(Part 3) Top products from r/networking

The SG300's are layer 3 switches which can do some routing for you but they will not be able to manage WAN connections. As far as trunking over fiber, you have some options. If IDF will have its own (2) Vlans then we will set that switch up in L3 mode (there is a radio button in the web app; or the command “set system mode router” from the CLI) and have it be the hop (from our router) to those subnets. Let’s assume you have Vlan 1 as native which is insecure but we can discuss that in a moment. So our L3 INF switch will have two vlans (10 and 20) with subnets 192.168.10.0/26 and 192.168.10.64/26. For each vlan on the switch, you will give the switch an address so for vlan 10 it will be 192.168.10.1 and for vlan 20 it will be 192.168.10.65. Now assign your ports to the proper Vlan depending on their purpose and set a default route for the switch (which will be the router’s IP on Vlan 1). Make sure your fiber link AND the link between the two IDF switches are on Vlan 1. Now we will do the same thing for MDF networking giving it Vlan 30 and 40 with subnets 192.168.10.128/26 and 192.168.10.192/26. Again add your ports to your vlans as needed. Make sure your router port and fiber port are on vlan 1.


Now, on the router you will provide routes; this usually will ask you for a network address, mask, and destination IP address. After you give it this info correctly, it will know to send all packets destine for network 192.168.10.0/26 to 192.168.10.1 and so on for each vlan. You will have 4 vlans /subnets so there will need to be 4 separate routes. This is assuming you use an off the shelf business solution like Sonicwall, Fortinet, etc. In the event you decide to go with something more robust, the basic idea is the same but the method to enter the route may differ a bit. Also, your VOIP system may have something to say about the use of 2 separate VLANS in one VOIP Call manager. In that case, you may need to use a single Vlan throughout for VOICE.


Assuming you want 2 vlans (voice and PCs); you can go under the “Vlan Management” section of any port and label the fiber link a Trunk link with a native Vlan (there are a few different menus where this can be accomplished, I find “Port Vlan Membership” to be the best; you will need to establish the trunk at both ends of the link). If you decide to go this route, I would change the native Vlan to something different (for security reasons) and be sure you also make the change on the firewall also ensuring the firewall is aware the link is a trunk.
As for the routers membership: if cost is a serious issue, there are Fortinet firewalls that can handle the load you are talking about and have multiple interfaces which you can assign to different Vlans. Take two ports on the switch, have one port assigned to each Vlan THEN plug them into separate ports on the firewall which you will then add to their respective VLANs through the firewalls web app. This will prevent the need for a trunk going to the router from the MDF switch. You can then shape the links by giving priority to your Voice vlan on a link level if need be. In doing this, you will not be required to enable L3 mode on the switches but you will rather give the routing job to the firewall. So for Vlan 10, we will give 192.168.10.1 and Vlan 20 192.168.10.65. Given that the router now has “skin in the game” (interfaces that are connected to both VLANs) it knows what port to use to get to each vlan/subnet.


This is all predicated on the notion that you will be using the SG300 series but, no matter what you decide to go with, the underlying theme is the same. You can use that fiber connection as a “barrier” of sorts if it does represent a true separation of two parts of your company (i.e. Warehouse and Accounting/CEO Office). If your growth is truly explosive the 4 vlan solution will be the better approach (imo, I’m sure there will be 50 other opinions). I base ALL of this on the switches you said you were considering; they are the SMB class and cheaper. If your boss is willing to give you a somewhat blank check, I would build this network entirely different with your growth in mind. Good Luck and let us know as it progresses if you need any further help!


Fortinet Fortigate-60D
https://www.amazon.com/Fortinet-FortiGate-60D-FG-60D-Generation-Appliance/dp/B00B9HZ5QM/ref=sr_1_1?ie=UTF8&qid=1473186466&sr=8-1&keywords=Fortigate+60D

how deep in the weeds do you want to get into OSPF? do you want to understand enough just to be able to troubleshoot and bring up a new router, or [re]design the entire network?
John Moy's book should still be the standard; he wrote the RFC.

If you want to actually design a network, I still love Russ White's Cisco Press book on Optimal Routing Design.

If you just want an overview, the Cisco OSPF design guide can give you the nomenclature. Though the examples are IOS, the principles carry over.

Along with /u/totallygeek recommendations, if you're going to deploy OSPF onto a network, I would add:

• Figure out what you're trying to gain from using OSPF that you currently don't have in your current network. Redundancy? Faster convergence? Building out a WAN?
  
• Layout the IP addressing FIRST. You're designing an IP network... worry first about the IP addressing before speeds and feeds.
  
• OSPF, IM(strong)O, should be used modularly. Hand in hand with your IP addressing, you really should take advantage of building different areas. Don't go overboard and create multiple areas just for the heck of it, but don't get lazy and put everything into area 0 either.
  
• Decide how you will split up your network. Will it be based along functional business units (i.e., financing, warehouse, engineering), location based (floors, buildings, cities, geographic regions) or in some other way.
  
• Be stringent with what you advertise inter-area, either using access-lists/routing filters as suggested, or better yet, with the more flexible route-maps.
  
  Personally, I would stay away from virtual links as your abstracting what should be physical links onto harder-to-troubleshoot virtual links. I would also keep the area IDs the same as the top level network. For instance, if I was using 172.16.0.0/16 as the supernet for a building, the OSPF area ID would also be 172.16.0.0/16, but that's just me. There is more than 1 way to build a good network and as long as you are consistent on a logical design, that's what matters.

>trim to proper length

EZRJ-45.

http://www.amazon.com/Platinum-Tools-100010C-Connectors-Clamshell/dp/B000FI9VU2

http://www.amazon.com/Platinum-Tools-100054C-Clamshell-EZ-RJPRO/dp/B00939KFOU

I will never go back. You can't make me. NO ONE CAN MAKE ME GO BACK.

On the real though, these save you SO MUCH TIME, and if you're like me and just hold your hand over the wires while you crimp/cut the cleanup is super easy.

Cutting, stripping, crimp/cut. Best things I've ever used.

Even has the pinout for A/B on there so you really shouldn't screw it up.

In general, multicast doesn't run on the Internet. There's mainly 3 applications for multicast: IPTV, financials, and Enterprise.

IPTV generally uses SSM, but it's contained within one SP network, so it doesn't need to be routed between ASes. Financials generally use separate physical private networks, so again no need to route it between ASes. Enterprise applications would be something like multicast music on hold for VoIP for example. In this case the multicast is simply tunneled over the SP network with something like a GRE tunnel, or an enterprise can buy private multicast transport over something like MPLS L3VPN.

In cases where ASes do exchange multicast, then yes, PIM must be run on every single router on a hop-by-hop basis. This is one of the many reasons why ISPs don't exchange multicast by default.

As for MSDP, it isn't a replacement for PIM. The only thing MSDP does is replace the PIM Register message that normally runs between the PIM DR connected to the multicast sender and the Rendezvous Point (RP) in PIM Sparse Mode networks. Register is used so that the RP learns about the senders in the multicast network. MSDP is essentially an inter-RP register message, which allows different ASes to run separate RPs. Even if you learn about the senders with MSDP, you still need PIM to actually build the multicast tree for forwarding.

If you want more information a good resource for this is the book Interdomain Multicast Routing: Practical Juniper Networks and Cisco Systems Solutions.

You would be better off making your own. I've found that a lot of the sets are cheap.

Here's my take on it.

1.Cable tester:
http://www.amazon.com/gp/aw/d
/B000P1OA1O?cache=6447edf9df8336c37ffb445471642e6b&pi=SY200_QL40&qid=1412645606&sr=8-1#ref=mp_s_a_1_1

Simple cat5 tester, cheap and works decently.

2. Cable stripper:

Here I've given two options, one is a spinning stripper made for things like taking the jacket off cat5, the second is a more of an electrical stripper for a bunch of gauges of wire with cutters at the back side. If your comfortable with it you can use the cutters to strip just about anything.

2.a http://www.amazon.com/gp/aw/d/B0099DIV4G?cache=6447edf9df8336c37ffb445471642e6b&pi=SY200_QL40&qid=1412645735&sr=8-1#ref=mp_s_a_1_1

2.b. http://www.amazon.com/gp/aw/d/B00080DPNQ?cache=6447edf9df8336c37ffb445471642e6b&pi=AC_SX110_SY165_QL70&qid=1412645735&sr=8-12#ref=mp_s_a_1_12

3.punchdown tool :
If your in a spot where you get to do punchdowns it's nice to have, they are cheap and work well,

http://www.amazon.com/gp/aw/d/B000KMFDZ0?cache=6447edf9df8336c37ffb445471642e6b&pi=SX200_QL40&qid=1412646040&sr=8-1#ref=mp_s_a_1_1

4. Cat 5 ends:
Always keep plenty of these, a bag of them is cheap and you will be glad you have them.

http://www.amazon.com/gp/aw/d/B003M5BIII?cache=6447edf9df8336c37ffb445471642e6b&pi=SY200_QL40&qid=1412646222&sr=8-1#ref=mp_s_a_1_1

5: crimper:

Never underestimate a good crimper. I have had no luck with the cutting portion of them but that's why I have other tools.

http://www.amazon.com/gp/aw/d/B0000AZK4G?cache=6447edf9df8336c37ffb445471642e6b&pi=SX200_QL40&qid=1412646393&sr=8-2#ref=mp_s_a_1_2

6. #2 philps head.
I like ratcheting screw drivers with multiple heads but this is easily the most used screwdriver in my set.

http://www.amazon.com/gp/aw/d/B000NNK9MS?cache=6447edf9df8336c37ffb445471642e6b&pi=AC_SX110_SY165_QL70&qid=1412646575&sr=8-5#ref=mp_s_a_1_5

The flat head out of this set is also nice, depending on your bag keep them all handy.


Everything beyond this point is optional or situational.

8. Power supply tester: if you do any sort of computer repair these are very handy to hold on to.

http://www.amazon.com/gp/aw/d/B001MKCALY?cache=6447edf9df8336c37ffb445471642e6b&pi=SY200_QL40&qid=1412646902&sr=8-3#ref=mp_s_a_1_3

9. Tweaker: good for laptop repair or if you deal with any sort of building controllers/ low voltage electrical.

http://www.amazon.com/gp/aw/d/B0058I6VNE?cache=6447edf9df8336c37ffb445471642e6b&pi=SX200_QL40&qid=1412647026&sr=8-1#ref=mp_s_a_1_1

I also have a similar sized Philips head screw driver but I use it much less frequently.

10. Electrical tape: some people say it's for those who mess up doing electrical, I call it insurance.

11. Linemans: I use mine to crimp chicklets mostly but they come in handy a lot. I couldn't find the exact ones I use b

http://www.amazon.com/gp/aw/d/B000A0S4XK?cache=6447edf9df8336c37ffb445471642e6b&pi=AC_SX110_SY165_QL70&qid=1412647275&sr=8-4#ref=mp_s_a_1_4


12: a bag:
Personally, I use an old back pack. I find its a lot easier to carry that along with a box of cable. This is entirely preference.

Highly recommend the peplink balance product, there are many dual-WAN routers out there, but none that "just work" in all use cases for less than what these cost. In fact most units that are far more expensive still don't work as well-- often times these get put in front of equipment in the 5-figure price range. For the extra $100 it's probably worth it to get the triple-WAN product for future growth.

http://www.amazon.com/Peplink-Balance-20-Dual-WAN-Router/dp/B0042210U6

Then look into a multi-AP setup, I'm a big fan of Ubiquiti Unifi personally but they are far from the only vendor worth looking at. I'm biased as well because I can build a network with them in my sleep.

A cheap robust solution would be a handful of linksys e2500 dual-band routers setup as access points. Gobs of bandwidth for under $60 a unit.

Generally I go here if I want a good overview and operational view.

TCP, UDP.

If I want to go for the long haul and depth....I start here (I used this list as it's nice and abbreviated of what does what in RFC land). Reading through those will give you a much better idea of how things were "supposed" to work. How they work with a vendor will always be up to interpretation, but the vendors are interpreting those RFCs.

There are quite a few books on Amazon that will teach it to you as well. I honestly would consider getting them too. This, this, this, this.

There's so many good books but those should give you that deep understanding.

I would also like to take the time to plug a few resources, if I may, that have greatly assisted me throughout my career.

1. Of course, Cisco Press. Wendell Odom especially.
   
2. Non-Cisco Press, Todd Lamlle's CCNA book is great!
   
3. CBT Nuggets!! Jeremy Cioara and Keith Barker.
   
4. Tech Exams Forums!! For answers to your questions regarding certification, study material, etc, from a variety of vendor certs. Or, to just read motivating success stories!!
   
5. Internetworking Experts (INE!) That link should direct you to their free CCNA video course. If that doesn't work for you, simply register an account with them and search for the CCNA video course.
   
6. Thomas Limoncelli's The Practice of Systems and Network Administration
   
7. Gary A Donahue's Network Warrior
   
8. Jeff Doyle's CCIE Professional Development Routing TCP/IP Vol. 1 or 2
   
9. Douglas E. Comer's Internetworking with TCP/IP
   
10. GNS3!! Free Cisco Router and ASA Emulation!! Just make sure you have access to Cisco IOS software!
    
11. Andrew S. Tanenbaum's Computer Networks.
    
12. Jeremy Stretch and PacketLife!! Also, Jeremy's network Cheat Sheets!
    
13. Firewall.cx!!
    
14. Cisco's Command Lookup Tool! Requires login, but nonetheless, a great resource for your Cisco engineers when you just NEED to know how the hell a particular command works.
    
15. Priscilla Oppenheimer's Top-Down Network Design
    
16. I've heard the folks at /r/networking are pretty legit.

Network Algorithmics

BGP Design and Implementation. I brought this on a boat, had drank two very, very large margaritas, and dropped it in the ocean. Re-ordered from Amazon before the boat returned to dock.

Internet Routing Architectures

Now here's the thing to keep in mind: it was 13 years ago when I started getting serious about networking. I'm sure if I was starting now I'd have read/bought probably a third less books, and probably a few different ones. My mantra has always been trying to really understand the foundations of protocols -- a very, very strong mental model. I'd say out of those books up there, Network Algorithmics was the most mentally invigorating. There's another Cisco Press book that goes over IOS and the GSR internals that's also a wonderful (if now a bit outdated) read.

I feel it would be acceptable to use the switch you specified and the AP I mentioned, assuming this is just for casual use. What I mean by that is, I assume the PC and the wireless users are just browsing the web randomly, sending a few emails, doing tweets, browsing Facebook, watching occasional YouTube, etc. If that's the expected usage, it should be fine. If this is an important business operation point (bulk email distribution, hosting of a church web site, live streaming of weekly services, etc.) then you may want to consider a better switch to ensure that it will provide rock solid reliability.

Note that the switch is only 5 ports, and right away you'll be using 3 ports (PC, WAP, connection to main router). For roughly the same price, I have used this model in the past (https://www.amazon.com/gp/product/B001QUA6RA/ref=oh_aui_detailpage_o01_s00?ie=UTF8&psc=1), and it has 8 ports, so if you ever add another PC or network-enabled-TV in the future, you'll have a few spare ports.

For SSID, yes you want to make it the same properties as what already exists (name, password, authentication type, etc.). The idea would be that people who are connected would automatically connect to the stronger AP when they move around. Understand that the topic of AP selection by the device is a complex topic. Generally speaking it works, but there are subtleties that make it a little finicky. The only thing that should be different on the APs is the channel (the frequency of the wireless transmitter). They want to be different channels, and they each want to be a channel that is not used by a neighbor. See the comments by /u/OfensiveBias.

For IP addresses, this can get deep but I'll keep it brief. There is a public IP address that your router uses to communicate with your internet provider (Cablevision, TimeWarner, Verizon, AT&T, etc.). That address is assigned by the provider, and it will remain as it is. But the network inside the building, like the PC and the WAP, has an IP address in a different range called "private". It will be something like 192.168.x.x or 10.x.x.x. These addresses are assigned by you (or managed by the router). So the idea is, let's say your router is currently 192.168.1.1, and your PC is 192.168.1.10, and any wireless users are assigned in the range 192.168.1.100 - 192.168.1.150. You could configure the AP as 192.168.1.5 for example. It will come with a default address, and you need to configure your PC to something in the same range in order to initially connect to it, but then you can change it to match what your church inside network is already using. Once that's done, any wireless devices will simply pass through the access point on their way to the router to the internet.

I didn't intend to provide this much detail, so hope this helps rather than confuses.

The TCP/IP Guide - It's a little dated these days and barely touches IPv6, but it's a good, quick look at a lot of the glue services that you will eventually need to understand and troubleshoot: DNS, SNMP, NTP, etc.

TCP/IP Illustrated, VOL 1 - Here's where we get into the nitty gritty. This shows you what is happening in those packets that cross the wire. Invaluable if you go onto doing Performance Engineering functions later on, but still good.

NMAP Network Scanning - NMAP is a godsend if you don't have remote login rights but you need to see what's happening on the far end of the connection.

Wireshark Network Analysis - Most useful tool in your toolbox, IF you can use it, for proving the negative to your customers. At some point you're going to be faced with an angry mob in Dockers and Polos who want to know "WHY MY THING NOT WORK?". This is the book that will let you point to their box and go "Well, as soon as the far side sends a SYN/ACK your box sends a FIN and kills the connection."

Learning the bash shell - You're a network engineer, you're going to be using Linux boxes as jump boxes for the rest of your life. Shell scripting will let you write up handy little tools to make your life easier. Boss wants to blackhole China at the edge? Write a quick script to pull all of the CN netblocks from the free FTP server APNIC owns, chop it up in sed and AWK, throw a little regex in for seasoning and you're done. And when he comes back in 30 days for an updated list? Boom, it's done even faster.

The vendor specific books are nice, but I can't tell you how many network engineers I've run across who couldn't tell me how DNS worked or how a three way handshake worked or couldn't write a simple script in Bash to bang out 300 port configs in 30 seconds. There are a shit ton of paper CCIEs out there, but those books up there will make you stand out.

Good advice here. I also recommend Todd Lammeles CCNA book after you've done the Network+. Download GNS3 for playing around.

Also, start using Linux now if you haven't already. Debian, Ubuntu, or CentOS are fine to get started. The majority of network gear is running some flavor of Linux these days. Get comfortable doing things from the command line.

As a reference book, I recommend this: http://www.amazon.com/gp/aw/d/159327047X/ref=s9_topr_hm_bwS_g14_i1

USB hubs do something entirely different than Ethernet hubs do. There are no easy ways to use a USB hub to network computers.

Perhaps what you're looking for is an Ethernet switch instead?

It might be important, depending on how literally you meant "have the same packets sent out each port", to note that while hubs do literally do that, switches (as normally set up) do not.

A hub waits for one of the devices plugged into it to start transmitting; then it repeats exactly what it receives on each other port. For this reason, hubs are always half-duplex (data can only move in one direction at a time, from one source to every other device). (This causes some performance issues related related to collisions, sort of like when you and somebody else keep trying to talk and then stopping when you hear the other person.)

Switches, on the other hand, do something called MAC learning; when traffic arrives, they look at the sender (sort of like glancing at the upper-left corner of an envelope) and remember which of their ports that sender is connected to. Then, when they see traffic being sent to that device, they only have to send it out the one port. This process of receiving a packet and sending it only towards its destination is called forwarding.

You'll notice that there's a chicken-and-egg problem here: what do they do with a message (packet) if they haven't seen the destination address before? Well, they fall back to doing what hubs do: they send the packet out each other port, which is called flooding (as opposed to forwarding).

If you really need this behavior, there are nicer switches (on the order of $200 or $300) that would let you either disable MAC learning (thus always flooding every packet, similar to what a hub would do).

If you can be more specific about exactly what you're trying to achieve, maybe we can be more helpful!

The TCP/IP Guide

The Illustrated Network

A bit dated, but pretty well respected:
TCP/IP Illustrated (There are 3 volumes)
----------------------------------
You can find most of this info freely on the web though.

Interconnections: Bridges, Routers, Switches, and Internetworking Protocols (2nd Edition)

Internetworking with TCP/IP Volume 1 (5th Edition)

TCP/IP Illustrated, Volume 1: The Protocols (2nd Edition)

are the three 'vendor neutral' books that are recommended by INE as resources for all CCIE tracts.



Cisco CCIE book list contains the following:

Other Publications

Cisco Documentation

Configuring IPv6 for Cisco IOS (Edgar Parenti, Jr., Eric Knnip, Brian Browne, Syngress, ISBN# 1928994849)

Interconnections: Bridges & Routers, Second Edition (Perlman, Addison Wesley, ISBN# 0201634481)

"Internetworking Technology Overview" Available through Cisco Store under doc # DOC-785777

Internetworking with TCP/IP, Vol.1: Principles, Protocols, and Architecture (4th Edition)
(Comer, Prentice Hall, ISBN# 0130183806)

IPv6: Theory, Protocol, and Practice, 2nd Edition (Pete Loshin, Morgan Kaufmann, ISBN# 1558608109)

LAN Protocol Handbook (Miller, M&T Press, ISBN# 1558510990 )
Routing In the Internet (2nd Edition) (Huitema, Prentice Hall, ISBN# 0130226475)

TCP/IP Illustrated: Volumes 1, 2, and 3 (Stevens/Wright, Addison Wesley, ISBN# 0201633469, 020163354X, 0201634953)



edit1:
I own the first three and recommend them for vendor neutral network engineering books, with Perlman's book being the best switching book I've personally ever read.


edit2:
also I find wikipedia articles on computer related topics to be top shelf. I would recommend many of the references and papers referenced in the https://en.wikipedia.org/wiki/Network_theory
article.

Short answer: yes.

Quick side note: you're looking at 10Gb (bit), not 10GB (byte).

Some clarification is possibly necessary here. You're probably using something like this:
https://www.amazon.com/NETGEAR-ProSAFE-XS708E-Ethernet-XS708E-100NES/dp/B00B46AEE6

In which case, it has 8 ports that can deliver 10Gb each, and ONLY 8 ports that can deliver Gb each (no other ports). It will bottleneck IF, and only if, you are trying to push more than 10Gb at once from this switch to the next one up/downstream from it. Whether this is occuring is highly variable based on your environment.

Many switches have a configuration more like this:
https://www.newegg.com/Product/Product.aspx?Item=N82E16833122436

The bulk of ports are gigabit (1Gb), and it has 10Gb capable uplinks, so you have less congestion. Same concept with 10Gb switches with 40Gb/100Gb uplinks, etc.


Finally, what you seem to be thinking of is how hubs work(ed). If you have an 8-port 10Gb hub (does such a thing exist? I hope not), then your available bandwidth is reduced by the number of connected machines. The (simplified) technical reason for this is that a hub sends packets to all connected computers. If a packet destined for 192.168.1.1 is received by a computer at 192.168.1.2, it ignores the packet. With a switch, it keeps track of which devices are on which port. A packet destined for 192.168.1.1 is sent out port 4, because the switch knows that's where it is.

RJ45 connectors do not exists, because RJ45 is not a connector--it is a jack. If you will search for the correct name for the product, which is an 8P8C connector, as well as whether you're crimping it onto solid (yes, they exists and work fairly well) or stranded wire, you will get higher quality connectors.

Edit to add more: And this brings me to my next concern, that you're probably making cables out of riser cable--if you bought it in a 1000 foot spool and didn't seek out "patch cable material," you're almost certainly using lateral (usually designated CM, or CMG), riser (CMR) or plenum (CMP) cable. The blades in these ends are not designed to crimp into the solid wire in any in-wall-rated cable. Does it work? Mostly, but not terribly reliably. They do make ends designed for solid wire, where the blades are flared a bit from side-to-side, but they're not something I can say a lot about as far as reliability. Our wiring guys would either refuse to put a mod-end on solid wire, or we would certainly refuse to warrant it if the customer insisted on it.

You can buy stranded wire in 1000' boxes. That is just the first link I found and in no way is a recommendation for Belkin cable.

Lastly, you may just not be getting a good crimp and the cable just might not be seating properly. A good ratcheting crimper from a major manufacturer might help you out a lot.

Normal person is relative. Ha! However, I can tell you Wireshark is my go to for troubleshooting complex application/network problems.

I highly recommend Laura Chappelle books. This is my favorite, well worth the cost. Wireshark Network Analysis (Second Edition): The Official Wireshark Certified Network Analyst Study Guide https://www.amazon.com/dp/B008G65O7O/ref=cm_sw_r_cp_apa_sNcFyb8ZXZ6KS

I get all of what you're saying, but the honest truth is that if a VPN goes down for us it's not the end of the world. Most of our inter-company data is performed on our websites, so as long as the internet stays up our regular staff can do 90% of their jobs. It'd mostly be me, the IT, affected by a VPN going down. And that 90% is probably going to rise to 98% once we move our mobile devices off of WindowsCE and onto Android. We're going to be doing everything by in-house apps, more or less.

$550 is just not something I can justify for our use cases, when really all I want is IT management out of it and not anything beyond that. I can't justify that price for an office for < 5 people who are basically sitting on the internet all day doing their job and not sending inter-company data over the VPN.

Though already stated, I thought I would re-iterate to further solidfy:

• Full mesh for iBGP is an absolute must unless you use next-hop-self
  
• source from lo0 (loopback). This will increase redundancy and resiliency in case of a failure. Be sure to advertise lo0 via an IGP (OSPF or EIGRP. I personally prefer OSPF)
  
• Route reflection is so, so much easier than forcing each peer to peer with the other
  
  Here is a nice basic paper on BGP:
  
  https://www.cs.rutgers.edu/~badri/552dir/papers/bgp/BGP-Case-Studies.pdf
  
  Here is another book I would highly recommend, though, it is far more advanced and technically not geared towards a beginner:
  BGP Design and Implementation by Zhang and Bartel

Read (and try to understand):
[Ethernet fundamentals!]
(http://www.amazon.com/gp/product/1565926609/ref=oh_details_o08_s00_i00?ie=UTF8&psc=1)
[Internetworking with TCP/IP!]
(http://www.amazon.com/gp/product/0131876716/ref=oh_details_o06_s00_i00?ie=UTF8&psc=1)

Both are good books and essential reading for anyone working in networks (if you want to be any good at it)...

I've had success setting up less technical users with Peplink Balance multi-WAN routers. The web-based configuration is pretty accessible for "prosumers"; see the live demo. They're priced reasonably too.

The new "Jetstream" range of TP-Link switches are pretty damn awesome and cheap to boot. Oh and they allow cable/pair testing too!

Here's a link to the 24 port gigabit version:
TL-SG3424

And here's a demo of the interface: TL-SG3424 simulator

Man, I wish I could get a connection that fast where I live!

On a more serious note, it will work just like you said. However, you will need a "special" router that has support for a multi-wan setup.

I don't have any experience with multi-wan routers (outside of BGP setups with multiple wan connections), but maybe something like http://www.amazon.com/Peplink-Balance-20-Dual-WAN-Router/dp/B0042210U6.

Tanenbaum's Computer Networks. I purchased it as a textbook for a class, but I've held on to it because it's a great reference for packet headers and low-level stuff.

I learned Cisco first and then branched out into other vendors later. It has worked very well for me, but I see no reason why you can't start with Juniper first. The more I learn about Juniper the more I fall in love with their gear. Get yourself an SRX-100, a book, and just go to town.

We are deploying Fortinet Fortigates at each of our new sites. Might want to give it a try. Their documentation is good and their support team acts fast. We have the exact same setup for up to 20 people that you mentioned above.

https://www.amazon.com/Fortinet-FortiGate-60D-FG-60D-Generation-Appliance/dp/B00B9HZ5QM

Yep! Just hanging around to see if anything breaks, really. Reading up on Optimal Routing Design for fun in the meantime.

Other books I can recommend from O'Reilly are JunOS Enterprise Routing, JunOS Enterprise Switching, and Juniper SRX Series. I bought them all as epubs when O'Reilly was still selling them directly and I have found them very useful for my day to day work with Juniper gear.

I use this one all the time. I have the one that mrsix recommended as well, but I like this one a lot better.

edit: don't fall for that ez-rj45 nonsense

I agree. I assume he is using the switch first because it's the only device with an SFP port.

Try taking the switch out of the equation, or move it behind the 2 SonicWalls and try something like this and see what happens, https://www.amazon.com/TRENDnet-1000Base-T-Media-Converter-TFC-1000MGA/dp/B0062K68D0

Buy some used/cheap Cisco hardware off eBay, grab yourself a copy of this book and have yourself some fun. : )

You might consider going with 3 8 port switches, as it might be a little cheaper, but you will be giving up 3 ports to connect them to the router. Here's a link to one that costs $30. Most 24 gigabit switches are over $100. And when you buy a gigabit switch, remember that some of them will say they are gigabit simply because they have a couple of gigabit ports.

Since this is just a lab I'd use 2 vmkernel management interfaces. One on the virtual switch with no physical uplinks (i.e. routed through pfSense for normal access) and one on a USB to ethernet adapter in case you mess up pfSense and need to get into the console to fix it. To use a USB adapter you'll need this driver loaded on ESXi https://flings.vmware.com/usb-network-native-driver-for-esxi and you'll need a compatible adapter like https://www.amazon.com/Plugable-Ethernet-Gigabit-10-100-1000-Compatible/dp/B00AQM8586

You can technically do it without the USB adapter but it'd be a lot of work to fix things if you messed pfSense up in such a scenario.

 

Another option entirely would be to get a managed L2 switch with VLAN support like https://www.amazon.com/gp/product/B00K4DS5KU and just use VLANs out of pfSense and map them to untagged physical ports. You'd have way more physical ports this way and they'd still be separated by pfSense policy.

Internetworking with TCP/IP, Vol 1

Read it cover to cover. It's an easy read.

> I'm very new to BGP, and there's not a lot of information out there on this topic.

That is absolutely not true, there are tons and tons of information available regarding proper BGP configuration and design :

BGP Design and Implementation
Internet Routing Architecture
Practical BGP
Network Warrior 2

You should really try to understand BGP if you want to optimize your peering. Maybe look at getting someone with BGP experience onboard your project.

Hahahaha $1800 each, just buy a switch.
https://www.amazon.com/NETGEAR-ProSAFE-XS708E-Ethernet-XS708E-100NES/dp/B00B46AEE6

Nice find though.

Highly recommend the book Interdomain Multicast Routing. I bought the book when I had to learn multicast inside/out and still reference it every once in awhile.

1. Cordless Driver http://www.amazon.com/DEWALT-DCF680N2-Gyroscopic-Screwdriver-Battery/dp/B00DL7QDS2
   
2. RJ45 EZ Crimper http://www.amazon.com/Platinum-Tools-100054C-Clamshell-EZ-RJPRO/dp/B00939KFOU/ref=sr_1_3?ie=UTF8&qid=1423770419&sr=8-3&keywords=rj45+EZ+crimpers
   
3. Heavy Duty Scissors http://www.amazon.com/Clauss-18081-Titanium-Adjustable-Ultraflex/dp/B00270XY1I
   
4. Folding Box Cutter http://www.amazon.com/DEWALT-DWHT10035L-Folding-Retractable-Utility/dp/B0051QIBGI
   
5. USB Serial Adaptor http://www.amazon.com/Tripp-Lite-USA-19HS-High-Speed-supports/dp/B0000VYJRY
   
6. Flush cut snips http://www.amazon.com/Xcelite-2178M-Heavy-Duty-Shearcutter-Diagonal/dp/B002M6U5JG/ref=sr_1_10?s=hi&ie=UTF8&qid=1423770726&sr=1-10&keywords=flush+cut+pliers
   
7. RJ45 Couplers http://www.amazon.com/Connector-Modular-Network-Coupler-Adapter/dp/B00K836DHI
   
8. Fiber cleaning Tool http://www.fiberoptics4sale.com/p/6210MF.html?gclid=CjwKEAiAgKu2BRDu1OGw3-KXokwSJAB_Yy2Qe4jogMWd-DK7Gz5p5LfMkTCwda6IBgaEzluP7vm-ARoCl-7w_wcB
   
9. Hex bit set http://www.amazon.com/DEWALT-DW2166-45-Piece-Screwdriving-Set/dp/B002JWSNIS
   
10. Light Meter http://www.amazon.com/Optical-50dBm-Locator-Male-LC-Adapter/dp/B00D6BVRN4
    
11. Multitool http://www.amazon.com/Victorinox-Swiss-Cybertool-Pocket-Knife/dp/B00005ML8H
    
12. 1m SingleMode Simplex x8
    
13. 1m SingleMode Simplex x8
    
14. 1m SingleMode Simplex x8
    
15. 1m Multimode Simplex x8
    
16. 1m Multimode Simplex x8
    
17. 1m Multimode Simplex x8
    
18. Fiber Couplers SC/LC x8

as /u/supergeniusluie stated the fast track tools are great and what i used for my JNCIA-JUNOS. I then used the below books with some real gear for my JNCIA-ENT, JNCIS-ENT and JNCIP-ENT. sadly my last few stops havent had any juniper and all my JNCIA-FWV were on the ScreenOS so i may not be the most up to date. I hear you can integrate the new juniper virtual router into VIRL though (even though its expensive).

https://www.amazon.com/Juniper-Networks-Warrior-Guide-Implementations/dp/1449316638/ref=sr_1_1?ie=UTF8&qid=1475007466&sr=8-1&keywords=juniper+network+warrior

https://www.amazon.com/Junos-Enterprise-Routing-Practical-Certification/dp/1449398634/ref=sr_1_1?ie=UTF8&qid=1475007491&sr=8-1&keywords=juniper+network+routing

https://www.amazon.com/JUNOS-Enterprise-Switching-Harry-Reynolds/dp/059615397X/ref=sr_1_3?ie=UTF8&qid=1475007563&sr=8-3&keywords=juniper+network+switching

https://www.amazon.com/JUNOS-Cookbook-Cookbooks-OReilly-Garrett/dp/0596100140/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=VGTJEBZR1JWAP2MHBBFZ

This book helped me out a lot. You need to know how multicast works to be able to recommend designs. The beautiful thing about multicast is every vendor implements it differently. You will have to figure out how your equipment works and how your network handles the multicast traffic.

Case in point, we started having multicast clients fail. We weren't sure why. We checked the multicast routing table and the switches were showing their max. Turns out Windows 7 has a feature that tries to communicate over multicast and it was filling up our tables quickly.

> stupidly cheap switches

$39

Stuff like this usually has a godawful windows-based configuration utility which requires L2 adjacency to function.

They're horrible, but seem to meet the criteria.

We have a few devices like this knocking around the office. The port mirror function is permanently enabled (somebody did it ages ago) so that developers can grab one whenever they want to do protocol diagnostics on their embedded devices.

I agree, build you own kit. Below is my take. Know that some of those tools are not for every day use in networking, but who can resist getting more tools? Also, if you get all of these I realize it will be over $200. So, just use this list as a guide not a definitive list.

BAGS

• 5.11 Rush 24 Pack (Should fit all tools): http://www.amazon.com/gp/product/B002N1G2WY
  
  
• 5.11 Tactical Small Kit tool Bag (for the essentials):
  
  • http://www.511tactical.com/small-kit-tool-bag.html
    
  • http://www.amazon.com/gp/product/B001A66GDI
    
    
• 5.11 Tactical Shell pouch # x2 in 2 different colors:
  
  • http://www.511tactical.com/shotgun-ammo-pouch-vtac.html
    
  • http://www.amazon.com/gp/product/B009PTSUUO
    
  • one pouch for rj45 connectors
    
  • one pouch for cage nuts
    
    ETHERNET TOOLS
    
    
• Punch down tool: http://www.amazon.com/gp/product/B0000AZK4D
  
• Crimper: http://www.amazon.com/gp/product/B002D3B97U
  
• Network Cable Tester: http://www.amazon.com/gp/product/B00DQH4XPW
  
• Cage Nut Tool: http://www.amazon.com/gp/product/B00DL09HPU
  
• Wire Stripper: http://www.amazon.com/gp/product/B00CJWUEMQ
  
• Ethernet cable stripping tool: http://www.amazon.com/gp/product/B00788LVZA
  
• Coax and Data Cable Cutter: http://www.amazon.com/gp/product/B003S5VE0Y
  
  SCREWDRIVERS
  
  
• Steelex D2023 Magnetic Tip Screwdriver Bit Set 30-piece: http://www.amazon.com/gp/product/B0000DD6T9
  
• Klein 32561 Std. Stubby Screwdriver: http://www.amazon.com/gp/product/B005FQDHHC
  
• 15 in 1 Screwdriver: http://www.amazon.com/gp/product/B004VJY99Y
  
• Philips Head Screw Driver with magnetic tip #3: http://www.amazon.com/gp/product/B007ISYR6K
  
• iFixit Precision Screw driver 54bit set: http://www.ifixit.com/Store/Tools/54-Bit-Driver-Kit/IF145-022
  
  PLIERS and WRENCHES
  
  
• Needle Nose Pliers: http://www.amazon.com/gp/product/B000JNNW1M
  
• RoboGrip 7" Wrench Pliers: http://www.amazon.com/gp/product/B000PEPAFQ
  
• Tekton 26-pc Long Arm Ball Hex Key Wrench Set (inch/metric): http://www.amazon.com/gp/product/B00I5THF4W
  
• Tekton Star Key Set: http://www.amazon.com/gp/product/B00I5THF9M
  
• Craftsman Evolv 3 pc. Adjustable Wrench Set: http://www.amazon.com/gp/product/B0056BJFOK
  
• Tekton Combination Wrench Set (Inch/metric): http://www.amazon.com/gp/product/B000NQ159G
  
  POWER
  
  
• 1.8" LCD 20+4-pin Power Supply Tester w/8/6/4-pin Connectors: http://www.amazon.com/gp/product/B001MKCALY
  
  MISC
  
  
• CRKT 3 inch folding Knife: http://www.amazon.com/gp/product/B0017UV9W0
  
  
  SUPPLIES
  
  
• Pack of 100 RJ45 connectors: http://www.amazon.com/gp/product/B00BS92DCK
  
• 75ft Role of velcro: http://www.amazon.com/gp/product/B0069FJR2M
  
• Electric Tape: http://www.amazon.com/gp/product/B00004WCCL
  

Seriously, cable testers aren't expensive and I've never heard of a software alternative.

This one is $5 ... surely you can afford that.

Firewall: pfSense on one of these servers

Access: 1x TP-Link SG3424

Wireless: 3x Aerohive AP141

It's potentially overkill for home use. I do have a 1gbps full-duplex Internet connection from a local fiber provider though (not Google), so it's nice to be able to maximize my use of that (I've been able to pull 900+ each way max, typically 600ish each way during peak hours).

The gear is all stuff left over from a consulting business I run, so I didn't buy it specifically for home use. I use it to try out configs as a lab of sorts.

I bought this to test the cables. Is this sufficient? What other tests should I do?

The cheapest 10GE copper switch that I know of is the NETGEAR ProSAFE XS708E 8-Port 10G Ethernet Switch 8 Ports $850

that makes more sense now. you need a media converter. many out there.. here is on for ~$60

http://www.amazon.com/gp/aw/d/B0062K68D0/ref=redir_mdp_mobile

nvm, I found it
http://www.amazon.com/Computer-Networks-4th-Andrew-Tanenbaum/dp/0130661023

We got 2 of these, and they've been running for almost 4 years now in an enclosure outside.

http://www.amazon.com/TRENDnet-1000Base-T-Media-Converter-TFC-1000MGA/dp/B0062K68D0/

Buy the book network warrior.

www.amazon.com/Network-Warrior-Everything-need-wasnt/dp/0596101511

https://www.amazon.com/Optimal-Routing-paperback-Networking-Technology/dp/1587142449/

http://www.amazon.com/Computer-Networks-Edition-Andrew-Tanenbaum/dp/0130661023

This is rather theoretical.

Network Warrior

$13 used on Amazon

I use a https://www.amazon.com/dp/B00K4DS5KU/ref=twister_B00PTUGAL4?_encoding=UTF8&psc=1 at home. Needs to be initially configured using a shitty windows tool, but otherwise just works.

Unmanaged: http://www.amazon.co.uk/TP-Link-24-Port-Gigabit-Desktop-Rackmount/dp/B003UWXFM0/ 80 pounds.

Managed "lite": http://www.amazon.co.uk/TL-SG3424-JetStream-Gigabit-Managed-Switch/dp/B005B7YVCK/ 120 pounds.

These are probably crap (check product reviews), so caveat emptor.

Platinum tools EZ RJ45 Eveything else is a pain in the ass.
https://www.amazon.com/Platinum-Tools-100054C-Clamshell-EZ-RJPRO/dp/B00939KFOU/ref=pd_sim_60_1?_encoding=UTF8&pd_rd_i=B00939KFOU&pd_rd_r=GYM8D6TQ33NZV9N4VDZT&pd_rd_w=aZQJ0&pd_rd_wg=RBSiX&psc=1&refRID=GYM8D6TQ33NZV9N4VDZT

Connectors
https://www.amazon.com/Platinum-Tools-100010C-Connectors-Clamshell/dp/B000FI9VU2