VeeshanVault

Attention all application developers:

1. If your application is one of many and is the only one having a problem passing data/transactions/etc etc IT IS NOT THE DAMN NETWORK!
2. No, I do NOT log every damn packet that flows through a router, content switch, firewall or other network appliance, I cannot see if your XML data sent yesterday or last week was corrupted and no I don't think the network is selectively passing packets based on some obscure java property that you can't decide if it is misconfigured or not.
3. No, once your data passes my firewalls I cannot give you any clue what happens to it. If the vendor on the other end can't see it hit his firewall but I can trace to his IP you've got something setup incorrectly in your application which indicates where the traffic should go.
4. No, you cannot use basic network services such as ping, traceroute etc. etc past the firewall. No, i can't temporarily open the firewall for you to ping/traceroute etc. etc.
5. No, I will not open the firewall for the vendor to ping/traceroute/telnet/whatthefuckever to your server.

That is all.

But it worked in development. You're just being difficult. How about you quit being part of the problem and be part of the solution. Jump on board for the big win.

Neost!

LOL! That is so God Damn funny.

Im with ya bro...

I have always found people like to blame that which they don't understand. My networks have always been blamed as well. All they need to know is the nice little cloud on the diagram is where magic happens and leave the details to those of us who understand.

Every argument has two sides. Having worked with both IP infrastructure and brick and mortar companies I realize that sometimes the network CAN be the problem for an application. Yes - very likely the problem is that the application developer does not understand the restraints and or limitations of the environment.

This is multiplied if developing with a third-party ouside the firewall in which the firewall rules can interfere with data transmission due to a number of reasons (port/protocol/ip address permissions etc.), especially if the third-party documentation is not precise on the requirements for transmissions.

But yeah, I hear ya. Managing the cloud is a PITA, but developing applications that have to navigate it is an equal PITA.

From my experience.. if you have enough skill to code your own applications that are related to network useage.. you generally do have enough skill and knowledge to not be a nuissance to the network admin.. sounds like a bunch of odd devs on your network neost

I probably unfairly pointed out the app devs simply because being 3rd level support i deal with them the most.

2nd level app/middleware support guys are just as bad for the most part really. We have one app support guy that can barely speak english and I swear the only thing he can say clearly is "the cisco router has a problem". Now, how he determined that a network device is having a problem, who the hell knows. If you ask for details he cannot clearly and precisely state his reasoning.

I'm currently working on a project to geographically disperse our internet dmz infrastructure and provide an environment to do the same for our applications (gotta love BGP peering and DNS proximity). The development gangs are in a tizzy because they don't understand how an web/app/database server can be setup in two different data centers and have traffic load-balanced amongst them. God help you should try to get a DBA to admit that with the right sized pipe between locations you can synchronize an oracle database on geographically dispersed SAN space to maintain state.

I could rant for the next 100 years on the amount of time I spend defending the network as opposed to actually getting some work done. It's a never ending cycle that I guess just has to be repeated at least bi-weekly. Usually at 3 in the fucking morning.

I can't tell you how many packet caps I had to do to convinve idiot app devs that their packets were traversing the network, and no, the LAYER 2 FUCKING SWITCH IS NOT FLIPPING BITS IN THE IP HEADER.

God I hated IT.

Hehe, i love the external program suppliers even more. Had a big fight with Agfa today, they run a server in our serverroom that control ALL xray pictures taken at the hospital, and old NT4 server with SP6.

And they do NOT like anyone touching their server, claim that all programs will mess something up. Took us 4 months to get them to allow us to put antivirus on the system, since they claimed it would interfere with their program.

And today we got hit by that stupid new worm, and of course we rushed up to the server room to install the fixes on our servers, just in case.
And true enough, the morons wont allow me to install the MS patch that shut the security hole.

Spend 10 min trying to convince them, then gave up and gave them 3 choices:
A, i dont install anything, and your server will get infected tonight, and will start crashing, so noone can use your WEB1000 system.
B, i done install anything, and your server gets infected, and then start infecting other stuff on our network.
And finally C, if you insist on A or B, i shut the server down RIGHT now as a security risk, and it will not be allowed up before you have been out here and installed the security patches, supervised by one of our people.

Result, i got allowed to install the patch .

IT is always the scapegoat for any network problem, god forbid the user cause an issue on their PC. I guess whenever a user is browsing pornography at work and the security system shuts down their internet access, its all IT's fault...

Our network would be perfect if it weren't for the damned users.

I work for a telco. Our phone jocks out in the CO's and MTSO's have taken to running DSL to their damn desks, adding a 2nd NIC to their machines. They then bridge the public internet right into our corporate network, bypassing firewalls, proxies etc. etc. so their porn surfing can't be tracked.

Only problem is, they get infected with every new worm/virii coming down the pipe and transmit it inside. Corporate Security won't do shit, their managers won't do shit so we fight every worm that hits the internet. Then I have to stand in front of some asshole's desk and explain how these things keep getting into our network.

VPN tunnelling not allowed? my wife can do that and she doesnt even know what VPN stands for.

Neost wrote:Our network would be perfect if it weren't for the damned users.

I work for a telco. Our phone jocks out in the CO's and MTSO's have taken to running DSL to their damn desks, adding a 2nd NIC to their machines. They then bridge the public internet right into our corporate network, bypassing firewalls, proxies etc. etc. so their porn surfing can't be tracked.

Only problem is, they get infected with every new worm/virii coming down the pipe and transmit it inside. Corporate Security won't do shit, their managers won't do shit so we fight every worm that hits the internet. Then I have to stand in front of some asshole's desk and explain how these things keep getting into our network.

Heh, your Corporate Security guys slack. Someone at the company I used to work at did this and the company called the fbi.

Colal wrote:
Heh, your Corporate Security guys slack. Someone at the company I used to work at did this and the company called the fbi.

you busted Celestial Insider!?!?!