Show 205 – Open Source Network Monitoring with OMDistro.org

Network monitoring is one of our most requested topics on Packet Pushers, and this week we take on open source monitoring solutions. Why open source? Because commercial NMS solutions are all over the place in functionality and price. So, if it’s possible to put a solid NMS in place based on open source, then it’s […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

TwitterGoogle+LinkedIn

The post Show 205 – Open Source Network Monitoring with OMDistro.org appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Big Tap 4.0: An SDN Replacement to Proprietary Network Packet Brokers (NPBs)

The Evolution from Products to Platforms in Software Driven Cloud Networking

Legacy networking vendors have often declared that they do not build “boxes” but actually build “systems and architectures”. I have tried to understand what that really means. Undoubtedly, new applications on the Internet have evolved and now depend on a modern infrastructure that outlives any particular static workload or physical machine. Indeed, at Arista, we along with our customers are looking at a technology evolution that goes beyond individual components to a universal cloud architecture.

Disruptive Innovation Begins with Products, aka “Boxes”

Building a “best of breed” product is a vital foundation to building a good system. Typical metrics may include feeds and speeds such as latency, power, port density (non-blocking), fabric capacity, throughput and scale combined with a feature-rich network operating system. Examples of this include Cisco’s routers and Catalyst switches (with IOS) in the 1990s, F5’s Big IP and Splunk’s data analytics in the past decade, or even more recently, Arista’s 7000 series Leaf-Spine-Spline products. Vendors with breakthrough products are pioneers and thought-leaders in their markets and often establish trends rather than follow them. Sustained differentiation beyond point features is a common theme. Such products are disruptive in nature, bringing critical business benefits and reducing capex spend within Continue reading

Understanding IPv6: Prepping For Solicited-Node Multicast

How Stacks are Handled in Go.

At CloudFlare, We use Go for a variety of services and applications. In this blog post, We're going to take a deep dive into some of the technical intricacies of Go.

One of the more important features of Go is goroutines. They are cheap, cooperatively scheduled threads of execution that are used for a variety of operations, like timeouts, generators and racing multiple backends against each other. To make goroutines suitable for as many tasks as possible, we have to make sure that each goroutine takes up the least amount of memory, but also have people be able to start them up with a minimal amount of configuration.

To achieve this, Go manages stacks in way that behaves like any other language, but is quite different in how they're implemented.

An introduction to thread stacks

Before we look at Go, let's look at how stacks are managed in a traditional language like C.

When you start up a thread in C, the standard library is responsible for allocating a block of memory to be used as that thread's stack. It will allocate this block, tell the kernel where it is and let the kernel handle the execution of the thread. Continue reading

What Good is UML?

A friend of mine — Tony P to be exact — recently talked me into reading up on UML. I hadn’t worked a lot with modeling languages in a serious way before, but I took the bait and read UML Distilled (Safari Amazon). Okay — this is actually interesting stuff. First, a short review of the book itself.

There are, according to the author, two sorts of UML models. The one advocated here is sketchup, which is used to outline a process or the relationship between various components. There is a stricter version of UML that can actually be compiled into software, but I immediately attached the PowerPoint compiler to this in my head (right or wrong, there’s something about moving from a model to a product without anything in the middle that just doesn’t seem right to me — maybe I’m just an old fogy or something). The progress of the book is useful, moving from the basic concept of modeling languages, a history of the UML, and finally through several constructs within the UML. The author attempts to take you through enough constructs to get you to the point of being able to use the UML Continue reading

Viewing HTTP Headers Using Browser Developer Tools

I often find myself viewing HTTP headers (request and response) at the ‘client side’, which are  often much quicker (and safer) than decrypting SSL/TLS traffic on a load balancer/ADC. With the use of SSL/TLS growing rapidly even within private networks and the inability to decrypt PFS/DHE protected traffic, this can often be the only way to troubleshoot. The reasons I […]

Author information

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

TwitterLinkedIn

The post Viewing HTTP Headers Using Browser Developer Tools appeared first on Packet Pushers Podcast and was written by Steven Iveson.

Network Monitoring – So Many Choices!

I’ve had network monitoring systems on my mind recently as we’ve been looking to determine the right specification for a number of fiber taps and aggregation devices so that we can fulfill the needs of both the security teams (for … Continue reading →

If you liked this post, please do click through to the source at Network Monitoring – So Many Choices! and give me a share/like. Thank you!

Understanding IPv6: What Is Solicited-Node Multicast?

Cracking the cloud code

The cloud is one of those technology trends that seems to be perpetually on the cusp of becoming ubiquitous. But if recent analyst reports are any indication, cloud’s breakthrough moment is imminent. Late last year, Gartner predicted that in 2016, the bulk of new IT spend would shift to the public cloud, and that by the end of 2017, nearly half of all enterprises will have hybrid cloud deployments.

But if cloud has been around for so long, why will it take so long for cloud to become the dominant source of IT spend?

Psychology vs Technology

The determinant for most change is the underlying psychology that drives individuals and organizations. The IT industry as a whole has been underpinned by a deep-seeded need for control. The reason that most companies keep expertise in-house is that they want to maintain control—over their data, over the integration with their business workflows, over their schedules, and over their spend.

Of course control is under constant attack by cost. While traffic is booming, IT spend in most organizations continues to trend flat to down. This means that organizations need to constantly provide more compute resources, more storage, and faster interconnect while working with Continue reading

SDN Certification Update – September ‘14

If you care about building your own SDN skills, SDN certifications should matter to you, at least for the purpose of figuring out what to study (an argument I’ve made in an earlier post.) Since that time, the SDN world has seen several updates to vendor SDN certifications. (I’m also hopeful that we’ll see a few more at the upcoming Interop New York show towards the end of September.) Today’s post summarizes those that merit a look, at least for the purposes of figuring out what you might want to learn to retool for an SDN world.

Latest Highlights

Here’s a quick list of surprises and other goodies from this latest scan of the state of the art:

• VMWare lets some Cisco CCNAs and CCNPs bypass the need to take a class when getting the first VMWare SDN cert (VCP-NV).
• Brocade has a free exam voucher program (stated as limited time), plus a free video course, for their “NFV” cert. In theory, there’s no cash cost to study for and achieve this cert!
• Cisco’s SDN certs have inexpensive (less than $100) video courses for each cert.

Dig into the rest of the post for more details!

Big Continue reading

SIGS & Carrier’s Lunch DC Day: An Event Definitely worth Visiting

I spent last Tuesday in Bern attending the SIGS DC Day Event, and came back home extremely pleasantly surprised. The conference was nice and cozy, giving everyone plenty of opportunities to chat about data center technical challenges (thanks for all the wonderful conversations we had – you know who you are!).

Having the opportunity to meet fellow networking engineers and compare notes is great, but it’s even better to combine that with new knowledge, and that’s where the event really excelled.

Using NVI to Allow Internal Hosts to Connect to Public Addresses of Hosted Servers

IP NAT is a very common configuration. One of the challenges that sometimes surfaces is the need for internal hosts to connect to the public address of a locally hosted server. Anyone who has tried to configure something like the following has likely faced this issue.

In this example, the top of the diagram represents the outside (Internet, ISP, or External Server), the left represents the DMZ area, and the bottom represents the inside. The goal is to enable dynamic port address translation for internal hosts and static port address translation for the host or hosts found in the DMZ area.

This configuration is fairly straightforward and typically covered in the CCNA curriculum. This includes identifying each interface as inside or outside and configuring the appropriate nat statements.

R1 Configuration

interface FastEthernet1/0
 description To INSIDE
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
!
interface FastEthernet1/1
 description To ACME WWW
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
!
interface FastEthernet1/2
 description To OUTSIDE
 ip address 192.0.2.100 255.255.255.0
 ip nat outside
!
ip nat inside source list 1 interface FastEthernet1/2 overload
ip nat inside source static tcp 192.168. Continue reading

No more duplicate frames with Gigamon Visibility Fabric

Gigamon presented their Visibility Fabric Architecture at Network Field Day 8.  You can watch the presentation at Tech Field Day.

CC BY-NC-ND 2.0 licensed photo by smif Needs deduplication

One of the interesting facets of Gigamon's solution was it's ability to do real-time de-duplication of captured traffic as it traverses the Visibility Fabric (a hierarchy of monitoring data sources and advanced aggregation switches). I've spent some time around proactively-deployed network taps, but never seen this capability before, and I think it's pretty nifty.

The Problem
Let's say you've got taps and mirror ports deployed throughout your network. They're on the uplinks from data center access switches, virtually attached to vSwitches for collecting intra-host VM traffic, at the WAN and Internet edge, on the User distribution tier, etc...  All of these capture points feed various analysis tools via Gigamon's Visibility Fabric. It's likely that a given flow will be captured and fed into the monitoring infrastructure at more several points. Simplistic capture-port-to-tool-port forwarding rules will result in a given packet being delivered to each interested tool more than once, possibly several times.

This can be problematic because it confuses the analysis tool (ZOMG, look at all Continue reading

Getting the Sourcefire Firepower VM working Inline

The Sourcefire NGIPS/NGFW solution is a way to quickly get some interesting information about traffic on a network. One of the things I like about the solution is that actionable information is almost immediately available after deployment.

There are five deployment modes for a Sourcefire Firepower appliance:

• Routed
• Switched
• Hybrid
• Inline
• Passive

Passive and inline modes are the two deployment options for the Virtual versions of the Firepower appliances. Inline mode provides significant advantages over simple passive monitoring. Inline mode allows the appliance to block offending traffic or communications that violates the configured policy. Following the installation guide is straightforward and should allow a security engineer to quickly get this solution up and running.

The first time I ran through this process, I couldn’t get traffic to flow through the inline appliance. After struggling a while, I reconfigured the device into passive mode and spanned some traffic over to it. At first I didn’t see any statistics. After realizing that I also needed to configure VMWare to accept promiscuous mode, I quickly started getting interesting information in the Firesight dashboard.

At this point, a thought occurred to me. What if the Firepower appliance had no layer 2 hooks and forwarded traffic that blindly Continue reading

Integrating Spirent into an Automated Workflow Test Methodology

HTTP to HTTPs redirect with a twist

Lab goal

Setup

Alteon configuration

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

 /c/slb/virt 86_13
        ena
        ipver v4
        vip 10.136.85.13
 /c/slb/virt 86_13/service 80 http
        group 10
        rport 80
 /c/slb/virt 86_13/service 80 http/pip
        mode address
        addr v4 10.136.85.200 
 /c/slb/virt 86_13/service 443 https
        group 10
        rport 443
 /c/slb/virt 86_13/service 443 https/pip
        mode address
        addr v4 10.136.85.200 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

when HTTP_REQUEST {
    # exctract the fields from the HTTP headers
    set url [ Continue reading

How to avoid online scams when selling your old iPhone or iPad

A lot of people right now are selling their old iPhones and iPad minis to trade up to the supersized iPhone 6 models. Unfortunately, I suspect some of them are being scammed out of their devices — I nearly was.I’m itching for a 64GB iPhone 6 Plus (Space Gray, please). To partly finance Apple’s turkey-platter-sized phablet, I decided to sell my first-generation iPad mini on Amazon. That’s where my scamming saga begins.Within one day of listing the tablet, I received an Amazon email from "Kimberly." She expressed interested in my mini and asked me to send pictures to her personal Yahoo email address.It seemed like a reasonable request, so I emailed a few pictures to her. She soon replied via her Yahoo email and asked for my Amazon seller name. I was a tad suspicious because she was communicating with me directly instead of going through Amazon’s messaging system, but I replied.To read this article in full or to leave a comment, please click here

Network Break 16

This week, EVO:RAIL & Converged thingies, Cisco's multiple SDN strategies, Don't be a precious snowflake and Congress open source project.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Network Break 16 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Sprint, Windstream: Latest ISPs to hijack foreign networks

Last year my colleague Jim Cowie broke a story about routing hijacks that resulted in Internet traffic being redirected through Iceland and Belarus. Unfortunately, little has changed since then and the phenomenon of BGP route hijacking continues unabated and on an almost daily basis.

In the past three days, the situation has gone from bad to downright strange as we have observed a flurry of this activity. Now, for the first time, we’re seeing major US carriers, Sprint and Windstream, involved in hijacking, along with the return of an operation out of Poland targeting Brazilian networks. We see router misconfigurations regularly in BGP data – could these incidents also be explained by simple command-line typos?

Route hijacking continues

In May my colleague, Earl Zmijewski gave a presentation about routing hijacks at the LINX 85 meeting, describing a comprehensive system that can be used to identify suspicious hijacks on a global basis and without any prior knowledge about the networks involved. While we now detect suspicious routing events on an almost daily basis, in the last couple of days we have witnessed a flurry of hijacks that really make you scratch your head.

To mention a few recent events, last Continue reading