F5 APM, SRX and DTLS NAT Timeout
I have been having issues using the F5 APM client behind a Juniper SRX-110 using hide NAT. I believe I’ve tracked it down to the default timeout settings used for UDP services. Here’s what I did to resolve it.
Constant Connection Timeouts
The laptop client was behind the SRX-110, using hide NAT. The initial client connection would work, and things would look good for a while. The the client would stop receiving packets. Traffic graphs would show a little bit of outbound traffic, and nothing inbound. Eventually, the client might decide it needed to reconnect. But usually, it would sit there for a few minutes doing nothing. Then I would force a disconnect, which would take a while, and then reconnect. Exceedingly frustrating.
Connecting the client to a different network – e.g. using a phone hotspot – worked fine. No dropouts. Using a wired connection behind the SRX had the same issue. So clearly the problem was related to the SRX.
TLS & DTLS
I dug into the traffic flows to better understand what was going on. This SSL VPN solution makes an initial TLS connection using TCP 443. It then switches over to DTLS using UDP 4433 for ongoing encrypted Continue reading
BGP Listen Range Command
Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
BGP Dynamic Neighbors are a way to bring up BGP neighbors without specifically defining the neighbors remote IP address. Using the BGP Listen Range command you specify a range of IP addresses typically on your Hub site (maybe in a DMVPN environment) that you trust to become BGP neigbors with you. When a TCP request... [Read More]
Post taken from CCIE Blog
Original post BGP Listen Range Command
BGP PIC – Prefix Independent Convergence
BGP PIC ( Prefix Independent Convergence ) is a BGP Fast reroute mechanism which can provides sub second convergence even for the 500K internet prefixes by taking help of IGP convergence. BGP PIC uses hierarchical data plane in contrast to flat FIB design which is used by Cisco CEF and many legacy platforms. In a hierarchical… Read More »
The post BGP PIC – Prefix Independent Convergence appeared first on Network Design and Architecture.
Comcast Joins OpenDaylight as First User Member
Cable giant touts ODL's potential.
How to Become an Internet Supervillain in Three Easy Steps
One of the truisms of comic books and graphic novels is that nothing is immutable – both heroes and villains are rebooted, retconned, featured as radically (or subtly) different versions in alternate timelines, etc. The Marvel Cinematic Universe, which so far includes the Captain America, Thor, Hulk, Iron Man, and Avengers films, is a good example. DC are doing the same with The Flash and Green Arrow, and the latest cinematic incarnations of Batman and Superman are set to do battle with one another in a projected summer blockbuster movie next year.
And these new variants on old stories proliferate throughout the various versions of each character arc – variations on the same themes, but instantly recognizable to long-time fans and easily remembered by new ones. Tony Stark’s updated Iron Man origin story in the first Iron Man movie is one such example; the supervillain Mystique’s origin in the X-Men series of films (not part of the MCU) is another.
That isn’t to say that there’s no innovation taking place – Frank Miller’s The Dark Knight Returns radically migrated the general public perception of Batman away from the 1960s comedy paradigm Continue reading