Validation Testing Matters
A couple of weeks ago, a CLN Member Posted a question with the heading Does ASA drop active session.
The specific question was as follows–
I have a time based ACL configured on a Cisco ASA. I need to know if the active sessions are dropped by the ASA when the time limit is over.
For example, users are allowed to connect between 12 and 1 PM. If there are any active connections just before 1 PM then will they be dropped at 1 PM?
Many network and security administrators would blindly assume that a time-based ACL would block or allow traffic based on the time-range attached to the individual ACE. Having quite a lot of experience with the ASA, I was skeptical and assumed that any ongoing connections would continue to allow the flow of traffic. I decided to do a little testing and here is what I found.
- Viewing the ACL, the time based ACE (line in the ACL) switched from active to inactive about 60-70 seconds after I expected it to
- When testing with sessionized ICMP (fixup protocol icmp–to enable ICMP inspection), ICMP Echoes were blocked as soon as the ACE switched to inactive
- Testing with TCP, a connection through Continue reading
The Importance of Seeing Your Network Topology
by Alex Hoff, originally published on the Auvik blog As our product development adventure has unfolded over the past two years, we’veConfiguring a load balancer with VMware NSX
In the previous post a NAT has been configured to allow access from external networks: Now the edge router will act as a load balancer too: connection to the edge router with destination port 2222 will be balanced on both internal VM using the port 22. Go to “Networking & Security -> NSX Edges”, […]Configuring NAT and firewall on a NSX Edge Router
On a previous post the edge router has been connected to external network: In this post NAT and Firewall will be configured to allow SSH access to VM1 from external networks. Go to “Networking & Security -> NSX Edges”, double click on the edge router and follow “Manage -> NAT”. Add a DNAT role so […]But Does it Work?
When I was in the USAF, a long, long, time ago, there was a guy in my shop — Armand — who, no matter what we did around the shop, would ask, “but does it work?” For instance, when I was working on redoing the tool cabinet, with nice painted slots for each tool, he walked by — “Nice. But does it work?” I remember showing him where each tool fit, and how it would all be organized so we the pager went off at 2AM because the localizer was down (yet again), it would be easy to find that one tool you needed to fix the problem. He just shook his head and walked away. Again, later, I was working on the status board in the Group Readiness Center — the big white metal board that showed the current status of every piece of comm equipment on the Base — Armand walked by and said, “looks nice, but does it work?” Again, I showed him how the new arrangement was better than the old one. And again Armand just shook his head and walked away. It took me a long time to “get it” — to Continue reading
Improving ECMP Load Balancing with Flowlets
Every time I write about unequal traffic distribution across a link aggregation group (LAG, aka Etherchannel or Port Channel) or ECMP fabric, someone asks a simple question “is there no way to reshuffle the traffic to make it more balanced?”
TL&DR summary: there are ways to do it, and some vendors already implemented them.
Read more ...PQ Show 42 – HP Networking – Location Aware Wireless
This sponsored podcast is another in our series of recordings made at HP Discover 2014 in Barcelona, Spain. Once again, our special thanks to Chris Young for bringing us technical guests and not just fluffy marketing folks. Technical Marketing Engineer at HP Networking Yarnin Israel and Senior Research Scientist at HP Labs Souvik Sen join Packet […]
Author information
The post PQ Show 42 – HP Networking – Location Aware Wireless appeared first on Packet Pushers Podcast and was written by Ethan Banks.
PfSense VirtualBox Appliance as Personal Firewall on Linux
The tutorial explains how to set up pfSense VirtualBox appliance in order to use it as a personal firewall on Linux. It shows Linux networkPfSense VirtualBox Appliance as Personal Firewall on Linux
The tutorial explains how to set up pfSense VirtualBox appliance in order to use it as a personal firewall on Linux. It shows Linux network configuration to support this scenario and provides an installation script that automatically builds a VirtualBox virtual machine ready for pfSense installation. It also describes pfSense installation and shows minimal web configuration needed for successful connection to the Internet.
pfSense Live CD ISO disk can be downloaded from here.
1. Linux Network Configuration
We are going to install pfSsense from live CD ISO image on a VirtualBox virtual machine. To do so we must reconfigure an existing network interface, create a new one and configure new static default routes. A network topology consists of Linux Fedora with installed VirtualBox virtualizer. is shown below.
Picture 1 - Network Topology
A wireless network card is installed in Linux and presented as an interface wlp3s0. The interface wlp3s0 is the interface that connects Pfsense virtual machine to the outside world. This interface will be bridged with a first network adapter (em0) of the Pfsense virtual machine. Bridging host adapter wlp3s0 with the guest adapter em0 (WAN interface of Pfsense) will be done using vboxmanage utility and shown later in the tutorial.
As the Pfsense appliance is Continue reading
Docker Networking – CoreOS Flannel
This blog is part of my ongoing series on Docker containers. In this blog, I will cover Flannel which is a CoreOS networking solution to connect containers across multiple hosts. Please refer to my first blog on CoreOS to understand CoreOS basics as well as how to setup CoreOS cluster. Flannel Overview: Flannel creates an … Continue reading Docker Networking – CoreOS Flannel
CoreOS overview
This blog is part of my ongoing series on Docker containers. In this blog, I will cover basics of CoreOS and some hands-on stuff I tried with CoreOS. As mentioned in my other blog on Docker orchestration, CoreOS falls in the category of specialized Linux distributions that can host Containers and are suitable for massive server deployments. … Continue reading CoreOS overview
Docker Networking – Weave
This blog is part of my ongoing series on Docker containers. Weaveworks is developing a Docker Networking solution to connect Containers. I recently played around with their solution and in this blog, I will capture some of my thoughts. Following are some internals on their implementation as I understood: Weave creates a Weave bridge as well as … Continue reading Docker Networking – Weave
Docker Networking – Socketplane
This blog is part of my ongoing series on Docker containers. In my previous blogs 1 and 2, I covered basics of Docker Networking and also covered some of the limitations with the current solutions. In the next few blogs, I will cover Docker Networking solutions from Socketplane, Weaveworks, CoreOS. Socketplane is developing a Docker networking … Continue reading Docker Networking – Socketplane
Welcome to MovingPackets.NET!
Welcome to my new home! If you’ve come over here because you used to read my drivel on LameJournal, then thank you! If you’re a new visitor, you are very welcome and I hope you choose to subscribe by RSS or Email so you can get notified of new posts.
MovingPackets.net is the new name for LameJournal. All the networking and computer-related content from LameJournal has been duplicated here at MovingPackets, but the photography content is gone and I’ll attempt to stay focused on things related to moving packets around as I post here going forward.
I have a new site theme, and with the new name as well, things are still likely to change a bit here visually (I have no logo yet for example). Still, there’s no time like the present so I decided to launch the site and I’ll tweak things as we go along with the aim of making the content more easily accessible. I hope you like my new home; it’s going to take a while before it feels comfortable!
Thanks for stopping in at MovingPackets.
John.
If you liked this post, please do click through to the source at Welcome to MovingPackets.NET! and give me a share/like. Thank you!
MovingPackets.NET – The New Name for LameJournal
I’ve been quiet lately, mostly because I’ve been horribly busy but also in part because I’ve been thinking that it’s about time to rebrand LameJournal to something that better reflects the content. And to that end, MovingPackets.net has been born. All the … Continue reading
If you liked this post, please do click through to the source at MovingPackets.NET – The New Name for LameJournal and give me a share/like. Thank you!
QoS Design Notes for CCDE
Trying to get my CCDE studies going again. I’ve finished the End to End QoS Design book (relevant parts) and here are my notes on QoS design.
Basic QoS
Different applications require different treatment, the most important parameters are:
- Delay: The time it takes from the sending endpoint to reach the receiving endpoint
- Jitter: The variation in end to end delay between sequential packets
- Packet loss: The number of packets sent compared to the number of received as a percentage
Characteristics of voice traffic:
- Smooth
- Benign
- Drop sensitive
- Delay sensitive
- UDP priority
One-way requirements for voice:
- Latency ≤ 150 ms
- Jitter ≤ 30 ms
- Loss ≤ 1%
- Bandwidth (30-128Kbps)
Characteristics for video traffic:
- Bursty
- Greedy
- Drop sensitive
- Delay sensitive
- UDP priority
One-way requirements for video:
- Latency ≤ 200-400 ms
- Jitter ≤ 30-50 ms
- Loss ≤ 0.1-1%
- Bandwidth (384Kbps-20+ Mbps)
Characteristics for data traffic:
- Smooth/bursty
- Benign/greedy
- Drop insensitive
- Delay insensitive
- TCP retransmits
Quality of Service (QoS) – Managed unfairness, measured numerically in latency, jitter and packetloss
Quality of Experience (QoE) – End user perception of network performance, subjective and can’t be measured
Tools
Classification and marking tools: Session, or flows, are analyzed to determine what class the packets belong to Continue reading
NFD9 Prep: NetBeez
I’m reviewing the presenters for Network Field Day 9, in particular looking at those I’m not familiar with. NetBeez is one of those making their first Tech Field Day appearance.
NetBeez
We all know that our users and the applications they access are incredibly distributed. We don’t control all the network elements, but the network team still gets the blame if things go wrong. You need greater visibility to prove it’s not the network, but getting that visibility is tough. Current options for probes aren’t always cost-effective to deploy across many sites. Many sites don’t have any local server infrastructure.
That’s where NetBeez comes in. They have developed Raspberry Pi-based agents that can easily be deployed to many locations. Plug in power, plug in a network cable, and it phones home. Go to the NetBeez dashboard, and from there you can configure the tests you want the agent to run.
Since the devices are so small, they can easily be deployed to a range of small sites, and can simulate a range of user traffic. Tests include Ping, HTTP, Traceroute, DNS. A particularly nice feature is the ability to run an ad-hoc iPerf test with custom parameters.
The dashboard shows you how the Continue reading
It’s About Application Delivery, Not Networking
Send to Kindle@DrDust tweets: @packetpushers – at the beginning you appeared very Cisco centric. Now not so much. What do you guys “like” working on? Be warned, @DrDust. This is probably not the post you’re looking for. But it’s where my mind went after reading your question. ;-) On Early Cisco-centrism I don’t especially remember that […]CCDE Practical exam preparation – Podcast
Wouldn’t you want to listen the story from the guys who passed the CCDE exam ? What are their CCDE Recommended reading list ? Is there any CCDE Training which they suggest for CCDE Preparation? Which technologies they recommend for the CCDE candidates to focus ?
The post CCDE Practical exam preparation – Podcast appeared first on Network Design and Architecture.