Archive

Category Archives for "Networking"

Stuff Spirent didn’t cover at NFD6

Spirent presented their Avalanche NEXT product at Gestalt IT's Network Field Day 6 event in September of this year.

Disclaimers:
  1. I attended the event, somebody else picked up the tab, yada yada.
  2. I like Spirent. I've used their products, worked with their people and been to their offices several times, and have gradually become a fan. This fact might be coloring my opinions :)
What's Avalanche NEXT?
Avalanche NEXT is a software frontend for performing tests of security hardware (firewalls and whatnot). It's a modular system that allows simple creation of test components (clients, servers, subnets, protocols, etc...), mixing of modules to create various tests, scaling of the test, application fuzzing, etc... Check out 1:14 - 1:30 in the video below to get a flavor of how slick the interface is. I love that interactive pie chart.


This sort of testing is critical because security devices have some of the most misleading data sheets of anything we're likely to work with as network folks. Security box performance numbers depend heavily on what you're asking them to do. Will your current device survive if you enable SSL offload, application inspection, or similar features? You can try it out (fingers crossed! Continue reading

Remote LFA

In the last episode in our world wide tour of fast reroute mechanisms, we discussed Not-Via. While an interesting concept, Not-Via does require a number of extra IP addresses, as well as a new set of special routing advertisements, to work properly. So while Not-Via is conceptually simple, it hasn’t ever really been accepted as […]

Author information

Russ White

Russ White
Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

IP Addresses and Traceback

This is an informal description the evolution of a particular area of network forensic activity, namely that of traceback. This activity typically involves using data recorded at one end of a network transaction, and using various logs and registration records to identify the other party to the transaction. Here we’ll look at the impact that IPv4 address exhaustion and IPv6 transition has had on this activity, and also note, as we explore this space, the changing role of IP addresses within the IP protocol architecture.

CCIE RS v5 blueprint will be announced this month?

How does the internet work - We know what is networking

Please note that this article is more or less pure speculation. The fact is that CCIE R&S v5 blueprint will be presented 28th January 2014 on Milan’s Cisco live event everything else is yet to be announced. From Milan’s Cisco live 28.1.2014 there is an CCIE R&S v5 blueprint event scheduled. When Cisco wants to […]

CCIE RS v5 blueprint will be announced this month?

How to Tell if TCP Payloads Are Identical

I was working on a problem today in which vendor tech support was suggesting that a firewall was subtly modifying TCP data payloads. I couldn't find any suggestion of this in the firewall logs, but seeing as how I've seen that vendor's firewall logs lie egregiously in the past, I wanted to verify it independently.

I took a packet capture from both hosts involved in the conversation and started thinking about how to see if the data sent by the server was the same as the data received by the client. I couldn't just compare the capture files themselves, because elements like timestamps, TTLs, and IP checksums would be different.

After a bunch of fiddling around, I came up with the idea of using tshark to extract the TCP payloads for each stream in the capture file and hash the results. If the hashes matched, the TCP payloads were being transferred unmodified. Here are the shell commands to do this:

tshark -r server.pcap -T fields -e tcp.stream | sort -u | sed 's/r//' | xargs -i tshark -r server.pcap -q -z follow,tcp,raw,{} | md5sum
2cfe2dbb5f6220f29ff8aff82f7f68f5 *-

You then run exactly the same commands on the "client.pcap" file Continue reading

SDN Themes from ONUG – Community Matters!

I was privileged to attend the Open Networking User Group (ONUG) Conference, ONUG Academy and mini Tech Field Day event hosted by JP Morgan Chase on October 29 and 30.
I attended at someone else's expense. Disclaimer. Additional disclaimer: I have a personal relationship with one of the people behind the ONUG conference. That fact will not color the opinions I express about ONUG. If I say I like something, it's because I like it, okay? :)

SDN Joke from Brent Salisbury's awesome ONUG
presentation
.
I don't know these cats nor the owner of the photo.
Community Matters
ONUG is founded on the idea that the Software Defined Network (SDN) user community needs to stand up for itself. Prior to ONUG the direction of SDN was set by a handful of players including:
  • Vendors who are interested in shaping the SDN marketplace and standards bodies around the capabilities of their products, rather than around the problems being faced by their customers.
  • Powerful end users who needed SDN to solve their own peculiar problems. The problems they're solving, and the techniques they're using do not align well with the challenges nor capabilities of mere enterprise users.
  • Researchers, who took SDN Continue reading

Revell F-104G Starfighter 1/48

For best article visual quality, open Revell F-104G Starfighter 1/48 directly at NetworkGeekStuff.

Ok, this time there is something special, this is my first model where I used an air brush. As a complete beginner I got the Revell AirBrush starter kit as visible below. I was very happy with it, despite the fact that you cannot do much details with the basic pistol that is creating a paint flow that is too wide.

Revell basic AirBrush set

Revell basic AirBrush set

Regarding the F-104, let me borrow from wiki :
[wikipedia.org]:

The Lockheed F-104 Starfighter is a single-engine, high-performance, supersonic interceptor aircraft originally developed for the United States Air Force (USAF) by Lockheed. One of the Century Series of aircraft, it was operated by the air forces of more than a dozen nations from 1958 to 2004.

The F-104 served with the USAF from 1958 until 1969, and continued with Air National Guard units until 1975. The National Aeronautics and Space Administration (NASA) flew a small mixed fleet of F-104 types in supersonic flight tests and spaceflight programs until 1994.[2] USAF F-104Cs saw service during the Vietnam War, and F-104A aircraft were deployed by Pakistan briefly during the Indo-Pakistani wars. Continue reading

Of Mice and Elephants

[This post has been written by Martin Casado and Justin Pettit with hugely useful input from Bruce Davie, Teemu Koponen, Brad Hedlund, Scott Lowe, and T. Sridhar]

Overview

This post introduces the topic of network optimization via large flow (elephant) detection and handling.  We decompose the problem into three parts, (i) why large (elephant) flows are an important consideration, (ii) smart things we can do with them in the network, and (iii) detecting elephant flows and signaling their presence.  For (i), we explain the basis of elephant and mice and why this matters for traffic optimization. For (ii) we present a number of approaches for handling the elephant flows in the physical fabric, several of which we’re working on with hardware partners.  These include using separate queues for elephants and mice (small flows), using a dedicated network for elephants such as an optical fast path, doing intelligent routing for elephants within the physical network, and turning elephants into mice at the edge. For (iii), we show that elephant detection can be done relatively easily in the vSwitch.  In fact, Open vSwitch has supported per-flow tracking for years. We describe how it’s easy to identify elephant flows at the vSwitch and Continue reading

Cisco IPsec VPN breakage on Windows 8[.1] and OS X 10.9

Oh, to be a Cisco IPsec VPN user these days… Now I know that we should get with the program and move to AnyConnect, since Cisco is EOL-ing the venerable Cisco VPN Client in 2014, but we have a large installed base, and since Cisco stopped making IPsec clients for Mac and Linux back in the […]

Author information

Will Dennis

Will Dennis

Will Dennis has been a systems and network administrator since 1989, and is currently the Network Administrator for NEC Laboratories America, located in Princeton NJ. He enjoys the constant learning it takes to keep up with the field of network and systems administration, and is currently pursuing the Cisco CCNP-R/S certification. He can be found on the Twitters as @willarddennis, and on Google Plus.

The post Cisco IPsec VPN breakage on Windows 8[.1] and OS X 10.9 appeared first on Packet Pushers Podcast and was written by Will Dennis.

Securing a DMVPN spoke – Part 2

In Part 1 we went through protecting the spoke from the outside world on the Internet and using the stateful inspection firewall CBAC, Content-Based Access Control, to dynamically allow returning traffic back in. CBAC works great for a single inside zone and a single outside zone. What if your business requirements have more than two […]

Author information

Charles Galler

Charles Galler

Charles is a network and UC engineer for a mainly Cisco reseller. He has worked in the networking industry for about 13 years. He started as a network administrator for a small CLEC (carrier) where he did it all in IT and worked on the carrier network. After the CLEC, Charles went to work for a large healthcare organization in the Houston area and stayed with them for about three and a half years. Now he works for a reseller in the professional services part of the organization. He is currently studying for his CCIE in Routing and Switching and plans on passing it before the end of 2014. You can find him on the Twitter @twidfeki.

The post Securing a DMVPN spoke – Part 2 appeared first on Packet Pushers Podcast and was written by Charles Galler.

Dotless

It was never obvious at the outset of this grand Internet experiment that the one aspect of the network’s infrastructure that would truly prove to be the most fascinating, intriguing, painful, lucrative and just plain confusing, would be the Internet’s Domain Name System. After all, it all seemed so simple to start with.

phpIPAM version 0.9 released

Dear all, I am happy to announce new version of phpipam IP address management – version 0.9. Subnet status
New features, like Support for ICMP network discovery, ICMP check IP status in demand, Compressed (grouped) DHCP IP ranges and other were introduced. Most important are:

  • Support for ICMP network discovery;
  • Cron script to check status for selected subnets/hosts with threading suport (pcntl php extension required)
  • ICMP check IP status in demand;
  • Added folders;
  • Compressed (grouped) DHCP IP ranges;
  • Added subsections;

Some instructions on how to setup ICMP scanning will follow.

If you find phpIPAM useful for your company donations would be highly appreciated :)

You can demo it here: http://demo.phpipam.net/
You can download it on sourceforge site: phpipam-0.9.

Special thanks to all the people submitting bug reports, translators and feature testers!

Screenshots:

Subnet status Screen Shot 2013-10-30 at 14.25.57 On-demand check IP last seen UI changes Mail status notifications

Full changelog for this release is:

New features:
----------------------------
+ Support for ICMP network discovery;
+ Cron script to check status for selected subnets/hosts with threading suport (pcntl php extension required);
+ ICMP check IP status in demand;
+ Compressed (grouped) DHCP IP ranges;
+ API server version 0.1;
+ Option to show and group subnets by VLAN in subnets list;
+ Option to show and Continue reading

Out of the Mouths of Customers

It’s a busy week to say the least. Not only are we a sponsor of the 2nd Open Networking User Group (ONUG) meeting, we held our inaugural Technical Advisory Board (TAB) meeting. Leveraging the fact that many of our customers will be attending ONUG, we brought together some of the most forward-thinking networking and business professionals from enterprises, service providers and partners to talk about our company, our product roadmap and our ideal use cases.

Before I get into the highlights, I’d like to give Embrane a high-five because we can actually have a TAB made up of paying customers. In an industry currently dominated by PowerPoint slides and acronyms, having a shipping product that people are using is unique in its own right. Also, where there was a full day of great feedback and dialogue. I’m just going to cover three aspects of the discussion otherwise I would have to write a novel to capture everything.

Platform vs. Product

One of the liveliest discussions was around the value of Embrane to customers. If you’ve been following the Embrane story, you’ll recall we’ve been focusing our marketing message around application-centric networking and more specifically, as of late, application-centric Continue reading

Plexxi – Optimized Workload and Workflow

Plexxi was a vendor that presented at Networking Field Day 6, and was one that really got me excited about what’s possible when you think about what kind of metadata your data center contains, and what products like Plexxi can do with that data once abstracted and normalized the right way. I will be intentionally brief with respect to my thoughts on the hardware - others like Ivan (and more) have already done a better job with this than I ever will.

Plexxi – Optimized Workload and Workflow

Plexxi was a vendor that presented at Networking Field Day 6, and was one that really got me excited about what’s possible when you think about what kind of metadata your data center contains, and what products like Plexxi can do with that data once abstracted and normalized the right way. I will be intentionally brief with respect to my thoughts on the hardware - others like Ivan (and more) have already done a better job with this than I ever will.

Plexxi – Optimized Workload and Workflow

Plexxi was a vendor that presented at Networking Field Day 6, and was one that really got me excited about what’s possible when you think about what kind of metadata your data center contains, and what products like Plexxi can do with that data once abstracted and normalized the right way. I will be intentionally brief with respect to my thoughts on the hardware - others like Ivan (and more) have already done a better job with this than I ever will.

Fixing high CPU use on Cisco 7600/6500

Recently some time ago (this blog post has also been lying in draft for a while) someone came to me with a problem they had with a Cisco 7600. It felt sluggish and "show proc cpu" showed that the weak CPU was very loaded.

This is how I fixed it.

"show proc cpu history" showed that the CPU use had been high for quite a while, and too far back to check against any config changes. The CPU use of the router was not being logged outside of what this command can show.

"show proc cpu sorted" showed that almost all the CPU time was spent in interrupt mode. This is shown after the slash in the first row of the output. 15% in this example:

  Router# show proc cpu sorted
  CPU utilization for five seconds: 18%/15%; one minute: 31%; five minutes: 42%
  PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process 
  198   124625752 909637916        137  0.87%  0.94%  0.94%   0 IP Input         
  [...]
  
Interrupt mode CPU time is (a bit simplified and restricted to the topic at hand) used when the router has to react to some user traffic. Now why would the 7600 use the Continue reading