Enable Source-Specific Multicast in Iperf
How Does Internet Work - We know what is networking
I was preparing lab environment to test configuration of Source-Specific Multicast on Juniper SRX Equipment and needed a tool to generate and measure Source-Specific Multicast streams. I was aware that Iperf is a good enough tool to generate and measure multicast and unicast traffic but support for SSM was missing from current version. Fortunately there are always some developers which are interested in networking so one of them developed a special Iperf version 2.0.5 with SSM support. The idea here is to show how to make this version of Iperf work on your Cent OS or similar Linux machine. Here
OpenBSD on the Sixth Generation Intel NUC
I recently decided it would be fun to upgrade the hardware on my main OpenBSD machine at home (because, you know, geek). These Intel NUC machines are pretty interesting. They are pretty powerful, support a decent amount of RAM, certain models support internal storage, and they are very low power and low noise. Perfect for a machine that is a shell/email/development box.
The model I chose is the NUC6i3SYH.
- Core i3 processor (because my machine is not at all CPU bound)
- Very low power consumption (15W)
- Supports a 2.5″ SSD
OpenBSD 6.0 boots with the GENERIC kernel; no tuning or tweaking required. Full dmesg is at the end of this post. Hightlights of the hardware include:
- Wired network: Intel I219-V using the
em(4)driver - Wireless network: Intel Dual Band Wireless AC 8260 using the
iwm(4)driver (no support for 802.11ac in OpenBSD at the time of this writing so it’s 802.11n only) - Dual-core CPU with hyperthreading (be sure to boot GENERIC.MP)
The kernel recognizes the Intel SpeedStep capabilities of the CPU and will adjust the CPU’s clock speed as needed (further keeping the power consumption of the machine at a very Continue reading
Some notes on IoCs
Obama "sanctioned" Russia today for those DNC/election hacks, kicking out 35 diplomats, closing diplomatic compounds, seizing assets of named individuals/groups. They also published "IoCs" of those attacks, fingerprints/signatures that point back to the attackers, like virus patterns, file hashes, and IP addresses.These IoCs are of low quality. They are published as a political tool, to prove they have evidence pointing to Russia. They have limited utility to defenders, or those publicly analyzing attacks.
Consider the Yara rule included in US-CERT's "GRIZZLY STEPPE" announcement:
What is this? What does this mean? What do I do with this information?
It's a YARA rule. YARA is a tool ostensibly for malware researchers, to quickly classify files. It's not really an anti-virus product designed to prevent or detect an intrusion/infection, but to analyze an intrusion/infection afterward -- such as attributing the attack. Signatures like this will identify a well-known file found on infected/hacked systems.
What this YARA rule detects is, as the name suggests, the "PAS TOOL WEB KIT", a web shell tool that's popular among Russia/Ukraine hackers. If you google "PAS TOOL PHP WEB KIT", the second result points to the tool in question. You can download a copy here Continue reading
Technology Short Take #75
Welcome to Technology Short Take #75, the final Technology Short Take for 2016. Fortunately, it’s not the final Technology Short Take ever, as I’ll be back in 2017 with more content. Until then, here’s some data center-related articles and links for your enjoyment.
Networking
- Ajay Chenampara has some observations about running Ansible at scale against network devices.
- Andrey Khomyakov shares some information on automating the setup of whitebox switches running Cumulus Linux in part 2 of this series on learning network automation.
- Russell Bryant has shared the results of some testing comparing ML2+OVS and OVN as backends for OpenStack networking. As Russell indicates in his post, some additional analysis is needed to truly understand what’s happening, but early looks at the results of his tests show performance improvements in OVN versus ML2+OVS when it comes to total time required to boot a VM.
- Ivan Pepelnjak shares a Python script that creates Ansible inventory from Vagrant’s SSH configuration. Handy.
Servers/Hardware
Nothing this time around!
Security
- James Green shares some information on Docker Bench, a tool designed to help secure Docker environments.
- Via Mike Foley, the community now has a new resource to help educate on VM escapes.
- Gordon Turner Continue reading
A Broken Process Placing Consumers at Risk
Below is a chat session I had with Pearson Vue several months ago as I attempted to schedule a recertification exam. Apparently, I have two accounts with them and that prevents next day test scheduling. To put it mildly, I don’t think they adequately explain how they could possibly guarantee non-disclosure of data with email as a transport. Moreover, this seems to indicate a serious disconnect between security and business operations.
Image Link – for FULL Size View
I’m not going to explain the problems with this, PacketU readers understand why email is not [in and of itself] a secure method for file transport. When I experience an exchange like this, I see how segregated business practices can be and what a negative impact it can have from an information security perspective. Its not a matter of if, but a matter of when, bad things will happen as a result of not taking security seriously.
Disclaimer: This article includes the independent thoughts, opinions, commentary or technical detail of Paul Stewart. This may or may does not reflect the position of past, present or future employers.
The post A Broken Process Placing Consumers at Risk appeared Continue reading
APM Startup AppDynamics Files for IPO
The APM unicorn seems likely to carry high expectations.
Top Docker content of 2016
2016 has been an amazing year for Docker and the container industry. We had 3 major releases of Docker engine this year , and tremendous increase in usage. The community has been following along and contributing amazing Docker resources to help you learn and get hands-on experience. Here’s some of the top read and viewed content for the year:
Releases
Of course releases are always really popular, particularly when they fit requests we had from the community. In particular, we had:
- Docker for Mac & Docker for Windows Beta and GA release blog posts, and the video
- Docker 1.12 Built-in Orchestration release, and the DockerCon keynote where we announced it
- And the release of the Docker for AWS and Azure beta
Windows Containers
When Microsoft made Windows 2016 generally available, people rushed to
- Our release blog to read the news
- Tutorials to find out how to use Windows containers powered by Docker
- The commercial relationship blog post to understand how it all fits together
About Docker
We also provide a lot of information about how to use Docker. In particular, these posts and articles that we shared on social media were the most read:
brvirt: when brctl meets virsh
Hypervisors diversity is definitely one of the benefits of having Nuage managing your next-generation network. That means that we, as Nuage engineers, have to play with all kinds of hypervisors — like KVM, ESXi and Hyper-V to be more precise. As to me, I love to work with KVM most, simply because it gives you that feel that youPLUMgrid Employees Could Help VMware’s Cloud-Native Push
Networking isn't the only VMware group that stands to benefit.
APIC-EM Path Trace Examples – Overlay Networks
Since seeing the APIC-EM Path Trace demo for the first time and seeing how it represents CAPWAP, I’ve been curious how well it deals with other types of overlay/underlay networking. This article is a brief synopsis of that testing and provides some visuals around what was produced with this free management tool.
TL;DR–APIC-EM adds value to most network path traces and typically represents what it knows. The single exception is with MPLS VPNv4. If the MPLS PE nodes are pulled into the device inventory, path trace has a total lack of understanding around the recursive lookup into the global vrf that is required for VPNv4 functionality.
CAPWAP Representation — The Gold Standard
I wanted to start out by showing what an ideal representation of an overlay network would be for a tool like this. Path Trace understands AND clearly represents both the underlay and the overlay network for traffic flowing through a CAPWAP tunnel. The image below shows the extent of the tunnel (darker gray) and the physical components that are responsible for delivery (both through the tunnel and outside of the tunnel).
Testing Topology
For the additional testing, I built the following topology and integrated APIC-EM into my Continue reading