Seven Deadly Sins of Networking
One of my readers suggested I develop seven deadly sins of networking to go with my Ten Commandments. You ask, I deliver:
- Disabling keepalives.
I’m not sure if people overthink bandwidth usage (I can save BW by not continually sending KA messages), or they will just try anything to get the interface to read up/up. If you would plug a switch into itself after disabling KA messages, the switches would not going into err disable, and would allow a layer 2 loop. Either way, not a good idea. - Forgetting “no auto-summary”.
A network, possibly a single network, is unreachable. Everything appears to be working properly. You ping here and there, some work, some don’t. It is not until you have all of the “show run | s router” outputs side by side when you realize you have made the rookiest of all rookie mistakes. - Saying aloud that “QoS will fix ______”.
QoS doesn’t fix anything. At best, it can help optimize your traffic. At worst, it can be the reason your network dies (forget your routing protocol will do it). Unicorns don’t appear when you apply a policy-map. Equally bad (to thinking QoS fixes everything) is to skip QoS configs because it is “too complicated”. - Over-relying on ping.
Everything appears to be good, but computer A can’t ping computer B. You spend 45 minutes (this is on the low side) troubleshooting your entire equipment string checking routing tables, mac-address tables and even ARP caches. You eventually realize Windows Firewall is blocking ICMP. Sometimes you think you have a problem when you don’t. - Using the same routing protocol (and instance/AS) for physical interfaces and the tunnels that ride them.
It is all fun and games until your router decides to get to a tunnel destination by going through the tunnel. - Ignoring return traffic.
It is not ALL about next-hop ip. Something is wrong with your VoIP phones. They get one-way audio. You are positive the firewall guys have hosed you again. Just to cover your six, you ssh into every router from your phones to your ISP to make sure they have a route to their destination. The problem is your VoIP subnet was accidentally black-holed. No amount of examining outbound traffic would tell you that. - Falling in love with your initial design.
You are smart. You had some of the best and brightest consult with you when you initially designed the network. The problem is, things have changed. Your design was based off of requirements that have either morphed, or don’t exist anymore. Instead of using your considerable talents to come up with a redesign, you spend your brain power justifying to others (and yourself) why your design is still valid. This is your baby, and anyone who calls it ugly will experience your wrath.