Attention all application developers:
1. If your application is one of many and is the only one having a problem passing data/transactions/etc etc IT IS NOT THE DAMN NETWORK!
2. No, I do NOT log every damn packet that flows through a router, content switch, firewall or other network appliance, I cannot see if your XML data sent yesterday or last week was corrupted and no I don't think the network is selectively passing packets based on some obscure java property that you can't decide if it is misconfigured or not.
3. No, once your data passes my firewalls I cannot give you any clue what happens to it. If the vendor on the other end can't see it hit his firewall but I can trace to his IP you've got something setup incorrectly in your application which indicates where the traffic should go.
4. No, you cannot use basic network services such as ping, traceroute etc. etc past the firewall. No, i can't temporarily open the firewall for you to ping/traceroute etc. etc.
5. No, I will not open the firewall for the vendor to ping/traceroute/telnet/whatthefuckever to your server.
That is all.
It's not the damn network!
Moderator: TheMachine
-
Neost
- Almost 1337
- Posts: 911
- Joined: July 3, 2002, 1:56 pm
- Gender: Male
- XBL Gamertag: neost
- Wii Friend Code: neost
- Contact:
It's not the damn network!
Last edited by Neost on May 4, 2004, 5:50 pm, edited 1 time in total.
-
Diae Soulmender
- Star Farmer
- Posts: 460
- Joined: July 3, 2002, 6:27 pm
- Location: Vancouver, WA
- Contact:
Neost!
LOL! That is so God Damn funny.
Im with ya bro...
LOL! That is so God Damn funny.
Im with ya bro...
Khrashdin 80 Protection Paladin
Vox Immortalis - Hyjal-US
#1 World Ranked 10man Strict Achievement Guild
#3 World Ranked 10man Strict Progression Guild
http://www.guildox.com The Premier Guild Ranking Site
Vox Immortalis - Hyjal-US
#1 World Ranked 10man Strict Achievement Guild
#3 World Ranked 10man Strict Progression Guild
http://www.guildox.com The Premier Guild Ranking Site
-
Adelrune Argenti
- Almost 1337
- Posts: 831
- Joined: July 9, 2002, 4:22 pm
- Location: San Diego, CA
Every argument has two sides. Having worked with both IP infrastructure and brick and mortar companies I realize that sometimes the network CAN be the problem for an application. Yes - very likely the problem is that the application developer does not understand the restraints and or limitations of the environment.
This is multiplied if developing with a third-party ouside the firewall in which the firewall rules can interfere with data transmission due to a number of reasons (port/protocol/ip address permissions etc.), especially if the third-party documentation is not precise on the requirements for transmissions.
But yeah, I hear ya. Managing the cloud is a PITA, but developing applications that have to navigate it is an equal PITA.
This is multiplied if developing with a third-party ouside the firewall in which the firewall rules can interfere with data transmission due to a number of reasons (port/protocol/ip address permissions etc.), especially if the third-party documentation is not precise on the requirements for transmissions.
But yeah, I hear ya. Managing the cloud is a PITA, but developing applications that have to navigate it is an equal PITA.
- Ash
-
Neost
- Almost 1337
- Posts: 911
- Joined: July 3, 2002, 1:56 pm
- Gender: Male
- XBL Gamertag: neost
- Wii Friend Code: neost
- Contact:
I probably unfairly pointed out the app devs simply because being 3rd level support i deal with them the most.
2nd level app/middleware support guys are just as bad for the most part really. We have one app support guy that can barely speak english and I swear the only thing he can say clearly is "the cisco router has a problem". Now, how he determined that a network device is having a problem, who the hell knows. If you ask for details he cannot clearly and precisely state his reasoning.
I'm currently working on a project to geographically disperse our internet dmz infrastructure and provide an environment to do the same for our applications (gotta love BGP peering and DNS proximity). The development gangs are in a tizzy because they don't understand how an web/app/database server can be setup in two different data centers and have traffic load-balanced amongst them. God help you should try to get a DBA to admit that with the right sized pipe between locations you can synchronize an oracle database on geographically dispersed SAN space to maintain state.
I could rant for the next 100 years on the amount of time I spend defending the network as opposed to actually getting some work done. It's a never ending cycle that I guess just has to be repeated at least bi-weekly. Usually at 3 in the fucking morning.
2nd level app/middleware support guys are just as bad for the most part really. We have one app support guy that can barely speak english and I swear the only thing he can say clearly is "the cisco router has a problem". Now, how he determined that a network device is having a problem, who the hell knows. If you ask for details he cannot clearly and precisely state his reasoning.
I'm currently working on a project to geographically disperse our internet dmz infrastructure and provide an environment to do the same for our applications (gotta love BGP peering and DNS proximity). The development gangs are in a tizzy because they don't understand how an web/app/database server can be setup in two different data centers and have traffic load-balanced amongst them. God help you should try to get a DBA to admit that with the right sized pipe between locations you can synchronize an oracle database on geographically dispersed SAN space to maintain state.
I could rant for the next 100 years on the amount of time I spend defending the network as opposed to actually getting some work done. It's a never ending cycle that I guess just has to be repeated at least bi-weekly. Usually at 3 in the fucking morning.
-
masteen
- Super Poster!
- Posts: 8197
- Joined: July 3, 2002, 12:40 pm
- Gender: Mangina
- Location: Florida
- Contact:
I can't tell you how many packet caps I had to do to convinve idiot app devs that their packets were traversing the network, and no, the LAYER 2 FUCKING SWITCH IS NOT FLIPPING BITS IN THE IP HEADER.
God I hated IT.
God I hated IT.
"There is at least as much need to curb the cruel greed and arrogance of part of the world of capital, to curb the cruel greed and violence of part of the world of labor, as to check a cruel and unhealthy militarism in international relationships." -Theodore Roosevelt
Hehe, i love the external program suppliers even more. Had a big fight with Agfa today, they run a server in our serverroom that control ALL xray pictures taken at the hospital, and old NT4 server with SP6.
And they do NOT like anyone touching their server, claim that all programs will mess something up. Took us 4 months to get them to allow us to put antivirus on the system, since they claimed it would interfere with their program.
And today we got hit by that stupid new worm, and of course we rushed up to the server room to install the fixes on our servers, just in case.
And true enough, the morons wont allow me to install the MS patch that shut the security hole.
Spend 10 min trying to convince them, then gave up and gave them 3 choices:
A, i dont install anything, and your server will get infected tonight, and will start crashing, so noone can use your WEB1000 system.
B, i done install anything, and your server gets infected, and then start infecting other stuff on our network.
And finally C, if you insist on A or B, i shut the server down RIGHT now as a security risk, and it will not be allowed up before you have been out here and installed the security patches, supervised by one of our people.
Result, i got allowed to install the patch
.
And they do NOT like anyone touching their server, claim that all programs will mess something up. Took us 4 months to get them to allow us to put antivirus on the system, since they claimed it would interfere with their program.
And today we got hit by that stupid new worm, and of course we rushed up to the server room to install the fixes on our servers, just in case.
And true enough, the morons wont allow me to install the MS patch that shut the security hole.
Spend 10 min trying to convince them, then gave up and gave them 3 choices:
A, i dont install anything, and your server will get infected tonight, and will start crashing, so noone can use your WEB1000 system.
B, i done install anything, and your server gets infected, and then start infecting other stuff on our network.
And finally C, if you insist on A or B, i shut the server down RIGHT now as a security risk, and it will not be allowed up before you have been out here and installed the security patches, supervised by one of our people.
Result, i got allowed to install the patch
."Terrorism is the war of the poor, and war is the terrorism of the rich"
-
Neost
- Almost 1337
- Posts: 911
- Joined: July 3, 2002, 1:56 pm
- Gender: Male
- XBL Gamertag: neost
- Wii Friend Code: neost
- Contact:
Our network would be perfect if it weren't for the damned users.
I work for a telco. Our phone jocks out in the CO's and MTSO's have taken to running DSL to their damn desks, adding a 2nd NIC to their machines. They then bridge the public internet right into our corporate network, bypassing firewalls, proxies etc. etc. so their porn surfing can't be tracked.
Only problem is, they get infected with every new worm/virii coming down the pipe and transmit it inside. Corporate Security won't do shit, their managers won't do shit so we fight every worm that hits the internet. Then I have to stand in front of some asshole's desk and explain how these things keep getting into our network.
I work for a telco. Our phone jocks out in the CO's and MTSO's have taken to running DSL to their damn desks, adding a 2nd NIC to their machines. They then bridge the public internet right into our corporate network, bypassing firewalls, proxies etc. etc. so their porn surfing can't be tracked.
Only problem is, they get infected with every new worm/virii coming down the pipe and transmit it inside. Corporate Security won't do shit, their managers won't do shit so we fight every worm that hits the internet. Then I have to stand in front of some asshole's desk and explain how these things keep getting into our network.
Heh, your Corporate Security guys slack. Someone at the company I used to work at did this and the company called the fbi.Neost wrote:Our network would be perfect if it weren't for the damned users.
I work for a telco. Our phone jocks out in the CO's and MTSO's have taken to running DSL to their damn desks, adding a 2nd NIC to their machines. They then bridge the public internet right into our corporate network, bypassing firewalls, proxies etc. etc. so their porn surfing can't be tracked.
Only problem is, they get infected with every new worm/virii coming down the pipe and transmit it inside. Corporate Security won't do shit, their managers won't do shit so we fight every worm that hits the internet. Then I have to stand in front of some asshole's desk and explain how these things keep getting into our network.