and F3 card capability matrix and software matrix. We discussed potentially using the F2E cards since they are 1/10 Gig and are in the chassis now. Consensus is to use up all of the 1 Gig connections on the M1 cards first and then decide what cards to buy when we get to that point. This will give Cisco more time to come up with better cards/software. We discussed the possibility of swapping out the M1’s for F3’s if we go that route. Consensus is to utilize all M1 (1Gig) and M2 (10 Gig) ports until we are exhausted and when we run out/get close to running out discuss this again (send this out to lan@lists.wisc.edu). Consensus is to avoid buying anything as much as possible. There was the question of will the Nexus 7.3.2 code work with M1 cards? We will ask Tom Glennon if the 3850’s are going to support 25/50 Gig in the future on their sleds.
04 JAN16: Tom Glennon had to go to the hospital for his back and did not get us the matrix. Scott let us know that we will not be moving the old load balancers since new ones have been purchased, the new ones will be put on the new network.
25JAN16: No change. Scott let us know that a pair of Palo Alto’s might be purchased in February 2016 for each supernode and one for the datacenter, this might be going to RFP.
01FEB16: Ran out of time.
08FEB16: Ran out of time.
15FEB16: Consensus is to use public IP space for the /29 for BAN due to breaking functionality when we used RFC1918 space. The milestone tracker was updated to reflect this change. In the future we will be using MPLS for everything except door controllers and we will not need the 5505’s. Should we buy new door controllers or new ASA 5505 replacements. We discussed creating a risk management and priorities list with suggested solutions. Scott created an EPIC called “Project needing Mgmt decisions” in JIRA for this list that Dennis can use at the Network Services manager meeting.
22FEB16: Where do we stand with the cross nodal vlans? Consensus is we are O.K. with creating some for a small amount of buildings.
29FEB16: Bill let us know that he has run into the mdix problem on the 3650’s again. The version of code in the Techlab corrects this. This new code also causes FIDO alerts which needs to be corrected. Consensus is to run the new code 3.7.(2)E in production. The code will be moved to the tftp directory so that the configuration tool will use it.
07MAR16: Should we ask Michael to add Nexus 7k’s to his automated script that has the primary and backup SVI’s added to DNS and FIDO? This is what was done for the 6500’s on the legacy network. DNS maker runs and creates entries that are put into DNS by OpEng. Consensus is yes this should be done. Add to milestone tracker under 6500 cleanup. Ask Michael if this can be done automatically versus having OpEng doing it. Tom Glennon called up last week and asked about getting together for MPLS. Talk to Dennis tomorrow about MPLS training at the scrum.
14MAR16: Ran out of time.
21MAR16: We discussed keeping uplink ports on radial switches (Gi1/0/12 and Gi2/0/12) when moving to the Nexus 7k’s. This can be done by configuring the next available ports on the radial with the current Gi1/0/12 and Gi2/0/12 configuration, then using Gi1/0/12 and Gi2/0/12 for the connection going to the Nexus 7k’s. This is resolved when we put in new gear. Consensus is to leave the uplinks on the new connections. We discussed not moving PCI off of the ASA’s. 1 and 10 Gig PCI has been done and is working except where macsec is configured. Consensus is to move PCI to the PCI vrf unless you are using macsec.
28MAR16: We discussed the various firewall proposals and plans that are being circulated. We (DoIT Security and NS) have not come up with a unified plan for firewalling yet. Consensus is to have Mark Karls reply to the email thread “Limited PA7080 deployment option” to list our concerns.
04APR16: Scott let us know that he modified NextGenNetBuilder tool to take into account not having a vlan and having a vlan already configured on an interface. We are looking at doing code upgrades for Nexus 9k’s, 3650’s, 3850’s, ASR at Animal Science, Nexus 6001’s and Aruba 7240’s. Mark Karls and Bill are working on testing 3.7.3 code for 3650’s and 3850’s. We discussed 10 and 40 gig card options for Cisco Nexus 7k. John created a JIRA item for Dennis to work with Cisco to get a card matrix to include roadmap options.
11APR16: Mark Karls will create a WiscIT change request for the June 8th window for code upgrades. Consensus is to go with 3.7.3 for code on 3650’s and 3850’s. Mark Karls and Scott let us know that there were datacenter latency issues last week due to links filling up. Scott has cut a case to Field Services to add more links between the old and the new datacenter equipment cores. Consensus is to have Dennis work with Mark Nessel/Nate to work on moving servers over to the DDN equipment in the datacenter. Scott created JIRA issue 1514 and assigned it to Dennis on 15FEB16. We will bring this up at tomorrow’s scrum and add a note it in JIRA to issue 1514. John will add Jeanne as a watcher.
18APR16: We discussed cleanup on the 6500’s when migrating buildings to the new backbone, we are missing some items. Grepping through cms for IP’s that are being removed was brought up as an aide to doing cleanup. The big items are FIDO alerts, SVI’s, defaulting and disabling physical interface. Scott added an additional 10 Gig link between the old and new datacenter core. Bob Plankers put in chat last Friday that he was having bottleneck issues, but did not give details and no trouble ticket was created.
25APR16: There are red words in bold on how to fill out the WDM spreadsheet. Consensus is to do Ag Hall node buildings next to decommission those 6500’s since there are only 6 connections left. Consensus is to not do mac sec unless absolutely needed since it is defective/buggy and none of the tools are doing mac sec. Greg is doing mac sec for the Hospital/Med School. Greg let us know that MSC and CSC have mac sec deployed. Greg let us know that the Hospital says mac sec is not needed, but Med School thinks it is needed. This is a HIPPA issue and the requirements need to be defined.
02MAY16: No change.
9MAY16: We discussed the DSBU 3.7.3 code upgrade in the Techlab for all 3650 and 3850 switches. This code is supposed to fix the incorrect Cisco yellow threshold snmp alarm bug (CSCui21897) which is currently on s-cssclabprod-5-access in FIDO. Consensus is to do all 3650 and 3850 switches. Mark Karls volunteered to upgrade the 3650/3850 switches in the Techlab. Mark Karls will discuss sending a notification to campus with Bernie, since we have not seen one and also go over the outages page since it only has some of what should be posted. Consensus is to upgrade the Nexus 9k’s at WARFPLAT, MFCOB or CSSCPLAT for burn it testing of new code. Terry is going to verify the connectivity of the servers on the Nexus 9k’s and will let us know what dates are available to do the code upgrade. The goal is to have this information by the end of this week sent to Scott. We discussed adding Gigamon ports at each supernode connecting to the inside ports on the new firewalls. We discussed Med School layer 3 design for new firewalls; they currently have 60 contexts. Each supernode would have its own firewall pair using vrf’s as needed. Greg let us know that Richard Kunert wants new switches for 1 Gig connectivity to end users.
16MAY16: We discussed how we can work with Al Kluender as a resource. Consensus is to have Al work on the outstanding Cisco code bugs, discuss with us options for 40/100 Gig connectivity, future direction for our core, MPLS and roadmaps on current and new Cisco equipment.
23MAY16: No change.
06JUN16: Scott is creating tickets on the problems that were encountered during the code upgrade this last weekend with the Nexus 9k’s. Greg let us know that 9 contexts with 8 BVI’s is needed for the Med School. He is going to create a case and send it to OpEng. Greg let us know that the datacenter folks would like a site to site VPN service. This service and ongoing maintenance should be funded by the datacenter since we do not have funding for this. We discussed what the priorities are after bug fixes: cms, WiscNic database, rewrite of all tools to a more supportable model, ask our customers what they need so that we can reduce the number of tools, documentation for how tools work and interrelate and flow diagrams. Mark Tinberg will try to come up with a canonical list of tools for next week.
13JUN16: We will be meeting with Al K. this Wednesday to discuss MPLS, Nexus 7010 card matrix, Nexus 7700 card matrix, what Nexus 7010 cards work in the Nexus 7700 chassis and other topics if there is time.
20JUN16: No change.
27JUN16: Scott let us know that lc- devices are being changed to l- instead of lc-, the virtualized devices will be lc- and lom (lights out management) will be a new role. The WDM MUX audit is done and the spreadsheets have been updated. Greg let us know that multicast is broken, the ACL does not work correctly on the 7010’s. It was pasted from 6500’s and it does not work, it blocks multicast. Greg is going to open a case with Cisco. Consensus is to only configure multicast where is it needed.
11JUL16: No change.
18JUL16: There are meetings with Palo Alto architects this week. Greg let us know that the Hospital connections have been moved from CSC 6500’s to the ASR 9k’s (CSSC and Animal). Scott let us know that going to 7.0.3 Nexus 7k code will fix the current vlan translation problem where the configuration does not get cleared off of the old interface when using default interface you have to use no “vlan translation” then default the interface. You also can not have the same translation on multiple ports on the Nexus 7k’s. John will add this to the Nexus 7k known problems and solutions KB.
25JUL16: We discussed the Palo Alto firewall vrf design/scaling. Palo Alto is here this week to go over design options. We discussed using Nexus 7700 chassis for routing since the Nexus 9500’s do not route. Cisco says this is a hardware limitation/bug on the Nexus 9500 and might be fixed with new 9500 cards in the future. This is not engineering committed.
01AUG16: We are getting two 7706 Nexus chassis for the datacenter with M3 cards (1/10 Gig and 40 Gig cards). We will use these for routing since the Nexus 9500’s do not route properly. Scott let us know that when moving IPv6 from the ASR 9k to the Nexus 7k the IPv6 did not work when the interface on the ASR 9K was shutdown. It started working when the IPv6 was removed from the shutdown interface on the ASR 9k. If a vlan spans multiple ports for a helper address then you need to put the local dhcp helper address in the configuration. This will probably be needed for the Engineering cutover. We discussed possible Palo Alto designs.
08AUG16: We discussed tracking vrf’s in WiscNic. Glue subnets, interfaces and vlans to vrf’s. The vrf’s need a name/description. A script that goes out and pulls the information from cms could be used. We do need a vrf naming convention, this will be discussed at a different meeting. We are waiting for a response from Palo Alto to Scott’s email on the various methods for deployment. We discussed putting the gateway for a department on the Palo Alto if it is not in a vrf.
15AUG16: Scott let us know that Palo Alto wants us to go active/passive and vwire. Commit time is 40-70 seconds with 100 vsys and rules in only 10 vsys creating 15,000 rules. Scott let us know that he and David tested failover and it was taking 30-40 seconds for most of the tests, a few were quicker and once it did not work at all. Scott and David are working to see if this can be tuned, possibly using BFD.
22AUG16: Scott is working on the Palo Alto in the Techlab on the active/passive L3 design.
29AUG16: Ran out of time.
12SEP16: Ran out of time.
19SEP16: The new code 3.7.4 for the Cisco 3650/3850 did not fix the output error bug. It did break ether channel for 8 of the 23 closets. The remote side shows in suspended state and does not say why. Consensus is to revert back since broken ether channel is a non-starter. Two cases should be opened, one for the output errors and one for 3.7.4 breaking ether channel (turns out this is bug CSCva22545). We could look at using Breaking Point in the Techlab for some end user experience testing. Mfcob is 3850 and 3650 it is all 10 Gig. The 10 Gig links to do not show output errors. The 1 Gig end user facing ports do show output errors. Greg let us know there is no singlemode fiber to the server room at Primate, but DDN is desired. Men will check to see if a singlemode cable/jumper can be pulled to the server room from the MDF. We discussed Panorama authentication using a Linux server versus a Windows server (Middleware login.wisc.edu). We discussed using separate/new Clearpass servers for authentication for the Palo Alto’s.
26SEP16: Greg let us know that the Hospital is willing to reserve/allocate 10.134.0.0/16 for Hospital and Campus use. Consensus is yes go ahead and do this. Greg let us know that Azure and Amazon Web Services will also need campus routable 10 space. Consensus is to reserve a /16 for cloud computing (e.g. Azure, Amazon Web Services…). Greg will reserve 10.131.0.0/16 and divide it into four portions.
03OCT16: Greg went over connection designs for HSLC server room. Consensus is to create HSLCPLAT and connect the HSLCPLAT equipment to the 4500X’s.
10OCT16: Ran out of time.
24OCT16: Ran out of time.
31OCT16: Will let us know that Infoblox testing is going to be done for DHCP the second week of December.
07NOV16: Mark Karls and Jeff Robertson let us know we are going to deploy a vrf for VOIP similar to the vrf for PCI. Bill let us know about FIDO alarms for physical links going down. The NOC is creating WiscIT cases as priority 2 and forwarding them over to Op Eng. The NOC is not following the SNCC KB 8547 procedures. Consensus is to bring this to the Network Ops Meeting.
14NOV16: None.
21NOV16: We discussed Netbeez. Greg got a quote for Netbeez 160 units plus console for $36,000. How secure is the Raspberry Pi? Focus is on datacenter first. Start with 40 units to see if this will work. Where would we put the vm? We discussed VOIP vrf options. Two new transits are needed.
05DEC16: No meeting.
28NOV16: Spent the whole meeting on Palo Alto training.
12DEC16: No change.
19DEC16: We spent the entire meeting on going over the exception list in /usr/local/ns/bin/e911/devs_no_fpm_room.
09JAN17: Dennis let us know we are going to get more 10 Gig M2 cards since we are running low on 10 Gig ports on the Nexus 7k’s. The WAN team is working on getting 100 Gig redundant connection to the internet. Dennis is going to have Al Kluender research to see if there is a better 100 Gig card for the ASR. This will be for the research networks.
23JAN17: We have to do a code upgrade on the ASR 9922 to use the new 100 Gig card and we have to get more fabric cards. We discussed changing to two factor authentication for network equipment. Created JIRA item CNETWORKS-1943 for the two factor authentication.
30JAN17: We discussed going to new code for the Nexus 7k due to the vlan translation bug (you have to follow a line by line removal process for moving vlan translation from one port channel to another or translation breaks). We will probably not do the code upgrade this Spring due to other projects and will most likely do the upgrade this summer. This Wednesday Al Kluender will be discussing the procedure for putting the new cards in the 9500’s. We should also discuss going to DC power at the same time. We agreed to continue the Nexus 7k code discussion at this Wednesday’s meeting. Bill let us know that we will be getting the two ASR 9922’s into parity when the new 100 Gig card is installed. We discussed code parity between the 7700’s and 7010’s, but did not make a decision. Campus video is operational and OpEng is taking over deployment.
06FEB17: Bill sent out a Cisco notice about Nexus 9k and ASA 5506 clocking hardware problem. These parts can be replaced for free if sent back to Cisco. We will be keeping both the old and new Nexus 9k in the Techlab for sparing. The Nexus 9k parts are on a pallet in the CSSC datacenter. We discussed the Nexus 7k code upgrade no one volunteered to work on it. 8.01 code will allow us to use the newer cards so we might wait until this code train is more stable and go to it versus going to 7.0 code.
13FEB17: Audit tool for subnet utilization for IPv4 to discover if the subnet is being used or if the subnet should be smaller. Generate a report for abandoned networks (e.g. only hrsp, firewall and gateway). Device attribute tracking in cms/configs (e.g. we need to know what power supply is in a switch, SDM template…). Is this already in the net database? A possible solution is to use get conf and put the information into cms using comments in the config. Auditing tool to reconcile WiscNIC and IPAM (e.g. DHCP was not configured properly for a subnet) also look at cms to reconcile WiscNIC.
20FEB17: Ran out of time.
27FEB17: Bill let us know that at Animal Science there is not enough fiber to move buildings off of the 6500’s due to the tie cable being full. All of these buildings are supposed to already be connected to the Nexus 7k’s, this should be verified.
06MAR17: Consensus is to plan to do a code upgrade for Nexus 7k version 8 or newer to support the M3 cards.
13MAR17: Ran out of time.
20MAR17: We discussed access switch spanning-tree settings. The builder tools are setting the spanning-tree priority for all switches to 16384 and the uplink ports to cost 10 and 200. We discussed what we actually want for these settings and, if we want changes, how to make that happen. Consensus is to have the first switch in set to 16384 and all other switches to be the default. Also we agreed that 20 and 40 facing the closets and 10 and 200 facing the core. Mark will see if he can make the changes.
27MAR17: The primary ASR and the wireless controller code will be done on the June maintenance window. A change record needs to be created. Bill and/or Jeff will open the change record.
03APR17: Need to reschedule the meeting with SE since Michael and Tim won’t be available for 10APR17. Dennis let us know that the equipment replacement request for the Clock Signal Component Failure OMC-186666 for Cisco Nexus 95XX was approved/validated by Cisco. There is no ETA on the replacement parts. Priority will be given to customers that have had the parts the longest. Dennis assigned John to create a WiscIT case to have Field Services physically install the 9508 and 9504 that are currently in the CSSC Datacenter. They will be installed in the Techlab in rack F3 (next to the existing 9508 and 9504). The tags for the 9508/9504 are 855 and 856 in the datacenter tracker. WiscIT incident 1518187 was created on 03APR17 and sent to Field Services.
17APR17: No change. Next week cancel meeting due to MPLS training.
01MAY17: VOIP QoS has been set on some switches so when replacing them be aware that the configuration has changed and this is not in our configuration tools. Greg let us know that he used 4500X’s to create GRE tunnels for Med School. The diagrams are in the CSSC radial folder. There are 8 sites in total. They are running a different version of code than the other 4500X’s.
08MAY17: We discussed moving campus core aggregation off of the ASR 9922’s onto a new platform since the ASR 9922’s are cost prohibitive. We are no longer carrying the full BGP routing table so the Nexus 7700’s will probably work. We could use the Nexus 7700’s as peer and core in the same box. Cisco Live is going to be making a product announcement end of June. We will wait and see what all of the options are to continue/finish the core aggregation discussion. Greg let us know that he has configured Microsoft Azure Cloud Service on the Palo Alto and Steve Tanner will be testing. Scott let us know that the WAMS group has done work that lets students use Clear Pass to register devices for campus. Scott is going to setup 2 test VPN instances in the Techlab.
15MAY17: Ran out of time.
22MAY17: Ran out of time.
05JUN17: We no longer have telephone lines for modem access. Are we going to use a redundant network connection for OOB? We were going to move one of the Palo Alto’s to 432nm and move the 67 network to the Nexus 7k’s. Revisit this when Scott gets back.
12JUN17: No change.
19JUN17: Dennis let us know that he will be purchasing the Cisco 10 Gig cards for the Nexus the 7k’s.
26JUN17: Ran out of time.
03JUL17: We discussed getting a deal with Cisco to get 7700 chassis. Cisco Live occurred and there is not a newer chassis than the 7700. We discussed how should we connect the Palo Alto’s. We discussed 40 Gig connectivity to the 7k’s. We discussed the options that Greg emailed out to everyone. The 3232C’s and some 40 Gig cards for the 7k’s. We will discuss this more next week. We should agree where we want to be as an end state (e.g. 7700’s).
10JUL17: Moving Infoblox and fiber tap at Animal Science per KB 68763 Dennis and Pat were going to form a team. This team was to create a plan and present it with a timeline of being done in about 6 months (this was a month ago). Dennis will discuss this with Pat to come up with a timeline. Nexus 9500 new cards in? Dennis let us know we are still waiting on the replacement cards.
17JUL17: We discussed re-creating the -9 and -10 for aggregation to get us to 40 Gig. The ASR’s would then become only border routers. We discussed getting one pair of 7700 k’s for the -9 and -10. The deciding factor is can the 7k’s do true 40 Gig flows. If not then it does not make sense to spend money on the 7k’s and we should go to the 7700’s. Dennis is going to contact Al to verify the 40 Gig flow question.
24JUL17: Dennis let us know that Al said the M2 40 gig cards are limited and will not do 40 gig flows. We discussed testing M3’s and M2’s in the Techlab to make sure that it works as desired. We discussed putting M2 40 gig cards in the 7010’s. Consensus is to buy the 3232’s for the Palo Alto connections. Harsheen and Greg are working on the new enterprise NAT conversion to the Palo Alto 5060’s and will be ready to do the conversion this Thursday morning. There is documentation on the new enterprise NAT process in KB 74728. Dennis let us know that the 10 gig cards for the Nexus 7010 have come in and we need to determine which supernode pair to put them in. Dennis is going to look at the cost for putting M2 40 gig cards in all of the supernode 7010’s. This will allow us to connect the Palo Alto’s to the Nexus 7k’s at 40 gig.
31JUL17: NAT conversion was completed. Dennis let us know that he placed an order for 2 more 10 gig cards for each supernode 7k. The order also included the 3232’s. There was a conversion in the cave and consensus is to not get M2 40 gig cards at this time. Bill let us know that Mike Blodgett was working on a dhcp issue and a bug was discovered on the ASR so Bill will put a patch on the ASR to fix the bug. The patch is supposed to be hitless. Bill will apply the pathc later this week or early next week after testing in the Techlab.
07AUG17: Ran out of time.
14AUG17: No change.
21AUG17: No change.
28AUG17: Cabling for the new Palo Alto’s needs to be figured out. Do we need to put in Gigamon taps as part of the Palo Alto installation? This has not been planned for per Dennis. Who is in charge of the cabling? Dennis will take this back to DoIT Security to see where it stands with them. There are currently no taps for the Palo Alto's. Dennis will discuss this with Penny Clark for planning/tracking.
11SEP17: We discussed if we should put the new 10 Gig M2 cards into slot 9 or 10. Slot 9 is empty on all Nexus 7k’s and slot 10 has a powered down F2 48 port 1/10 Gig card in al Nexus 7k’s. Consensus is to use slot 9.
18SEP17: The new 10 gig cards have been installed by Field Services. We discussed the path forward for the wireless Mobility Master. A desire is to move the routing off of the ASR9922’s. We discussed what to connect the Mobility Master to. The 6001’s or existing 7700’s or new 7700’s. The desire is to not put the Mobility Master on the existing 7700’s in case there is a problem as we had previously when wireless was on the 6500’s. Consensus is to leave wireless on the 6001’s and to put the Mobility Master on the 6001's.
25SEP17: Ran out of time.
02OCT17: Should the Cisco 3232 spare go in the Techlab? Put it in the Techlab where the 9500’s are. We discussed being prepared for the build out of wireless. Jeanne is leaning towards only doing PoE switches for network deployments in the future. We discussed if we should go PD or FD? The cost is $400 per switch. Consensus is to use one power supply using FD power supplies.
09OCT17: The Cisco 3232’s and Palo Alto’s are installed at Animal Science and CSSC. 432NM will be installed this Tuesday. The 7k’s were not advertising OSPF at Animal Science, restarting the ospf process (e.g. process restart ospf on the ASR) corrected the problem. Running the show process ospf command on the ASR and the 7k’s, showed as black holed on the ASR 9k and showed correctly on the 7k per Greg. Greg added this to the Known Problems and Solutions ASR 9k KB.
16OCT17: We discussed Site-to-Site VPN services. Where should we terminate site to site VPN? This can be done on the Palo Alto’s (the Palo Alto 5060 with the carrier grade NAT) this can also be done on the supernode Palo Alto’s. Where to terminate the vpn will depend on the need of the customer. Consensus is to bring customer requests to this meeting to be vetted. Consensus is to keep a KB of what is on the carrier grade NAT Palo Alto 5060. Most customer vpn’s will be on the supernode Palo Alto’s. Greg volunteered to create the KB for tracking vpn’s on the Palo Alto 5060.
23OCT17: Dennis is placing the order for the research Cisco Nexus 9504’s converting to 100 Gig. The PCI parts are also on the order that Dennis is placing. Scott is doing the diagram for the new Palo Alto’s. Dennis also ordered a couple of Nexus 9300’s for us to test with in the Techlab. Patti let us know that there are about 8 locations from School of Medicine remote sites going collaborative. The OpEng team have reviewed the reboot process and are finalizing it, it will be posted in the KB. The noontime report will be gone over by the OpEng team at their next meeting for feedback to Mike.
30OCT17: Scott finished the diagrams for the Palo Alto’s. Jim is going to run the fiber jumpers. Scott created a part request for the Palo Alto optics and is awaiting approval by Dennis.
06NOV17: We discussed needing more power supplies for VOIP deployments. Are we monitoring available power budget? Are there enough power outlets in the IDF’s to plug in the extra power supplies? FIDO currently does monitor power usage; there is currently a problem where the wrong MIB is being used. This is being addressed via a JIRA per Mark Karls. The VOIP team is supposed to work with an engineer to go over the power budget when looking to not use the power bricks. Some customers have UPS’ and they will have to be upgraded to account for the additional power supplies. Secondary power supplies could be put into commercial power versus UPS.
13NOV17: Michael sent us an email that included the following:
- “FIDO currently does monitor power usage " (POE), see NS-3143. The data is available in GNMIS with dataset "=PoEAllocatedPower". A report is being generated and is available here.
- archive: https://stats.net.wisc.edu/cgi-bin/rrd_reports.cgi?report=poe_usage
- direct link to most recent report: https://stats.net.wisc.edu/reports/current/poe_usage_daily.html
- FIDO alarms for PoeAllocatedPower are not being created at this point awaiting (to the best of my knowledge) a bit of QA from Mark Karls.
- I see NS-3437 has been opened. That request is much more than what NS-3143 does, which is per switch allocated tracking.”
- There are currently 4 locations that are over the threshold of 90% (memun and chadhall). A goal is to not have unnecessary/false FIDO alerts. Consensus is to change the threshold to 100% when we have a switch stack that is fully populated with the biggest power supplies. When there are FIDO alerts bring them to the engineering meeting. The report is showing higher than what the show power inline (e.g. 91% on the report versus 86% using show power inline).
- The switch stack at Mem Union should have another power supply installed in it. Mark Karls and David will work on the QA portion so that FIDO alerting can be done. Mark Karls will cut a ticket to have Field Services install a power supply at Mem Union.
- Consensus is to configure port priority for edge ports for power shedding to keep AP’s and cameras up versus keeping other devices like VOIP phones up. Consensus is to set VOIP phones to low priority and AP’s and cameras to high. Consensus is this should not be a edgeconf setting. Consensus is to have the default port priority as low and cameras/AP’s as high. Use show lldp neighbors detail to generate a report for setting the priority to high. Mark Karls is going to take this request to Mark Tinberg and Tom Christie. Going forward we should make sure that the setting is high(power inline port priority high) for AP’s and cameras.
20NOV17: Pete Sengstock at Vilas is writing a grant. He needs 10 and 40 Gig connections locally in room 3134. Consensus is to use the newer model of the 9372; the 93180. Dennis let us know that the Nexus 9372's are orderable until Feb. 2018. We are short a few at this point for completing the Datacenter. Do we move to 93180 (SFP+) and 93108 (Copper) or complete the datacenter with like switches? Consensus is to go with the new switches. Sparing is needed for switches. Dennis ordered enough for sparing. Scott let us know to separate the 10 Gig copper SFP+ transceivers due to an overheating problem. You have to separate the 10 Gig copper SFP+ transceivers with 10 Gig optical transceivers. Recommended to separate them by 10 ports. Scott let us know that he has one of each and is connecting them to DDN in the Techlab for sparing. Dennis let us know that we do have next day support on the 9300 series. Dennis let us know that we have a request from VCRGE to rename some subnets/Firewall contexts. This can be done WiscNIC and firewall updates/changes are needed, OpEng should be able to do this. There is a ticket open on this per Dennis.
27NOV17: No change.
04DEC17: No change.
11DEC17: No change.
18DEC17: Ran out of time.
08JAN18: No change.
22JAN18: Ran out of time.
29JAN18: No change.
05FEB18: No change.
12FEB18: Ran out of time.
19FEB18: No change.
26FEB18: OneNeck 100 Meg copper connectivity is needed by WAN team at Animal Science 226. No firewall is needed, but an ACL will be used. Public address space is needed. Connections needed at CSSC and Animal Science. The 9300’s do not work. One connection needed at each site. We discussed creating new -3’s for 100 Meg connections. Compact switches could be used. 9372-TX’s can be used also. 3750X can also be used. Mark Karls and Bill will come up with a solution.
- Dustin said the optics were over heated. ASR at CSSC filter intake screen was plugged. The sfp’s were replaced since they were causing failures (e.g. port suspends).
- Dennis let us know that the Cisco clock component failure replacement parts are here. Bill has worked on replacing parts in the Techlab.
05MAR18: No change.
12MAR18: Bill let us know that the default template for the Nexus 93180 does not enable all ports for 100 Gig by default. You have to change to a different template to use more ports. Bill will create a new KB with this in it. There are 3 templates to choose from.
19MAR18: No change.
26MAR18: Greg has a Cisco case open for distribute list bug on the 7k’s.
02APR18: No change.
09APR18: Ran out of time.
16APR18: No change.
23APR18: There is a desire to have separate routers for services (e.g. wireless).
30APR18: Ran out of time.
07MAY18: No change.
14MAY18: No change.
21MAY18: Moduletek is changing the body design of the 10 Gig copper. They will be sending some samples for us to test.
04JUN18: Palo Alto gave us new engineering code which has been put on our Palo Alto’s. It was noticed on the Cisco side that the connection went down on the Cisco switch. All 3650’s/3850’s were upgraded with very few issues (1 switch and a couple of AP’s). The work was completed around 5:00a.m. with the code upgrade on 470 switches. We need to look at using 16.x code. Potentially for Winter break. Bill ran into a problem with a customer firewall where he had to manually set the speed and duplex. The connection showed as connected but was not passing traffic. There were AP’s that were not working a new process that was used: shut ports, remove poe, wr mem, reload stack, brought up ports individually and it worked.
11JUN18: No change.
18JUN18: No change.
25JUN18: No change.
02JUL18: No change.
09JUL18: No change.
16JUL18: No change.
23JUL18: Ran out of time.
30JUL18: Ran out of time.
06AUG18: No change.
13AUG18: Ran out of time.
20AUG18: No change.
27AUG18: No change.
10SEP18: Ran out of time.
17SEP18: The plan is to upgrade the CSSC ASR in two weeks provided that we have no problems with the Animal ASR that has had a SMU applied this last weekend.
24SEP18: Mark Karls updated Known Problems and Solutions Nexus 7K KB 44707 with how to change the resource allocation when we get “Failed to allocate shared memory” syslog messages. Mark Karls updated the Known Problems and Solutions ASA Firewall KB 29188 for BVI IPv6 addresses showing as unreachable in FIDO.
01OCT18: Bill added the SMU to the CSSC ASR with no issues. Scott did converted DDN in the Techlab to use MST.
08OCT18: Ran out of time.
15OCT18: Scott has been working on MST in the Techlab. We can convert the core first. One region for everything in the datacenter. There is a topology change of about 20 seconds when making the change. Migrating to instance 1. Root for the vlans has to be on the Nexus 9500’s in the datacenter. The process is to convert the core, then the radials then the access switches. Root guard will shut down the link for any vlan that has a root change. So if CCI advertises root then the entire link going to CCI will go down. Syslog will show this as an inconsistency change for a vlan. This should be put in the KB for the CCI team to reference. We can have 2 MST regions to help mitigate root advertisements. This would let us put odd vlans in one and even vlans in the other. Consensus is to have one MST region.
22OCT18: Ran out of time.
29OCT18: None.
05NOV18: None.
12MAR18: Bill let us know that the default template for the Nexus 93180 does not enable all ports for 100 Gig by default. You have to change to a different template to use more ports. Bill will create a new KB with this in it. There are 3 templates to choose from.
19NOV18: We had a SDA roadmap meeting with Cisco that was very useful (e.g. N6k replacement, next core box, edge, SDN…). They said we would get pricing and notes from the meeting. Our biggest problem is we need central authentication for all of campus.
26NOV18: Entire meeting dedicated to internal PIR.
03DEC18: In the Ops meeting this morning Neil let us know that more power is being planned to be added to TR’s. Neil also let us know that new buildings will be asking to have building generators and building UPS’s intstalled.
10DEC18: Greg discussed AWS transit gateway options.
17DEC18: Ran out of time.
07JAN19: None.
14JAN19: Terry let us know that the ASA’s in the datacenter have been removed. One pair will be left in the datacenter for emergency use.
04FEB19: Ran out of time.
11FEB19: None.
18FEB19: We need two 10 gig cards for Animal Science and four 10 Gig cards for CSSC to have enough ports for the campus migration project. There are two unused 10 gig cards at 432nm. Consensus is yes we should move the 10 Gig cards in the 432nm Nexus 7k’s to the Animal Science Nexus 7k’s. Bill will order the four 10 Gig cards that are in Verona storage for CSSC. Bill will put a WiscIT ticket to have Field Services move the 10 Gig cards from 432nm and into the Animal Science Nexus 7k pair. Bill will alos create a WiscIT ticket to have Field Services install the new 10 Gig cards at Verona into the CSSC Nexus 7k pair. Greg let us know about the Palo Alto changes he has made and will update the KB to reflect the changes. Mark Tinberg let us know he has gotten Ansible to push or validate a configuration on 3750/3650/3850 switches. Mike let us know that we are in violation of U.W. System’s 30 minute timeout policy. U.W. System is doing an audit of system and will come out with a gap list with recommendations/requirements.
25FEB19: Greg brought up concerns over creating a VPN hub in the cloud. Dennis asked Greg to email Eric Straavaldsen about the requirements and to copy Dennis. Trout Lake in northern Wisconsin wants to know if VOIP could work up there. Dennis would like to have Network Services come up with a standard model for off campus VOIP. Greg brought up the Silver Peak cloud mesh appliance as a possible solution. It is an automated solution for creating a mesh through the cloud for redundancy with 1 second failover.
04MAR19: Greg negotiated a /27 or /28 from Comp Sci for cloud connectivity. The WiscNIC entry description has IPsec termination for cloud in the description.
11MAR19: Ran out of time.
18MAR19: Ran out of time.
25MAR19: Ran out of time.
01APR19: Dennis emailed a request to get the NDA with Cisco signed so we can get Cat 9600 information.
08APR19: Bill let us know that he will be working with Jason to install additional 10 Gig cards in the 7k’s at CSSC and Animal Science. This will give us the ports needed to finish the building migrations.
15APR19: The Cisco catalyst 9600 series have been released. Dennis let us know that the NDA has been signed and he will ask Cisco for the road map slides. We would like to know if there will be a Catalyst 9600 that we can use to replace the Nexus 7k’s.
22APR19: The Cisco briefing on the 9600 series is scheduled for 30APR19.
29APR19: The Cisco 9600 road map meeting is tomorrow at 10:00 a.m. in CSSC room b106. We need to do at least 2 more vrf’s. One as an MPLS vrf using BGP so we can use L2 or L3 for campus. 65059 was used by Greg for the work he has been doing in the cloud and he would like this used on campus so he does not have to do rework.
06MAY19: Scott will get more information on NetBrain to see how much it costs. Jim is opening a case with Cisco to get answers for some VXLAN questions. To get it working between the 2 ASR’s in the Techlab. We will be looking at Arista switches to aggregate taps. We have 3 areas for networking RBN, DDN and general. We discussed using VXLAN and SDN to provide these networks at the edge. There is no VXLAN support on the Palo Alto’s. We discussed having a call with Gartner to get information on doing VXLAN on a network like ours.
13MAY19: Greg let us know that the DS folks are replacing all of the Andover work stations at American Family Children’s Hospital. They need a network and we do have switches there in 5 closets. If the jacks are pulled back to those closets this should work. Field Services should be sent out to figure out where the jack are pulled to. We would like Cisco and Gartner to discuss network fabrics with us so we know what the options are. Potential code upgrade for 3750X switches to IOS 15.x code to use 2 port 10 base T module. This will also fix several out standing bugs and vulnerabilities. 15.2.4e7 code is recommended by Cisco. Mark Karls will put the 15.2.4e7 code in the Techlab and test with Mark Tinberg and Tom Christie. Consensus is to test the Cisco recommended 3750X code and 3650/3850 code in the Techlab to verify that they will work for us.
20MAY19: Ran out of time.
03JUN19: 7.3.(3)D1(1) is the most recent stable recommended release. Consensus is to continue with upgrading to 7.3.(3)D1(1) in the Techlab.
10JUN19: Jim and Mark Karls put 7.3.(3)D1(1) on the Nexus 7k’s in the Techlab. The code upgrade fixed the lldp problems. Jim finished testing vpls in the Techlab. Jim is going to work on an L3 VPN solution for BAN using vrf’s. We discussed not having enough 10 Gig ports to move every 1 Gig connection to 10 Gig. The new cards require new code. The new code does not work with M1 cards. We discussed if it makes sense to look at other chassis (e.g. 7700 or 9600) or keep 7010’s and get cards. We discussed moving the 1 Gig connections to a standalone switch. Consensus is to move as many 1 Gig connections to 10 Gig as possible and then see what is available for solutions at that time.
17JUN19: Ran out of time.
24JUN19: No change.
01JUL19: Scott went over the 2 factor vpn using the projector. Working with Middleware WAMS team. People will be able to assign themselves a static IP. End users will go to access.services.wisc.edu portal. The Palo Alto has to be configured to setup the vpn, portal and gateway. The pilot is done. Support documentation is being worked on before rolling this out to campus. Outside vendors can be given access there are settings for that. We discussed needing central authentication for all of campus versus the at least 24 authentication sources. We discussed needing to identify users and giving them access to the resources they need using central authentication. We discussed the firewall transit throughput issue/limitation.
08JUL19: Mark Karls and Jim upgraded the code on the CSSC Nexus 7k pair. Jim is looking at interfaces that need MPLS as part of the MPLS design.
15JUL19: Bill asked Mark Tinberg to add updating e911 information when checking in a device to cms.
22JUL19: Ran out of time.
29JUL19: In preparation for the remaining Nexus 7k code upgrades on the 18th of August Jim did some experimenting with netflow and found that after 400 SVI’s there is a slowdown when adding a new one. Jim and Mark Karls will test netflow by changing the sampling rate.
05AUG19: Dennis let us know that the Cisco 7700’s have been ordered for wireless. We discussed having a fiber database discussion with Jeff Ruttman to go over what is in the database and what he is getting. John will talk to Jeff Ruttman about this.
12AUG19: Jim let us know that this weekend he will be doing the code upgrades for the rest of the Nexus 7k’s. This will allow us to use mpls. Netflow will be using sampling which will prevent the slowdown we were having.
19AUG19: Jim and Mark Karls upgraded the code on the remaining 7010’s over the weekend. We discussed using OSPF and HSRP on the OOB network core going only to the new peleus services servers. This way we would not have to use static routes and not route OOB anywhere else on campus. We discussed putting another aggregator at Animal Science. Go over this with Jim.
26AUG19: No change.
09SEP19: UW hospital has offered Nexus 7k equipment. Paul Nazario sent out an email with the details. Consensus is to ask for two 7010 chassis, four supervisor cards, eight 10 Gig cards and DC power supplies if they have them.
16SEP19: Jim modeled his proposed 'ring bone' design to come up with OSPF cost values that resulted in a good amount of ECMP (equal cost multi-path routing).
23SEP19: We discussed where to put the new -9 in the CSSC datacenter. The plan is to put the new -9 into the rack next to the ASR 9922. The -10 is going to Animal Science room 226 in the ASR 9922 reseved rack. The power will be DC at both sites. We discussed reserving rack space needed for new equipment at CSSC and Animal Science (e.g. -9, -10, wireless, new core reservation space…). The Nyansa appliance can go in the server racks at Animal Science per Jeff. Consensus is we don’t need to reserve more space for the smaller Palo Alto’s nor the wireless equipment.
30SEP19: Mark Karls is going to contact Scott Feldman about getting the Nexus 7k’s and cards for the -9 and -10. Dennis is going to setup an ongoing meeting with the WAN team to discuss new core design.
07OCT19: Jim asked if VPLS is needed anywhere to solve some problem. An example would be to use a cross campus vlan and use VPLS. Greg proposed using part of BAN (e.g. BAS). Jim, Scott and Jeremy will meet to discuss this. There was an identified bug for the Nexus 9k’s. There is a new code version that will fix the bug. We have a known work around. The Nexus 9k’s are running in HA pairs. The new code needs to be tested prior to going to it. We discussed using certificates for places that Middleware refuses to provide service.
14OCT19: Ran out of time.
21OCT19: We discussed using the Nexus 7010’s from UWHospital versus using Nexus 7700’s. The goal is to extend our current network for several years. Our current 7010’s would have 40 Gig connectivity for the most part on the core; except for CSSC 100 Gig connections. The new -9/-10 will need 100 Gig connectivity. The Palo Alto’s have a 16 Gig flow limit. Consensus is to get to a 40 Gig core. We can get a 48 port 1/10 Gig M3 card for the 7010’s. The -9/-10 core could bridge VXLAN. We want to get off of the 6500 -9 and -10. We discussed using the Nexus 7706’s in the datacenter as the -9/-10. Consensus is to get Nexus 7706’s with sup 3’s, M3 cards and get 7010 40 Gig cards. We would use an M3 1/10 Gig 48 port card in each 7010 for 1 Gig connections. Jeff will send a summary list of parts to Dennis.
28OCT19: Jeff Robertson sent the list of parts to Dennis. Dennis will bring the final parts list to this meeting after we have the Cisco briefing in 2 weeks. We discussed trunking only needed vlans to CSC edge switches versus trunking the vlans everywhere by default. We discussed doing load balancing across 10 Gig cards due to arp drops. We discussed using a pair of 9300’s to move the 1 Gig connections off of the Nexus 7k’s to allow code upgrade, then move the 1 Gig connections to the 1/!0 Gig new cards. We would then move the 9300 pair to the next supernode do that one and then move to the last supernode and then remove the 9300 pair from service. We discussed possibly using the Cisco 6004’s instead of the 9300’s if we need more MAC address capacity.
04NOV19: We discussed the current CoPP (control plane policing) issue that has been affecting VOIP. This appears to be a per line card issue.
11NOV19: We discussed what we wanted to have Cisco go over with us this Wednesday (what are the other educational institutions doing to solve their problems). Converged networking versus deploying 3 different topologies in the same location.
18NOV19: Ran out of time.
25NOV19: Jim let us know that the MPLS vpn service that will be used for BAN is ready. We discussed the possibility of getting a separate firewall for Isilon storage in the datacenter. The tool for creating the firewall configurations needs to be updated to change to the currently desired virtual router method.
02DEC19: Mark Karls will work on changing the block size and control plane policing for the remaining Nexus 7k’s for the January 5th 2020 change window. Scott may put the datacenter behind its own VR for firewalling on January 5th 2020 change window. Jim sent the following email update: MPLS LDP has been enabled across the rx-core and rn-node devices. We need additional licensing to add the DDN 7Ks to this mix Jim is working with Cisco to get the part number we need to add that licensing. Jim is working on scripts to validate the LSPs between loopbacks. Jim is working on a KB to explain the setup and how to add L3 VPNs.
09DEC19: Ran out of time.
16DEC19: No change.
06JAN20: There are tftp timeouts happening when going from 16.6.6 code to other code. One solution is to use a USB thumb drive to copy the code to the switch. John spoke with Dennis about ordering USB thumb drives. Dennis said he is going to order some for us. Cisco bug CSCvq01204 is for this tftp timeout and there is no plan to fix this bug. The work around is to set the block size to 1468. The disadvantage of using the USB thumb drive is you would need multiple drives to do multiple switches at the same time. Currently we can do many switches at the same time with tftp.
13JAN20: No change.
27JAN20: Ran out of time.
03FEB20: There was a meeting today about the border routers. The Cisco Nexus 7706 was discussed as being needed to replace the -9 and -10. This will move forward per Dennis. Rack space design needs to happen at Animal Science 226 and 432NM to make room for new WAN and CNS equipment. Dennis will send out an email with the parts that will be ordered. We discussed replacing the 7010’s with the 7700’s to get increased speed and bandwidth.
10FEB20: We discussed how the DOORS VRF is built and requested. The builder tool should help with this per Scott. We discussed using 10 Gig vs 40 Gig cards in the Cisco Nexus 7706’s.
17FEB20: Ran out of time.
24FEB20: We discussed the viability of using the Catalyst 9600 as the campus core network router platform versus using the Nexus 7706 platform. Consensus is to go with the 7706. There is no compelling reason to go with 9600.
- 9600 cons:
  - no front to back airflow
  - 12 to 18 months for new sup at the earliest
  - feature set does not currently meet needs for supernodes
  - requires new tooling
  - no deep buffers
  - new code and architecture (e.g. high probability unknown bugs that will be part of new code and hardware)
  - would be a one off (e.g. additional sparing)
- 7706 pluses
  - fast deployment
  - front to back airflow
  - can use current tooling
  - it scales for routing
  - we know it is going to work
  - better economy of sparing (e.g. wireless, -9, -10 are 7706’s)
  - better TCAM scaling
- We discussed if we should use 7700 chassis and cards versus getting M3 cards for 7010 chassis for the supernodes. Pricing comparison between using 7706 and 7010 options for true 100 Gig core. We could use 7710’s to get more slots since we will be using all slots with the 7706 chassis right from the start.
- 7010 solution:
  - Cost
    - M3 card N7k 1/10 48 port card : $85,000
    - M3 card N7k 40 gig 24 port : $85,000
    - M202’s two 100 Gig ports: $85,000
    - Optics: $3,000
  - Considerations
    - we have to remove the M1 cards
    - last about 3 years
    - we cannot go to newer code with M2 cards
    - M2 has flow limitations of around 12 Gig per flow which is probably an issue going forward
    - have to upgrade code to use newer cards (e.g. M3 cards)
    - we could use M2’s to get to 100 Gig for core connections
- 7710 chassis solution:
  - Cost
    - M3 card N7k 1/10 48 port card : $65,000
    - M3 card N7k 40 gig 24 port : $75,000
    - M202’s twelve port 100 Gig: $115,000
    - Optics: $800
    - Sup cards: $40,000 (need 2)
    - Fab 3: $15,000 (need 6)
    - Chassis: $15,000
    - Power supplies: (4 are needed)
  - Considerations
    - there are chassis bundles
    - we can get rid of the Cisco 3232 switches
    - last longer about 5 years
    - we could go to 400 Gig
    - true netconf for better programmability
    - VXLAN all ports
    - no safe harbor release
02MAR20: Ran out of time.
09MAR20: Dennis is working on the Cisco 7706 purchase for the -9 and -10. This would leave one open slot for a 100 Gig 12 port card. Dennis will get the pricing for a 7706 and 7710. The 7710 chassis is smaller than the 7010 chassis. The 7710 chassis to replace our supernode 7010 chassis would get us to 100 Gig in the entire core. Consensus is to go with the 7710 chassis versus continuing to use 7010 chassis or the other Cisco options that are available.
- We discussed creating a site to site vpn service. Dan let us know that SMPH does want a site to site vpn service. Chris Spencer asked Dan to come up with pricing for MUFN connections. UWHealth wants us to put in as little as possible equipment and to not use more fiber. We discussed using client based vpn for sites that have only a couple of users. Is terminating the vpn connection to campus O.K. or does the encryption need to go to the building? Looks like Palo Alto 820 for $5,000 per and there would be two. The Palo Alto 820 would terminate back to the campus Palo Alto core. Palo Alto will have SDWAN in 9.1 code per Scott.
27APR20: Jim is making gateway changes to move IPv6 gateways from the ASR's to the N7k's. On the ASR the IPv6 gateway does not have HSRP, but the Nexus 7k is using HSRP. HSRP does not work for IPv6 per Greg. Should that be removed from the builder tool? We want to figure out what configuration makes the traffic go across the primary Nexus 7k. Consensus is to discuss this with Michael to get his opinion on the IPv6 configuration. Jim will discuss this with Michael and gather more information. Syslog on netlog2 is getting ten times less logs than netlog1. Is this normal? The number of hosts on netlog1 and netlog2 is differs by 20 hosts. Jim will check to see if those 20 hosts have that much more logs. Jim will also check with Tom Christie and Mark Tinberg.
20APR20: No change.
13APR20: Ran out of time.
04MAY20: Dennis is continuing to work on the core equipment request. They are looking at Gartner to see if across the industry there is something that can be used to support the request. We discussed what other MPLS use cases we have. An example is people that only need access to the internet and nothing else. Dan brought up an example of a location that is not formally a part of the campus and would like internet connectivity. Forest products could be a candidate for this service. We discussed using MPLS for SSID traffic. We discussed replacing vrf solutions with a MPLS VPN solution. Palo Alto is not strong in routing so there are limitations to what we can do.
11MAY20: We discussed converting ASR vrf's to MPLS VPN's. We need to keep area 0 out of every service due to Palo Alto limitations. We need a new area for each service to help with the Palo Alto resources. Currently we are tracking ospf numbers in KB 3803 XXI OSPF Customer Area Selection. A thought was to use the AS BGP number and ospf area number(e.g. 65059:10). The core advertises default down to the Palo Alto and the Palo Alto advertises all of its service vrf subnets to the core using NSSA. The traffic of the vsys can not communicate with each other without going through a firewall. Traffic is not allowed to by pass the firewalls. The public side is a transit from the core to the firewall. Different vrf's have to go through a firewall to talk to one another. Customers in the same vrf do not have to go to a firewall. When we decide on a new place to track the ospf numbers KB 3803 should be updated to point to the new location. The cable TV monitoring service is probably the best one to start with per Scott. Jim will work with Scott to get a good process for conversion. Greg mentioned that multicast on IPv6 will be needed in the future. Anything in a vrf today that spans campus should be moved to MPLS.
18MAY20: We discussed moving 1 Gig connections off of the N7K's to the 3232's and 9372's. This will allow us to install M3 cards in the N7K's. There are enough ports available to do this per Greg. Dan is also converting several of these 1 Gig connections to 10 Gig per our request.
01JUN20: Dennis let us know that the order was placed for the -9/-10 replacement and we used to get equipment in 6 to 8 weeks. It might take longer.
08JUN20: Field Services needs 4 people to remove the UW Hospital Nexus 7k's which needs to happen to make room for the new -9/-10. Field Services does not know when this can happen. Dennis will follow up with Gary. Greg and Jim have discussed moving routing for networks off of the ASR 9k's (WIDMIR, Athletics, Hospital...).
15JUN20: We discussed decommissioning of the rest of the 6500's by end of August. If we can not get this done by end of August we need to document why. David believes this can be done by the end of August for Housing. Greg let us know that there are 6500's in the Datacenter that also need to be worked on. The 6500's also will lapse in support in August per Dennis.
22JUN20: We discussed server disk storage redundancy between datacenters in a VMware environment this should be brought in the the quarterly NS/SEO quarterly meeting. This is an architectural design discussion. John will ask Dennis to get this added to the agenda. The last meeting we had was 17SEP20. Greg let us know that 5.1.3 for global protect has a cosmetic issue where there are Chinese characters. This is fixed in 5.1.4.
29JUN20: John sent Dennis an email asking to have the server disk storage redundancy between datacenters in a VMware environment added to the NS/SEO quarterly meeting.
13JUL20: Bill ran into a problem with a 3650 being in bundle mode versus install mode. Bill will add this to the Known Problems and Solutions 3850 and 3650 KB.
20JUL20: We discussed what equipment we could connect the Juniper 10003 to in the Techlab since we do not have 7700's in the Techlab. The 7010's in the Techlab using a different vdc was an option. Using the Nexus 9500's in the Techlab with 8.x code was an option. We want to mock up the state that we want to get to when we replace the ASR 9k's. This will help with figuring out how to move from the ASR 9k's to the Nexus 7700's. We need MPLS on the Nexus 9500's. Consensus is to use the Nexus 9500's. The licensing needs to be checked to see if we can use MPLS. The new Nexus 9500's are in F3 or F4. The rack map for the Techlab does not show them. Bill will check tomorrow when he goes in and update the rack map or let John know what needs to be updated.
27JUL20: Consensus is we do value syslog messages so we should investigate the current problem of having different number of messages going to syslog1 and syslog2 from hosts. We discussed syslogging to one server and then sending a copy to the other server. We could setup a tcp listener so we can compare to try and figure out the scope of the problem between the two servers (netlog1 and 2). Consensus is missing log messages is bad and we need to figure this out. We could do this on a subset, like the OOB network to test first. We could start out small with 50 devices and ramp up until we see loss of syslog messages. Netlog2 is not going to be very useful due to the amount of syslog messages not getting to it. We discussed if this might be a firewall issue (e.g. threat protection) or packet buffers full. The hosts are sending the messages but the number of messages are wildly different. Revisit this weekly until it is resolved.
03AUG20: Greg went over the CTRI Aurora Palo Alto installation/setup Visio diagrams and supporting documentation.
10AUG20: Bill was not able to reproduce the error that John was seeing when using the all-slave "flushname" r command. If anyone runs into this again please bring it up. We discussed the next steps for troubleshooting the throughput issues that the CS researchers are running into with RBN.
17AUG20: Tim C. has the Cisco Nexus 7700 at CSSC datacenter powered up. He will work on the Cisco Nexus 7700 at Animal Science room 226 this Wednesday or Thursday. He is also working on the power supplies for the Nexus 9500's.
24AUG20: Tim C. let us know that the Cisco Nexus 7700 is powered up at Animal Science room 226. Greg sent Men the request to run the connections for the Cisco Nexus 7700 at Animal Science room 226.
31AUG20: We discussed the issues that WIDMIR is having and Cisco recommending going to a new version of code. There is no test equipment in the Techlab to test the new code. We discussed using a new set of 3850's with the new code on them and moving the connections, this would allow moving the connections back if there are problems with the new code.
14SEP20: We discussed what new version of code should we run on the 3650/3850 switches. Current choices re 16.9.5 if you have the smart licensing and 16.6.8 if you don't have the smart licensing ready. We have 16.6.5 on some FISMA switches since it was the recommended version last year. Consensus is to proceed with 16.6.8.
21SEP20: Greg asked what do people think about cutting rbn over to the new core in the next 2 weeks? Greg would like to enable and connect the ports with ospf costs set so that they are not used to get ready for use. We went over what is currently using rbn.
28SEP20: No updates.
05OCT20: Greg let us know that Men did find some fiber between Animal Science and CSSC to connect the new equipment Nexus 7700. Previously Men said there was none available. Dennis has brought this to Neil's attention and Neil will be verifying how much is available.
12OCT20: We discussed the connectivity between the 9500's, 7700's and the ASR's. Should we connect to the ASR and the 7700s from the 9500's or just connect to the 7700's for the 100 Gig connections. We only have 12 connections available and all will be used if we connect to the ASR. Dennis said we could add another 100 Gig card. Dennis is going to order another pair of cards in the next order. Consensus is to create a port channel from the 7700 to the 9500. We need to get MPLS working on the 9500's also. Scott said that Palo Alto is working on a bfd bug. Scott let us know that Palo Alto OSPF is announcing default incorrectly. Dennis let us know that there was a meeting about redundant DC power installation process this morning. Dennis showed us the flow chart and RACI (responsible, accountable, consulted and informed) diagram. Dennis will email us the flow chart and RACI diagram so we can discuss them tomorrow morning.
19OCT20: We continued the bfd discussion that we started this morning in the campus LAN daily standup meeting. Consensus is to not use bfd for port channel configurations that are directly connected.
26OCT20: We discussed our current backbone OSPF costs and whether or not they are what we want? We also seem to have ECMP from the ASR 9Ks and that may or may not be what we intended. Consensus is to change the current costs for the peer links to 500 and leave the other costs as they currently are. Consensus is to change the peer links to two by 40 gig when the 40 gig cards are added. We discussed adding more NetBeez into production. Dennis will follow up with Care about the order for the PoE NetBeez.
02NOV20: We discussed having a discussion with the WAN team about UW System needing subnets and vlans to provide services for UW System members. Dan told Tom K. that this is a one off so we probably don't need to set aside a block of addresses and vlans. This is like remote sites that we already do so probably don't need to do something special. Tom K. will get more details from Will. SE is going to be supporting the WAN team servers.
09NOV20: We discussed the wireless core design and backbone core design. We discussed the merits of each to decide how to proceed. A pure layer 3 design with no vPC's for the core and the wireless core design using vPC's. The wireless core design is taken from the Cisco Nexus 7000 configuration guide using layer 3 over vPC's. David stepped through the design using a slide presentation. We discussed how the peer gateway command works and had differences of interpretation. We discussed having traffic going across the peer link. Greg is going to open up a case with Cisco to ask how the peer gateway command works so we know for sure. The purpose of using the peer gateway command is to route on behalf of the peer and keep traffic off of the peer link. When we had the problem with the Palo Alto and the HSCI link we did not have a FIDO alert, so can we monitor this? James is going to work on figuring out how to monitor the HSCI link. Jim is planning to do some MPLS work on the Thursday after Thanksgiving.
16NOV20: Greg forwarded the email from Cisco TAC about the L3 vPC design we discussed previously. We will go over it at one of the morning meetings. We discussed 101H5 at CSC power availability and if we should keep the ups. We have 4500 switches on this ups. Greg is concerned that we do not have a power outlet available. There is no life safety so we are not required to have a ups. We discussed the possibility of using a DC plant ups solution. Dennis said he would fund this. Bill let us know that DoIT Cyber Security sent an email about copy right infringement asking us to go through logs. Scott let us know that Cyber security has all of the logs in their ELK cluster and should be able to find what they need.
23NOV20: Bill let us know that the defective 5596 at the Pyle Center it was not covered under warrantee per Cisco. There is no cold or hot spare. Tom K. sent an email to Dennis about this. Dennis said they should be under smartnet. Dennis said there is inventory on a pallet in Verona. Per our hot and cold sparing KB we chose not to have a cold spare since the 5596's are under smartnet 8x5 NBD and replenish hotspare with RMA per meeting notes 2012 07 26. Dennis let us know that he is ordering a couple of the new 93180YC for testing in the Techlab.
30NOV20: All new parts should be brought to this meeting for consensus on model number, part number and description. Consensus is the descriptions should have the part number in them so we can find the parts easier.
07DEC20: We discussed research vlans on rbn.
14DEC20: No update.
21DEC20: No update.
04JAN21: Bill let us know that there are no more WS-X6716-10GE cards available per our inventory system. We discussed migrating the connection on the r-cssc-b280c-8-core or the r-cssc-b280c-7-core to a 4 port card to get a spare. Dennis let us know that there are ones at MDS in long term storage. The long term storage is not in our inventory system. Bill is going to email the inventory email list to get 2 brought back from long term storage.
11JAN21: We discussed who should take ownership of Patti Havlicek KB's. John will the send list to Dennis.
25JAN21: John sent the list of Patti Havlicek KB's to Dennis. Dennis did not work on them yet, but it has been added to his list to work on.
01FEB21: James is going to look at the Patti Havlicek KB's and take ownership of the KB's that makes sense for him to take ownership. The remaining KB's will be looked at by the managers to see who should take ownership.
08FEB21: James has not had a chance to go over the list of KB's owned by Patti Havlicek.
15FEB21: Ran out of time.
22FEB21: James took ownership of most of Patti Havlicek's KB's. Bill will take ownership of the last 2.
01MAR21: When should we decom the 4500X's? I think we should do this when we do the 3750X refresh. The 3750X will be part of the 5 year strategic plan. How to convert 10 gig to 40 gig WDM connections? We need singlemode for this to happen and equipment upgrades. Dennis will take the singlemode need to the managers meeting tomorrow. Dennis shared a word document about extending cybersecurity to scan for vulnerabilities.
08MAR21: We discussed running out of fiber between Animal and CSSC. Men said there is only 22 strands left. Dennis brought this up with Gary and Neil. Neil is going to look into this. Dennis let us know that Cisco live is occurring virtually at the end of this month. There is an explorer pass and the all access pass per Dennis. The explorer pass is free and the all access pass costs money. Dennis has credits to pay for the all access pass. Contact Dennis if interested in the all access pass. Dennis is going to send out an email about the Cisco Live event to lan email list.
15MAR21: Dennis let us know that Jeff Robertson is going to work on the evaluation of the Cisco catalyst 9300 edge switch platform.
22MAR21: Jeremy gave the update on the BAN conversion stating that we are waiting on firewall rule changes and getting dhcp working.
29MAR21: We discussed the new Catalyst 9300. What are we using for uplink speeds to the core? 40 Gig? Consensus is to stay with 10 Gig uplinks, but have the ability to go to 40 Gig as needed. We could go to 25 Gig uplinks in the building. All of the 3 and 4 closet buildings would have to have an aggregation switch now unless we stay at 10 Gig uplinks. The Catalyst 9300 10 Gig sled has 8 ports of 10 Gig. We discussed the licensing models and cost. Dennis said the 9300 with the 3 year licensing prices out less than the 3650 switches we are currently buying. Jeff let us know we have to go with the non L version of the 9300 so we can stack them and get the 60 watt PoE that we need. Do we want multi-gig and full 60 watt PoE? Consensus is that 60 watts of PoE is needed, but we do not need multi-gig everywhere. The eol date for the 3650 is October of 2021. So we need to decide what to replace it with. Dennis will do some pricing exercising to figure out if we can afford a switch that will work for all of our needs or if we will have to have several models. Jeff let us know that the L and non-L models will not stack together. We will continue this discussion next week.
05APR21: We continued the discussion about the Catalyst 9300 switch series. What edge and radial models should we be getting? What radial design do we want to pursue (e.g. layer 3 at the radial or keep it like we have it)? Does the entire line of 9300's support MPLS? MPLS is only offered in Network Advantage licensing. Consensus is the 9300X is the 3850 replacement. Consensus is to continue with the two by 10 Gig and if more bandwidth is needed swap out the radial for a 9300X to get 25 Gig uplinks. Dennis is going to do a financial analysis to help with these decisions. We will continue this discussion next week if Dennis has the finacial analysis completed.
12APR21: Ran out of time.
19APR21: Greg mentioned that he looked at bandwidth from the
26APR21: No change.
03MAY21: We discussed upgrading the code on the Nexus 7700's and getting it scheduled. Mark Karls will be working on it. This is out a least a month before the process is started. Sometime this summer we want to get the 40 Gig connections to the supernodes into production.
10MAY21: Ran out of time.
17MAY21: No change.
24MAY21: Scott let us know that there is a problem using Panorama for troubleshooting so use syslog.
07JUN21: No change.
14JUN21: Ran out of time.
21JUN21: Ran out of time.
28JUN21: Ran out of time.
19JUL21: Ran out of time.
26JUL21: Ran out of time.
02AUG21: Ran out of time.
09AUG21: Greg is going to enable the datacenter 100 Gig links this Thursday. We discussed WIDMIR needing ISP fiber to get higher bandwidth connections.
16AUG21: We discussed what edge access and radial switch models we should go to. We went over Scott's diagram showing what we could do for WDM if we don't use dark fiber. We discussed asking to get another 288 strand fiber cable between each supernode. We discussed some options for core equipment (e.g. Nexus 7010, Nexus 7700 and Cat 9600). Consensus is going to the Nexus 7700 would be the fastest migration with the F4 and M3 cards. The Nexus 7700 would also have more slots free for expansion.
23AUG21: Ran out of time.
30AUG21: No change.
20SEP21: No change.
27SEP21: We discussed the new switch models that we will be going to. The following is the list of new switch models we will be using:
- Access switch:
  - C9300-48UN, cold spare 8, 1 hot spare
- Radial switch:
  - C9300X-12Y, cold spare 2, 1 hot spare
  - C9300X-24Y, cold spare 2, 1 hot spare
  - C9300-48UN, cold spare 2, 1 hot spare
- Modules:
  - C9300-NM-8X, cold spare 2
  - C9300X-NM-2C, cold spare 2
  - C9300X-NM-2Y, cold spare 2
- Dennis has ordered some C9300-48UN switches with modules. The order should arrive in December. We can stack together 8 switches. Dennis thinks these are in the CBS system. We need cards for the Nexus core routers. Mark Karls is going to come with the list of buildings with 3750X's. Consensus is to deploy 9300 switches with 10 Gig uplinks for the 3750X building refresh. John will investigate current 1 gig connections to see if they can go to 10 gig. We are connecting to the existing 7010's for now. Dennis is going to talk to Neil about the power needs now that we have the switch models. We want an electrician from FP&M to help figure out what to do in the closets. Scott put the power requirements on the Visio diagram that he created. 2200W/240V = 9A or 2200W/120V = 20A times the number of switches. Scott will add the new switch models to the Visio network template with the modules. John will update the hot and cold sparing KB with the new models. Work on switch configuration tools for the new models has started. Dennis thinks we have one of each switch in the Techlab.
04OCT21: Bill asked if the statistics for the new models of switches work for our statistical gathering system. The MIBs need to be sent to Michael and Tim. Scott let us know that currently we are missing statistics for edge switching due to a problem Tim found. We can not get the core and edge statistics at the same time; so the core is prioritized. Dennis and Bill will take this to the Network Services managers meeting to see if we can get the resources to work on this.
11OCT21: No change.
18OCT21: We discussed maybe using 24 port UXB and 48 port UXM switch models 10 Gig copper connectivity for work stations. CDIS building might be installing 10 Gig copper infrastructure.
25OCT21: Mark Tinberg let us know that he has created an Ansible playbook for auto generating and pushing out certificates every month for local web services on a linux server. There may be a way to do this for other services that we run. We use certificates on Palo Alto and our load balancers. The let's encrypt side is in the playbook per Mark Tinberg and we might be able to do this for the Palo Alto and load balancers.
08NOV21: Greg is moving the research networks off of the ASR 9k's working with Jeremy Sarauer and Michael. Harvey Street Apartments network needs to be moved off of the ASR per David. Dennis is going to help with this by working with AIMS to determine who owns the vsys that the zone is going to be put in. Dennis believes that AIMS will be taking the admin role for Harvey Street Apartments.
01NOV21: Nothing to discuss.
22NOV21: Ran out of time.
29NOV21: Greg put the link to his power point in chat for campus networking/firewalling overview. We will go over this in more detail next week when Scott gets back from vacation.
06DEC21: We went over the power point that Greg created for campus networking/firewalling. 13DEC21: We discussed upgrading Palo Alto code. Mark Tinberg did some cleanup in the Techlab shutting down some VM's. If a VM was shutdown in error please let Mark Tinberg know.
20DEC21: Luke let us know that stats collection has changed. There are large gaps in the rrd files believed missing due to not being able to keep up with processing the data. We are still missing some data. Tim Czerwonka was investigating this.
03JAN22: No change.
10JAN22: Ran out of time.
24JAN22: Ran out of time.
31JAN22: Ran out of time.
07FEB22: No change.
14FEB22: The current direction is leaning towards the 7700 chassis, but waiting for Chris Dahlke to get information on 9500’s.
21FEB22: No change.
28FEB22: Ran out of time.
07MAR22: We have firewall resource issues need to get information back from Palo Alto so we know what firewalls we need for upgrading. We don’t know for sure if it is hardware or software or a some of both. We are waiting on Cisco to let us know if the 7700 chassis have what we need for resources. We went over the KB for WiscVPN guest access process.
14MAR22: We discussed what 7k chassis to get for the Techlab. Consensus is to get a 7706 and a 7710 for the Techlab for hotsparing and lab work. Dennis is going to put the order together for the Techlab 7k chassis and a pair of 7710 chassis for the CSSC pair.
21MAR22 Dennis is working on the parts list to see if we should upgrade the existing 7706 so that the sparing is covered with the Techlab 7706. We currently have next business day and there is redundancy for the 7706 in the datacenter. Dennis will decide if the cost is acceptable to get the datacenter 7706’s the newer cards. Dennis is working on the pricing for the C9300X-48HX to determine if we will use the HX’s as the standard radial for the buildings with 4 or less TR’s instead of only use them when we need more than 10 Gig for the uplink to the core. Dennis will decide who is going to work on the licensing server since Jim Leu is no longer working for Network Services.
28MAR22: No change.
11APR22: No change.
18APR22: Dennis has ordered the CSSC pair and the lab pair Cisco Nexus 7700 chassis.
25APR22: Dennis is getting pricing on Palo Alto 3400’s. We discussed PoE on switches in regards to FIDO alerting. Mark Karls shared a PoE report that we went through. The threshold of under 60 watts remaining is what we had said in the past to get another power supply in them. Consensus is to keep the threshold of 60 watts. We discussed getting rid of SSID 3043 for NS engineer WiFi; no one objected. When we replace the current NS firewall that would be an opportunity to get rid of SSID 3043 for NS engineer WiFi.
02MAY22: Greg is working on migrating vlans 1505 and 1506 bundle 10 from the ASR 9922. There are 10 groups behind them; they need to transition to the 7700’s. Greg is working on moving them and is planning to put the weight so that the move will not be noticed.
09MAY22: No change.
16MAY22: We discussed the average customer ability too make changes for DDN and RBN switches in EdgeConf. The DDN and RBN switches are treated like normal switches for access ports. Customers have access if they are on tech-c or admin-c on a vlan in WiscNIC.
23MAY22: Ran out of time.
06JUN22: We discussed there being no available singlemode strands from CSSC to Animal Science. Dennis will follow up with Neil to get a timeline for terminating the two 288 strand cables that were pulled.
13JUN22: No change.
20JUN22: We are starting to look at vxlan and evpn for layer 2 and layer 3 services.
27JUN22: Ran out of time.
11JUL22: We discussed maybe creating a separate vlan area for WPR. Greg let us know that they are using unique vlans at each site.
18JUL22: No change.
25JUL22: No change.
01AUG22: No change.
08AUG22: We discussed the pro’s and con’s of creating a WPR area. We might have to take responsibility for WPR networking in the future. We discussed if we should be tracking the vlans that they are using to avoid future conflicts. They are good with using our naming convention. We discussed if we are going to offer using netcms and some of our other services. We have fully provided Palo Alto firewall service which includes sparing for that service. WPR is a stand alone, self funded unit that resides on campus. Dennis will ask Jeanne what upper management is thinking about for support of WPR. Dennis is going to ask if we are supposed to be backing up their equipment configuration, monitoring… We discussed the possibility of converting WPR brown field to our standards. What should we do for the vlan alerts in the daily email? This happened when the change to pull down the merge configs. We discussed creating a separate directory for WPR so we don’t have conflicts with our tooling. Consensus is to create a directory in cms and call it wpr. Mark Tinberg is going to create the wpr directory and make tool changes as needed. Mark Tinberg will create a JIRA for this.
15AUG22: Bill asked to talk about transitioning from using 3650s to 9300s for deployments. Do we still need to do wdm, we are running out of optics and wavelengths. We need the supernode fiber augmentation to be completed. We discussed fork lifting CSSC since this would give us 3650’s for stock.
22AUG22: Dennis has several switch orders coming that will add up to 400 switches. We should keep Dennis informed of big projects. There are 654 3750X models to work on after the core upgrade. Only the CSSC 7700 pair has been ordered, plus we are waiting for fiber. This means the earliest we will work on this is next spring. Greg let us know we have Palo Alto 440 lab units and asked if everyone wants to use one from home. Dennis said we could do that since we are working mostly remote. Greg has one and configured one for Dennis. Greg has configured the PA 440 as always on and split tunnel. Greg let us know that the automatic Palo Alto update changed the app id for some apps and broke access for some servers.
29AUG22: No change.
12SEP22: We discussed using 1100 watt power supplies for cat 9300’s as the standard and if there would be enough power in the TR’s to accommodate this standard.
19SEP22: Dennis let us know that the order for the 7700’s will be coming the end of December. Dennis let us know there are chipset production delays for some switches and some 1100 watt power supplies.
26SEP22: Jeremy let us know that there was a certificate brainstorming meeting. Jeremy asked if Mark Tinberg could be part of this. They discussed maybe using Let’s Encrypt for automation and renewals. Dennis will see about having Mark Tinberg added to the next meetings.
03OCT22: Ran out of time.
10OCT22: No updates.
17OCT22: Ran out of time.
24OCT22: Ran out of time.
31OCT22: Ran out of time.
07NOV22: Ran out of time.
14NOV22: Ran out of time.
21NOV22: We discussed making the DC power in CSSC b280c better/more redundant. We discussed connecting the NS firewalls to the Cisco Nexus 3232’s. We discussed having a backup to nsvpn put out at OneNeck. We discussed putting additional power supplies in the switches.
28NOV22: We have a Cisco briefing product overview tomorrow on the Cat 9600X.
05DEC22: We discussed getting 7700 chassis for the other supernodes and getting a pair of 9606 chassis to put in Techlab and Athletics. We would test on DoIT first. Have a conversation with Athletics since they want to use 9600’s for amp think. We discussed getting a pair of 1 RU 9600’s to test with instead of getting a pair of 9606’s provided the features are the same. Dennis said we could do this and he will invite Bob Lahey to one of our morning meetings. The goal is to have this decided in a couple of weeks so the order can be placed. Dennis is also going to look into getting refurbished 7710’s to see if we can get those faster than the new 7710’s. Dennis agreed we could also buy extra 7710 cards so we have them in the future. Scott went over his spreadsheet of possible network equipment to purchase as a 5 year plan. Dennis is going to schedule another meeting with Cisco to get our questions answered for the 9600’s.
12DEC22: The 7710 chassis for the CSSC pair has been installed and is going to get DC power soon. The Techlab 7706 is installed, has DC power, terminal server connection and management connection.
19DEC22: Tim C. powered up the new 7710 chassis and the additional load on the DC system tripped a 100A upstream commercial AC breaker. We were on A/B battery for a while wej and Tim C. shifted rectifiers around on different circuits to find a combination that didn't overload the (now overheated) 100A breaker. The new 7710 is not powered and won’t be until this situation is corrected. No timeline on when this will be done. Bill is going to take this to the managers meeting if it is not already on the agenda. We discussed vlan 2388 and 3500 going to the ASR to see if they can be cleaned up/removed. Mark Karls volunteered to work on vlan 2388. There are not MAC addresses for vlan 3500 and 3501. We discussed asking the WAN team about vlan 3500. Greg sent an email to John Perkins to see if he knows that status of 3500 and 3501.
09JAN23: Ran out of time.
23JAN23: Dennis contacted Chris Dahlke and is in the process of setting up a meeting. We discussed the 1038 Network Protection Standards which has a timeline of 01DEC23.
30JAN23: Ran out of time.
06FEB23: No updates.
13FEB23: Ran out of time.
20FEB23: Greg moved the black hole router off of the ASR 9922.
27FEB23: Scott sent Michael a request to put in a Palo Alto threshold FIDO alert. Bill said Michael is ready to implement. Bill said someone needs to figure out the KB handling documentation for NOC, OpEng and engineers. Scott volunteered to create the KB handling documentation. We discussed the Science Hall asbestos abatement status and Bill believes it should be done.
06MAR23: Ran out of time.
13MAR23: No updates.
20MAR23: We discussed alerting on synchronizing Palo Alto configurations in FIDO. We discussed how long to wait until we get an alarm and thought 8 hours would be a good starting point. We discussed automating the synchronizing of the Palo Alto pairs via a script. Mark Tinberg volunteered to work on this.
27MAR23: Dennis reminded us of the meeting this Thursday on the Cisco Nexus platforms for 400/800 Gbps support for RBN, campus core.
03APR23: Ran out of time.
10APR23: No updates.
17APR23: Dennis let us know that the Cat 9606’s are scheduled to arrive in July 2023. Lead time for 9300X-48HX switches is 6 to 8 months. The next batch is schedule to arrive in May 2023. Dennis let us know that when all switch batches come in we should have around 600 switches. Greg is working on combining all multicast traffic groups.
24APR23: No updates.
01MAY23: We discussed installing the Cisco ASR 1006X from Cisco demo in the Techlab. The power supply needed for the Cisco ASR1006X are A/C power per Dennis. 6RU of rack space is needed per Cisco documentation. Rack B4 at the bottom is where it will be installed. Dennis said there would also be a Cisco ASR 1001 1RU.
08MAY23: Greg let us know that the last 2 items on the ASR 9922’s are multicast and the lab connection. Multicast is scheduled to be moved after finals on 16MAY23. The lab connections need to move to the new Cisco Nexus 7700 core (the 109 pair). We will be using the ASR 9922 in the Techlab versus the new Cisco Nexus 7700’s in the Techlab. Scott said he could work on this after his work with the Cisco ASR 1002X/1006X. Dennis said when Jeff comes back he could work with Scott on this. Kalai asked about the 2 Palo Alto cases that he is working on. Scott said one of the tickets is waiting on us to migrate a VR and to keep the case open. The other case is for the DDOS attack and should be kept open so that Palo Alto responds to our questions.
15MAY23: We discussed how to ignore an IP in FIDO. We are getting the 9600’s in to evaluate. We will be using them for Athletics for sure. We would only use the 7700’s if the 9600’s don’t work. We discussed adding a 9300X into the Techlab for testing. We discussed if we would mix the 9300 and 9300X switches or swap out the entire stack. There might be problems with mixing the 9300 and 9300X switches. When we did this with the 3750 and 3750X the code changed and caused problems later with mixing models. The new switch models would hang off of the new core 9600’s. Jeff Robertson volunteered to work on this. We discussed if the monitoring for the new switches is working. Part of putting new equipment into production is to verify we are seeing stats and if not to work with Tim.
22MAY23: Dennis let us know that he discussed the 7700’s and 9600’s for the supernodes. Pat wants us to use the 7700’s for the CSSC pair and replace them with 9600’s after the other supernodes are replaced with 9600’s. Dennis has the bill of materials for the 9600’s that were ordered and will send that out to us. When we replace the 7700’s with the 9600’s we could put the 100 Gig cards in the datacenter 7700 pair. The 9372 switches are end of life this year. There are around 100 of these switches in production. This is not in the budget yet per Dennis to replace all 100 switches. Dennis does have some new switches on order to replace the 9372 datacenter switches. Jeremy is going to work on this with Chris on the datacenter 9372 switch replacements.\
05JUN23: Dennis chatted John that the ASR1006X in the Techlab from demo depot needs go back this week. Scott worked on upgrading code and will let John know when the ASR1006X is ready to go.
12JUN23: Dennis let us know that the Cisco Catalyst 9606 order is scheduled to arrive mid July. These will be installed in the Techlab and used for testing and sparing. They will be DC power. Mark Karls is working on decommissioning of the ASR 9922’s at Animal Science and CSSC. The CR’s have been submitted for the removal of them by Mark Karls. The Techlab ASR’s need to be decommissioned we will discuss this at the LAN team morning meeting.
19JUN23: No updates.
26JUN23: We discussed the problem of not having space to unbox equipment. Bill let us know that there is currently no room in CSSC b360 to unbox switches. Dennis agrees that management needs to find space for us to unbox equipment.
10JUL23: Mark Karls said the ASR 9922’s can be powered down. Dennis will let Logistics know what to do with the ASR 9922’s. Mark is going to cut a ticket to have the ASR 9922 at Animal and CSSC removed from racks. The weather maps need to be updated Mark Karls said he would be willing to work on this with someone who know’s how to do the updates. Mark Karls looked at the KB’s and they do not say how to update the weather maps. Mark Karls is going to cut a ticket to Tim C. for the ASR 9922 power reclamation. Mark Karls is going to follow up with Wej to see about getting the 7710 in CSSC datacenter powered up. Dennis let us know about the Cisco U email that came out and that we should use the lan@lists login to access the training. If individuals want their own access to help with training let Dennis know. Scott let us know that the Palo Alto thresholds have been changed in FIDO to eliminate alerts that we can’t do anything about.
17JUL23: Bill let us know that the fiber for Eagle Heights will be fully funded; no timeline. This is for the fiber between that aggregation nodes. The fiber between the 3 aggregation nodes to the edge buildings is a separate project.
24JUL23: Ran out of time.
31JUL23: Greg asked Bill about non FP&M leased sites for a building number. Greg needs to add Shawn Thiele and Mark O’Neil Palo Alto’s that they have at home. We found the process documented in KB 103598 Netbox Sites management. We discussed possibly creating per customer vlan areas where we do not manage the vlans and use a tag in Netbox that indicates we don’t manage the vlan (e.g. UW Hospital vlans). Mark Tinberg will work on this later this year after more Netbox work is completed. Mark Tinberg created JIRA NS-5595 for this and titled it “Tag or field for interfaces/devices where we don't manage VLAN or IP to exclude from audit”.
07AUG23: We discussed installing two 9606’s in the Techlab in a couple of months in row B or row F. They will fit in a 2 post rack. The 6500’s would have to be decommissioned if we are going to put them into row B the 2 post rack row. We added 2 cold spares for C9336C-FX2 in netbox; Dennis will get 2 more on the next order. We discussed cert automation and Terry let us know that SEO is not going to do this so we should proceed with our own solution. Dennis will let Pat know that we need to work on our own solution for automating cert renewals. Greg let us know he is working on multicast for Engineering. Engineering has a new vrf and they would like the rendezvous point for multicast configured there to isolate the multicast traffic from the rest of campus.
14AUG23: Dennis is going to ask Bill who is going to create a ticket to Field Services to trace fiber jumpers in the datacenter B row.
28AUG23: We are waiting for Field Services to get back on alternate fiber paths and Jeremy has created a ticket for Field Services to remove the FISMA connection.
11SEP23: The supernode fiber augmentation of 288 strand cables is scheduled for ordering Jan-May 2024. Work starts in May 2024 and goes until June 2024. The CSSC B row needs to be removed prior to the 288 strand cable fiber augmentation. The E row needs to be extended so we can put the fiber into CSSC. Bill let us know that this has been brought to Gary’s attention.
18SEP23: Gary currently has possession of the WiscIT tickets to find alternate fiber paths for the connections in the B row in CSSC datacenter. Gary plans to assign those WiscIT tickets this week. Scott let us know that the additional 10 Gig connections have been added to CSSC.
25SEP23: We have new 9200CX compact switches that have a micro usb connector for console connection so it will not work on our term servers without a cable converter. I asked Dennis if he was able to order the console cable and cable converter (USB Type B to RJ45 adapter (CAB-CON-USB)) for the new 9200CX compact switches. Dennis plans on ordering them this week. Dennis is going to start with 20 cables and 20 adapters. One for everyone (OpEng and LAN) also hotspare and Techlab.
02OCT23: Dennis placed the order for the compact switch console cables and adapters. Expected delivery is about 8 weeks. We discussed the email about the DoIT VPN range being full for static IP address. Scott is going to reach out to Bret to work on fixing the cleanup automation since we saw that the “Last Used” column is not populated it is blank.
09OCT23: Scott let us know that Gary Paybins from Palo Alto will be working with us every other week for one year to assist with swapping out Palo Alto firewalls to newer firewalls. We will be merging the 2 Panoramas into 1. Dennis let us know that the airflow kits for the 9600’s are here so we can proceed with installing them in the Techlab.
16OCT23: We have come up with new local credentials.
23OCT23: Only 1 fiber jumper remains in the CSSC datacenter B row. The path has been figured out and is ready to go per Jason. The desire is to have it moved over Thanksgiving.
30OCT23: Scott is working on monitoring MAC address tables for wireless devices and will reach out to Michael to monitor in FIDO. Dennis let us know that a project manager has been assigned to the core/supernode backbone router replacement and one for the Palo Alto firewall replacements. The project managers are from outside of DoIT.
06NOV23: The last fiber jumper was removed from the B row in the CSSC datacenter. Bill is working with Chris Lund to get the racks moved to augment the E row. Bill is submitting the work order to have the fiber cables removed from the cables trays under the raised floors in the datacenter as part of the B row removal.
13NOV23: John will order a 9600 airflow kit, put it together and see how it fits in the racks in the Techlab. Bill let us know that Chris is going to reuse 2 of the racks from the B row to add to the E row in the CSSC datacenter for fiber augmentation. Bill has the work order to cleanup the fiber in the trays under the floor. Bill is going to order cassettes for the fiber boxes. Bill let us know that the fiber bid for the supernode augmentation is closed and awarded. Anticipated start date for installing the fiber for the supernode augmentation will start in March or April of 2024.
20NOV23: The 9606’s and the airflow kits have been ordered and are in the Techlab waiting for Field Services to install them in rack F1.
27NOV23: The 9606 airflow kit brackets are not long enough to reach the back of the 4 post rack. Dennis let us know that the order had 4 power supplies per 9606 and they are 2000W. Tim said that a PDU needs to be ordered by Dennis for rack F1 where Field Services is installing the 9606’s.
04DEC23: The 9606’s have been installed by Field Services in the Techlab in rack F1. Bill let us know that we have another 144 strands at Animal going to the Telect rack from room 122a. The cable is spooled up and needs to be run to the spice cases. The splice cases need to be ordered and installed in 122a this will give us enough fiber for 6 more buildings.
11DEC23: The ASR 9006 BGP has been taken care of by Greg and Jeff as part of decommissioning the ASR 9006 in the Techlab. Tim is ordering the rest of the parts for the DC power for the 9606’s in the Techlab. We discussed using the 7700’s in Techlab for wireless if nothing else. Cisco is being brought in to do a network audit to see if they are out dated and need new ones.
18DEC23: The ASR 9006 is ready to be removed and the ticket has been created for Field Services. A ticket has also been created to have the 7710 installed in Techlab.
08JAN24: Mark Karls has submitted Incident 7399613 on 07JAN24 to Field Services to have the ASR 9922’s unracked at Animal Science room 226 and CSSC datacenter room b380. The 2900’s are out of support as of last year so we discussed replacing them with Opengear devices. The kickoff for the Cisco audit starts 22JAN24 and last for about 6 weeks. We will then see what needs to be replaced.
22JAN24: The N77-M324FQ-25L does not work in slot 3 of 7710 in Techlab, it works in other slots. It was reseated in slot 3 and did not work. This indicates that slot 3 in the 7710 might be bad.
29JAN24: The Cisco 9606’s are powered up and ready in the Techlab. Bill had a conversation with CoE to for dark fiber connections and installation of the needed fiber. Bill let us know that the Eagle Heights phase one fiber bid has been approved and will start installation this spring or summer.
05FEB24: A Cisco TAC case was opened to get a replacement 7710 chassis in the Techlab. The 7710 chassis arrived and was swapped out with a new one.
12FEB24: The Cisco 9606’s in the Techlab are connected to a management switch and term server. The cards in the chassis need to be put in the same slots in both chassis in the Techlab. PA-3420’s are connected in the Techlab.
19FEB24: The ASR 9922’s need to be removed from the racks at Animal Science and CSSC. We will proceed with installing one 9606 in rack A6 and A7 needs to have the ASR 9922 removed. Dennis will follow up with Gary to get the ASR 9922 removed. We discussed the possibility of moving the servers out of Animal Science room 226.
26FEB24: Tickets were cut to have Field Services install 9606’s in Animal Science room 226. The ASR 9922’s is still in the rack per Gary Northey. We discussed the problem we are seeing with checking in the load balancers.
04MAR24: We are installing a 9606 at the bottom of A7 and another one right above the 7010 in A6 at Animal Science room 226. In 432NM we are putting the 9606 in rack A2. In CSSC we are putting the 9606 in rack E/05 where the ASR 9922 currently is being removed by Field Services. Dennis let everyone know that we are doing a recruitment for our open engineering position.
11MAR24: Field Services has installed the two 9606’s in Animal Science 226.
18MAR24: Tim Czerwonka plans to work on powering up the 9606’s at Animal Science this week if parts arrive.
25MAR24: Tim Czerwonka plans to work on powering up the 9606’s at Animal Science this week.
01APR24: Tim Czerwonka powered up the 9606’s at Animal Science. Tim Czerwonka has installed the PDU in b380 datacenter for the 9606 that is going in rack E/05 (where the ASR 9922 was) this will take 18RU of rack space.
08APR24: Tickets to install 9606’s in CSSC datacenter and 432NM have been submitted to Field Services.
15APR24: We discussed if IOS upgrades need to be done and if the tooling is in place to do the upgrades. Mark Karls said he would test in the Techlab to verify that the tooling is up to date.
22APR24: We discussed that the Sup 2’s can not be configured to failover when using swv. Consensus is to remove the second Sup 2. Mark Karls spoke with Dan Cotter. Dan said the 9606’s shipped with the line cards and supervisors already installed. There were no slot covers. Slot covers need to be ordered. Dennis is going to order slot covers in a separate order not waiting for a quarterly order. The 9606 cards that we have do not do 1 Gig connections.
29APR24: The 9606 at CSSC datacenter has been installed and powered up. The 9606 at 432NM has been installed and Tim Czerwonka will be working on getting power to it.
06MAY24: Tim Czerwonka’s plan to work on the DC power for the 9606 at 432NM was interrupted by the student protests blocking access to 432NM; so there will be a delay.
13MAY24: Tim Czerwonka finished the DC power for 432NM. NS VPN test would be good to add IPv6 when it gets configured.
20MAY24: We went over the Network Services summer upgrade plans communication document. We discussed !P interfaces on routers that need to be removed for interfaces that are in production.
03JUN24: No updates.
10JUN24: We discussed the spanning tree root priority number for the 7700’s going to be 4096. The NextGenBuilder tool will have to be updated to include this spanning tree root priority number. Consensus is to set the spanning tree priority to 4096. The pilot buildings are being migrated tonight from the 7010’s to the 7710’s.
17JUN24: We went over the schedule for cutovers to the new 7700’s. Building and routing moves to new 7700’s from the CSSC 7010 pair. CR’s will be created soon. Moves will be on various days from 24JUN24 to 17JUL24. Dennis will check on the status of the blanking plates for the 9606’s.
24JUN24: Tonight there will be migrations for networks (128 vlans and 5 buildings) from the 7010 CSSC pair to the 7710 CSSC pair.
01JUL24: We are still waiting on 9606 blanking plates they are not in our inventory system. They were supposed to be shipped on 20JUL24. Dennis will follow up with our vendor to get confirmation that the 9606 blanking panels were delivered. We discussed adding secondary power supplies to 3850-24XS switches in CSSC room 2360. We don’t see any of the 3850-24XS 715W power supplies in inventory but, there should be some that we got from Athletics. Dennis will follow up to see what happened to the power supplies that we got from Athletics. Greg sent out an email with directions for new MFA vpn for nsvpn.
08JUL24: The 9606 blanking plates are in Verona and will be brought to campus tomorrow. We discussed shutting down the old vpn and only using the new mfa vpn with a timeline of a couple of weeks. Greg will send out an email to let everyone know.
15JUL24: The supernode and Techlab 9606 secondary supervisor cards were replaced with blanking plates by Eric and John.
22JUL24: We discussed dropping or not dropping support for the 7010’s in the Techlab. If we drop support then we will not be able to open tickets with Cisco for these 7010’s.
29JUL24: We discussed the current RIT table entry limitations on the F4 cards in the 7700’s. We believe replacing the F4 cards with M3 (N77-M312-CQ-26L) cards will be a solution due to the M3 cards having a much larger limit. Dennis has asked Cisco to validate that this will solve the scaling limitation issue.
05AUG24: If a customer asks for BAN-BAS or BAN-DOORS should we configure both BAN-BAS and BAN-DOORS? Consensus is not unless they need it. Scott said to ask Mark Misko since Mark Misko would know if they need both.
12AUG24: We discussed the Palo Alto nsvpn-mfa global protect instance. We are looking to use the old nsvpn global protect for testing soon; Josh needs it for testing nsvpn 2 factor authentication. There are a few remaining folks that need to move to the new nsvpn-mfa instace: Mark Karls, Paul Nazario and Jeremy Clark.
19AUG24: Dennis let us know that one M3 card for the 7710’s is coming today and going to Mark Karls desk. The other 3 M3 cards are coming, but we don’t know when. We discussed how to track support for these 4 M3 cards since we are buying them from a third party for warrantee issues. We discussed server logging volume for wireless and there is no concern of running out of space.
26OCT20: We should get consistent information for all sites. OpenDCIM needs work and when it is ready we can discuss this in more detail.
26AUG24: We discussed how to track support in Netbox for the four M3 cards that we got from a third party NetCraze. The N77-M312CQ-26L cards from NetCraze have a lifetime warranty. We need to configure netbox to show the hotspare is in the Techlab. All four cards have arrived and will be installed in the 7710’s probably this week.
16SEP24: We discussed the work to cutover to the 100 Gig cards in 7710’s this Wednesday 18SEP24 this will break nsvpn. Bill let us know that Eagle Heights is back on track for the fiber work and we are going to use building 206. Bill let us know that the Engineering drive project is moving forward. Bill let us know that the 288 count singlemode fiber cables in the core are ready to be used now and the labelling of cabinets is being worked on by Men and Jeff Ruttman. A second 288 count cable was not run and might be done in the future if needed. This should be enough to get rid of the WDM on campus.
09SEP24: Mark Karls created a process for replacing the F4 cards with M3 cards in the Techlab.
23SEP24: The 100 Gig card cutover in the 7710’s was completed with no issues.
30SEP24: The f-core has been migrated off of the PA-7080’s and is now on the new equipment (PA-5260).
07OCT24: The Engineering and CSSC vrf’s were migrated from the 7010’s to the 7710’s. Mark Karls added DHCP relay not working properly after network disruption (e.g. move) on the Palo Alto. The Palo Alto can get end up with stuck sessions pointing to the wrong zone. This is fixed by clearing the session(s) via the cli.
14OCT24: Tomorrow night the CSSC area firewall migrations from legacy to new campus backbone equipment is scheduled to take place.
21OCT24: Mark Karls has been working with Tom to make adjustments with the CSSC area tools due to migrating to 7710’s. Scott and Tom will work on the Palo Alto updates for the configuration tools.
28OCT24: The CSSC area UW Colleges and Extension Voice over IP (VoIP) VRF will be moved to new campus backbone equipment on 30OCT24.
04NOV24: We discussed if we still need fp-hotspare-b360-220-hotspare. This is not needed per Greg and the hotspare can be decommissioned. Mark Karls will open a ticket for OpEng to do the decom. We discussed having ospf passwords for more secure ospf routing, especially internally (e.g. to prevent someone on campus from spoofing). We discussed working on CoPP with Michael. Michael recommends Nmap scanning to see what is being responded to by the campus network equipment to assist with making decisions on security and monitoring.
11NOV24: Scheduling for 432NM 9606 cutover has been figured out.
18NOV24: Ran out of time.
25NOV24: The Cisco 9606’s do not have an equivalent to the Cisco Nexus 7k’s CoPP feature set. Blake from CDW has a ticket open with Cisco to see what we can do. We went over the spreadsheet with the list of Palo Alto firewalls to assign who will work on them and when for the remaining code upgrades.
02DEC24: The datacenter firewall is going to be done this coming Sunday and it is the last one. We will do the credentials afterwards. Don’t do this next week since Josh Patch will be in Boston.
09DEC24: We have a list from Blake on CoPP workarounds that we will go over tomorrow at the LAN team check in meeting. Bill is going to cut a ticket to decom unused Nexus switches at the WARF datacenter.
16DEC24: There was a problem with vlan mapping for Memorial Union not working on the 9606s. The vlan mapping needs to be done in the correct order. The source vlan must be added to the port channel first before doing the vlan mapping. The order of commands that we use on the Nexus 7k’s does not work on a 9606. This has been documented in Cisco 9606R - Known Problems and Solutions, show commands, tips and general information.
06JAN25: The first of five groups of fiber network connection migrations to the 9606’s from the 7010’s were completed in the 432NM area.
13JAN25: The last groups of fiber network connection migrations to the 9606’s from the 7010’s will be completed this week.
27JAN25: The last groups of fiber network connection migrations to the 9606’s from the 7010’s were completed in the 432NM area.
03FEB25: Ran out of time.
10FEB25: None.
17FEB25: Josh Patch, Mark Karls, Josh Anspach and John completed the work on the credential update for all Cisco devices IOS and NXOS on 13FEB25. Josh Patch pushed the change to devinfo at 8:00a.m. on Thursday 13FEB25.
24FEB25: None.
03MAR25: DDN and IAM experienced short service interruptions throughout the day last Friday. We need to reduce the number of vlans and spanning tree instances. WARF decommissioning. Spanning tree instances got below the Cisco recommended limit. Terry created a spreadsheet with vlans that can probably be decommissioned. We discussed having a moratorium set on number of vlans for DDN. We discussed that these limits should be monitored so we know when getting close to the limit of resource(s). We discussed having new vlan requests go through Terry. https://docs.google.com/spreadsheets/d/1ZogPVTeGSpzBRWSDWIICRPG4uzJ69yTOiCDKbbFC9BI/edit?usp=sharing
10MAR25: None.
17MAR25: None.
24MAR25: None.
31MAR25: Scott is going do testing at WARF datacenter. He is going to disable loop guard in the WARF datacenter, change the type to normal from network, set the stp root for vlans and put bpdu filter on links to create two separate stp domains. Consensus is to do 400 Gig for the remote datacenter that Tadd and Nate are going out on RFP for.
07APR25: None.
14APR25: We discussed some unusual ddn flows that Michael Hare stated “I can provide telemetry [flow analysis] to you or LAN to decide. What I found I found by accident by virtue I was working on netflow analysis short of looking at source myself, figured you'd be able to answer this the quickest. For the v4/v6 juniper ACLs being built, is it for specific hostnames, models? I noticed some outside ipv6 activity to the following device, not asking you to take any action, just making sure it would be expected 10.151.90.89 rn-ddnanimal-226-4-node-act112n N77c7706”. We discussed expanding the list of devices to add to what Tom Christie and Mark Karls work on the critical IPs list. This would not be done until later due to no resources to do this now.
21APR25: None.
28APR25: WIDMIR is going to have further separation within the building. Migrating WID portion to campus AD.
05MAY25: We are moving forward with code upgrade for 9606 to fix bugs on 21MAY25.
12MAY25: A schedule for working on 9606 routing moves at 432nm has been developed and is occurring this May and June.
02JUN25: This week routing migration from the 7010s to the 9606s will be done for the 432NM area.
09JUN25: This week the firewall migrations from the 7010s to the 9606s will be done for the 432NM area.
16JUN25: The firewall migrations from the 7010s to the 9606s were completed for the 432NM area.
23JUN25: None.
30JUN25: None.
07JUL25: We went over and discussed the updated and renamed OOB Visio diagram. We went over and discussed the new Out-of-band (OOB) Management Network. John will add "this is not the engineering sandbox network (which is vlan 996 Sandbox network for equipment configuration)" to the definition/summary.
14JUL25: None.
21JUL25: The Animal Science area building migrations from the Cisco 7010s to the Cisco 9606s are scheduled.
28JUL25: The Animal Science area building migrations from the Cisco 7010s to the Cisco 9606s continue to be worked on this week.
04AUG25: The Animal Science area building migrations from the Cisco 7010s to the Cisco 9606s continue to be worked on this week.
26OCT20: We should get consistent information for all sites. OpenDCIM needs work and when it is ready we can discuss this in more detail.
11AUG25: The Animal Science area building migrations from the Cisco 7010s to the Cisco 9606s continue to be worked on this Tuesday. We agreed to move from nsvpnmfa.vpn.wisc.edu to ns.vpn.wisc.edu by 15SEP25.
25AUG25: None.
08SEP25: We discussed the reminder of moving from nsvpnmfa to ns.vpn.wisc.edu; the change is planned for 15SEP25.
15SEP25: DoIT webhosting wants to look at mitigation from internet attacks by putting information into a file and having the Palo Altos use the file. Scott shared the file to give us the opportunity to comment/make recommendations to discuss next week. https://docs.google.com/document/d/1sQnpDOW8JGJ0NEK-5wcpi2v5l_vgI99casChIBbfdeg/edit?usp=sharing
22SEP25: We are planning to move the RDNS1-ANIMAL and RDNS2-ANIMAL this Saturday, 9/27 @ 10am from 7010s to rn-animal-226-110-core. We hit Palo A lot packet buffer issues and Scott is going to setup rules to mitigate future issues on Palo Altos.
29SEP25: None.

Keywords:

Campus Network Engineering Meeting Notes 2025 10 06 October

Doc ID:

155406

Owned by:

Leah S. in KB Demo

Created:

2025-10-09

Updated:

2025-10-15

Sites:

KB Demo

0 0 Comment Suggest new doc