How does your naming convention for devices look like? I always try to use the following syntax for instance:
<location>-<function>-<type>-#
Example;
sfu-c-sw-01
Where 'c' stands for core 'sw' for switch and so forth.
sit-mgmt-fw-01
Etc
Sent from my iPhone using Tapatalk
don't have one,
name it what you want, edit /etc/hosts on the jumpbox and yer good...
We have a standard naming convention... and about three or four other standard naming conventions, so it depends on the project staff how a new box gets named. Somewhere in there, though, is the location and function of the box, if it's a network device.
Otherwise, we have names that are... unique...
:zomgwtfbbq:
Quote from: ristau5741 on January 06, 2015, 04:03:54 PM
name it what you want, edit /etc/hosts on the jumpbox and yer good...
We use DNS. Manually configuring thousands of entries in an /etc/host file AND in DNS is a good way for one of the two to become askew, resulting in more issues.
We also want it in DNS so traceroute (from any host) shows useful data.
Geographical site code -> os type -> server function -> number
example, a file and print server in Japan would look like:
JAPMSNETFNP011
Japan
Microsoft
Network file and print
Number
Sent from my iPhone using Tapatalk
<device>.<pop>
Based on the device you'll know what function and hardware it is. Here's lucky hop number 7 from an mtr.
7. ae0.cr1.mel4.on.ii.net 0.0% 9 51.0 53.3 50.7 68.5 5.7
This works well for networking kit but once you start dealing with systems or virtual machines it doesn't work so well. That said I don't think there needs to be one naming convention that's applied to everything.
Previous administrative staff saw fit to name production boxes after lord of the rings characters, they even configured motd with about 2 paragraphs of story about each character.
Having never seen any of the movies, I believe they are all a bunch of nerds.
Quote from: Bit_Jockey on January 06, 2015, 09:16:30 PM
Having never seen any of the movies,
:wtf:
QuoteI believe they are all a bunch of nerds.
Totally. Of course, working on routers and stuff is kinda sorta also nerdy.
Quote from: javentre on January 06, 2015, 07:20:13 PM
Quote from: ristau5741 on January 06, 2015, 04:03:54 PM
name it what you want, edit /etc/hosts on the jumpbox and yer good...
We use DNS. Manually configuring thousands of entries in an /etc/host file AND in DNS is a good way for one of the two to become askew, resulting in more issues.
We also want it in DNS so traceroute (from any host) shows useful data.
Yea we too try to keep it to DNS instead of host files.. for much of the same reason.
<three letter sitecode>-<hall or building number>-<type of device>-<number>
For example: LON-H03-AS01 or LON-DC-FW-01
This is my preference but I'm curently at a gig which has no real standard. Also when you're consulting you usually have to go with what the guys before you decided.
Quote from: jinxer on January 07, 2015, 01:14:31 AM
Quote from: javentre on January 06, 2015, 07:20:13 PM
Quote from: ristau5741 on January 06, 2015, 04:03:54 PM
name it what you want, edit /etc/hosts on the jumpbox and yer good...
We use DNS. Manually configuring thousands of entries in an /etc/host file AND in DNS is a good way for one of the two to become askew, resulting in more issues.
We also want it in DNS so traceroute (from any host) shows useful data.
Yea we too try to keep it to DNS instead of host files.. for much of the same reason.
We keep it out of DNS for security reasons, one bad hack to your DNS server and your whole network topology is pretty much known.
The same can be said for keeping it in an /etc/hosts file, or keeping it in a visio diagrams, or in an .xls sheet too, right?
You can gather a ton of data with just a few trace routes too.
You can keep it in your internal DNS servers, while excluding it from your external ones.
Of course this is kept on internal DNS in own zones.
For enterprise or remote sites:
State-siteID-closet-function01 02 03 etc.
For the DC replace closet with rack number. We also place every IP in DNS for clean and simple traceroute and such.
Quote from: that1guy15 on January 07, 2015, 01:42:29 PMWe also place every IP in DNS for clean and simple traceroute and such.
We put the Loopback0 (mgmt) interface both the forward and reverse zones, but the other interface IPs only get reverse entries for traceroute resolution.
The Lord of the Rings one is funny. Can't believe you didn't watch those movies though!
One of the coolest and pretty basic names I've seen was "Glutton" this was a 8TB storage server at a SMB.
When this thread started I wrote a post about "anything but Lord of the Rings characters" but forgot to actually post it ;)
sent from phone.
Quote from: deanwebb on January 06, 2015, 09:33:10 PM
Totally. Of course, working on routers and stuff is kinda sorta also nerdy.
You be careful Deanwebb! :angry:
for the love of god, please use delimiters.
what would you rather see?
AU-VIC-MUL-CORE-SW-01
or
auvicmulcoresw01
and no underscores, use dashes.
I have been in a company that did jazz musicians, another that did Looney Toons and another that did Star wars. I know it used to be popular to do this but it has always driven me batt-shit crazy.
Any recommendations or best practices on naming your firewall objects, groups, policies, ACLs, etc?
Quote from: SimonV on January 08, 2015, 08:14:12 AM
Any recommendations or best practices on naming your firewall objects, groups, policies, ACLs, etc?
When I add an object to my firewall, I like to name it with its FQDN-IP.address, so instead of having to wonder what host goes with what IP, I can see something like:
USA-CHI-SRV4220.my.domain.nom-192.168.4.26
Now I know what IP that server has and I know what server is at that IP, all at the same time.
Quote from: that1guy15 on January 08, 2015, 08:12:30 AM
and no underscores, use dashes.
I have been in a company that did jazz musicians, another that did Looney Toons and another that did Star wars. I know it used to be popular to do this but it has always driven me batt-shit crazy.
That kind of stuff is fine for when you and a small group are the only ones in a small company... get more than one site, and you really need to do a much less humorless sort of organization.
Host names are LOC-TYPE-INSTANCE so VEGAS-RTR-01. For DNS every interface goes into DNS as an A record (VEGAS-RTR-01-G0-0 or VEGAS-RTR-01-LOOP0. Then the root host name gets a CNAME pointed to the interface we use to manage the device.
For firewall rules each host gets an object with it's IP. We don't put the IP in the name as IPs change too often in our environment. Then an object group gets created for services (DNS, NTP, TACACS, WEBSITE1, WEBSITE2, etc) then the host object is nested into the groups of services it offers. Ports are object groups based on services. So DNS would have a DNS-PORTS group with both tcp and udp 53. Finally an object group for clients of the service. This may contain ranges (i.e. DNS clients group is 10.0.0.0/8) Then rules are based off of these objects - DNS-CLIENTS to DNS-SERVERS on DNS-PORTS. There is overlap with some things. If a server is hosting two websites then one rule would not be hit, but this way if we move one website then changing the rule for that will not break the other website.
-Otanx
Quote from: that1guy15 on January 08, 2015, 08:12:30 AM
and no underscores, use dashes.
And not too many dashes :). It lengthens the name, and when you go deep into the configuration sub sections the name starts to get truncated.
Our device hostnames usually contain Location, Floor (if applicable), device model, and instance number (usually in that order). We put them in DNS for easy identification, but quite frankly, I tend to trust IPs vs hostnames when troubleshooting.
We don't really have a convention for FW items. Just as long as the name makes sense and relates to what it does.
Went onsite once and the client had their core routers named "router-on-the-left" and "router-on-the-right". Simply genius eh? lol, but wait it gets better. Their switches were named "switch-top", "switch-second-from-top", switch-third-from-top" and so forth. That was an interesting project. :lol:
It would be nice if we had a super-awesome network naming convention that would work at all locations that the brotherhood of networkers would use so that when networkers moved from job to job, they'd always have a naming convention that they were familiar with.
Company stock ticker-nation-city-building-room-rack-shelf-function code
MSFT-USA-BELLVUE-37-H201-3B-4-FW
Don't like long device names? Move to shorter cities! Get out of Stratford-upon-Avon and shift operations to Aa, Estonia!
http://en.wikipedia.org/wiki/List_of_short_place_names ought to help with this.
"Where's your US data center?"
"B, Ohio."
"Hey, ours is there, too! Small world! Is your European data center in Y, France?"
"No, it's in Å, Sweden."
Quote from: deanwebb on January 10, 2015, 08:29:42 AM
Company stock ticker-nation-city-building-room-rack-shelf-function code
MSFT-USA-BELLVUE-37-H201-3B-4-FW
FWIW: There are plenty of big places that have no stock ticker, and not everyone wants to advertise the location of their assets in DNS.
Too bad for them.
1. Time for an IPO: the network needs it!
2. Use reverse records so that hackers see WF-4-B3-102H-73-EUVLLEB-ASU-TFSM and think, "wow, this is too hard to hack. I'll just hack my neighbor's wireless access point, instead."
Quote from: deanwebb on January 10, 2015, 08:29:42 AM
It would be nice if we had a super-awesome network naming convention that would work at all locations that the brotherhood of networkers would use so that when networkers moved from job to job, they'd always have a naming convention that they were familiar with.
Company stock ticker-nation-city-building-room-rack-shelf-function code
MSFT-USA-BELLVUE-37-H201-3B-4-FW
Don't like long device names? Move to shorter cities! Get out of Stratford-upon-Avon and shift operations to Aa, Estonia!
http://en.wikipedia.org/wiki/List_of_short_place_names ought to help with this.
"Where's your US data center?"
"B, Ohio."
"Hey, ours is there, too! Small world! Is your European data center in Y, France?"
"No, it's in Å, Sweden."
Oh yea.. That would of simplified things so much. Even if its not company stock name almost every place has a 3 or 4 letter short name that would of been easy to relate to.
Sent from my iPhone using Tapatalk
Quote from: that1guy15 on January 08, 2015, 08:12:30 AM
and no underscores, use dashes.
why the hate on underscores?
Quote from: wintermute000 on January 08, 2015, 04:52:49 AM
for the love of god, please use delimiters.
Windows servers don't like hostnames exceeding 15 characters, so many admins I've worked with keep it simple and compacted
Quote from: Seittit on January 13, 2015, 08:15:37 AM
Quote from: wintermute000 on January 08, 2015, 04:52:49 AM
for the love of god, please use delimiters.
Windows servers don't like hostnames exceeding 15 characters, so many admins I've worked with keep it simple and compacted
We ran into that when doing a revamp of our naming convention. The proposed convention was 18 characters. Lucky for us the first project to use the new names was a Windows server. Back to the drawing board to make it 14 or less.
-Otanx
In my lab I use the wizards from LotR and a letter/number
ex) alatar_f1 , gandalf_c3
Production stuff I'm one that describes the product/function
ex) 4200_flr2_lb
I'm not a fan of hyphens in names, underscores avoid more issues/bugs for the products I work with.
I'm not keen on having model numbers in host names.
It creates more work when we life-cycle devices because the new product has a different model number. Not only are we updating the documentation, but the interface descriptions on every neighboring device would need to be changed. DNS would also need to be updated. There's also an added complexity with NMS devices when the hostname changes, it could be a simple rescan for the ifindexes, rather than a delete and add.
So today I was reading the release notes for 4500 update when I ran across this line.
Quote
Before you proceed, observe the following rules for hostname:
Do not expect case to be preserved
Uppercase and lowercase characters look the same to many internet software applications. It may seem appropriate to capitalize a name the same way you might do in English, but conventions dictate that computer names appear all lowercase. For more information, refer to RFC 1178, Choosing a Name for Your Computer.
So being the cynic that I am I read this as "We had a bug with host names, and capital letters, but instead of fixing it we are just going to point to an RFC from 1990 that says use lower case."
Appropriate RFC link.
Name Your Computer - https://tools.ietf.org/html/rfc1178
The RFC is good for a laugh. A quote "It is especially tempting to name your first computer after yourself, but think about it. Do you name any of your other possessions after yourself? No. Your dog has its own name, as do your children."
edit - And for you underscore people another quote from the Cisco release notes - "Interior characters can only be letters, digits, and hyphens; periods and underscores not allowed."
-Otanx
Quote from: SimonV on January 08, 2015, 08:14:12 AM
Any recommendations or best practices on naming your firewall objects, groups, policies, ACLs, etc?
Where I work we've started naming ACL's with as such:
<very brief description - no spaces>-<date it was created or modified>
That way you can have different 'versions' in case you need to roll it back.
Quote from: sgtcasey on January 14, 2015, 06:17:55 PM
<very brief description - no spaces>-<date it was created or modified>
That way you can have different 'versions' in case you need to roll it back.
Agreed, we take it a step further and add a letter on to the end of the date (a,b,c, etc) because it's not uncommon to do multiple revisions in the same day.
Quote from: mynd on January 12, 2015, 09:33:19 AM
why the hate on underscores?
Underscores are supposed to be reserved for services (http://domainkeys.sourceforge.net/underscore.html). They work, but you should avoid it.
If I had my way, I'd divide by subdomain. I'd really like to see core01.stl.company.org for a core switch at their Seattle location. Unfortunately, this doesn't play nicely with active directory unless you architect it the same way (which has a different set of constraints, and often isn't feasible).
At my first small ISP, we used Seinfeld character names. Newman was a mailserver.
In a multi vendor device environment it's good to include something for the manufacturer as well
Like c for cisco j for Juniper b for brocade etc
Sent from my Nexus 5 using Tapatalk