Internet Redundancy with ASA SLA and IPSec

I’ve seen a lot of examples of redundant Internet connections that use SLA to track a primary connection. The logic is that the primary Internet connection is constantly being validated by pinging something on that ISP’s network and routing floats over to a secondary service provider in the event of a failure. I was recently challenged with how this interacted with IPSec. As a result I built out this configuration and performed some fairly extensive testing.

It is worth noting that this is not a substitute for a properly multi-homed Internet connection that utilizes BGP. It is, however, a method for overcoming the challenges often found in the SMB environments where connections are mostly outbound or can alternatively be handled without completely depending on either of the service provider owned address spaces.

In this article, we will start out with a typical ASA redundant Internet connection using IP SLA. Then we will overlay a IPSec Site to Site configuration and test the failover process.

ASA_IPSec_Redundant

The base configuration for this lab is as follows. Continue reading

What is Internet Goverance and Why Does it Matter?

Last month, CloudFlare participated the tenth annual Internet Governance Forum (IGF) in Joao Pessoa, Brazil. Since it was launched at the United Nations’ World Summit on the Information Society (WSIS) in 2005, the IGF has provided valuable opportunities for thousands of representatives of non-profit groups, businesses, governments, and others to debate decisions that will affect the future of the Internet. While the Forum does not negotiate any treaties or other agreements, what participants learn there can influence corporate strategies, standards proposals, and national government policies. Even more importantly, discussions in the hallways (or in the bar or on the beach) can lead to new projects, new thinking, and new collaborations.

The range of issues and the diversity of speakers on panels and at the podium was even greater this year than at previous IGFs. Issues ranged from the need for strong encryption to whether net neutrality regulations are needed—from countering the abuse of women online to how to foster deployment of IPv6 and Internet Exchange Points. You can watch all 167 IGF sessions, which were webcast and archived. I represent CloudFlare as a member of the Multistakeholder Advisory Group (MAG), which organizes the IGF program. Together with the other MAG Continue reading

The FTC’s next chief technologist is on a quest for better passwords

Privacy issues will likely stay at the forefront of the FTC's focus next year thanks to the commission's appointment of Lorrie Cranor as its new chief technologist.Cranor, who is currently a professor of computer science and engineering and public policy at Carnegie Mellon University, directs the CyLab Usable Privacy and Security Laboratory. She will succeed Ashkan Soltani, the privacy expert who assumed the role in November 2014, the U.S. Federal Trade Commission announced on Thursday.Cranor will join the FTC in January.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sensors designed to detect overloaded cables, prevent fires

Flickering lights, tripping breakers, and discolored outlets are among the ways one can guess that wiring is overloaded. Add visual access, and you can tell if the sheathing may appear discolored.But some of us who've been around electricity for a while have also developed an acute sense of smell for wiring trouble. There's a distinctive acrid odor that can be caused by melting components on a PCB, the plastic around a part, or the polyvinyl chloride (PVC) covering on the wire emitting vapor.That odor on its own, even without visible smoke, is a heads-up to troubleshoot the wiring.Nasal range? There are, however, flaws in the sniffing method of overloading detection. What happens if the overloading occurs in an overhead crawl space, for example? Or at a remote, non-staffed installation?To read this article in full or to leave a comment, please click here

IDG Contributor Network: Sensors designed to detect overloaded cables, prevent fires

Flickering lights, tripping breakers, and discolored outlets are among the ways one can guess that wiring is overloaded. Add visual access, and you can tell if the sheathing may appear discolored.But some of us who've been around electricity for a while have also developed an acute sense of smell for wiring trouble. There's a distinctive acrid odor that can be caused by melting components on a PCB, the plastic around a part, or the polyvinyl chloride (PVC) covering on the wire emitting vapor.That odor on its own, even without visible smoke, is a heads-up to troubleshoot the wiring.Nasal range? There are, however, flaws in the sniffing method of overloading detection. What happens if the overloading occurs in an overhead crawl space, for example? Or at a remote, non-staffed installation?To read this article in full or to leave a comment, please click here

Russian spy group adopts new tools to hack defense contractor networks

A Russian cyberespionage group known as Pawn Storm has adopted new tools in an ongoing attack campaign against defense contractors with the goal of defeating network isolation policies.Pawn Storm, also known as Sofacy, after its primary malware tool, has been active since at least 2007 and has targeted governmental, security and military organizations from NATO member countries, as well as media organizations, Ukrainian political activists and Kremlin critics.Since August, the group has been engaged in an ongoing attack campaign focused on defense contractors, according to security researchers from Kaspersky Lab.During this operation, the group has used a new version of a backdoor program called AZZY and a new set of data-stealing modules. One of those modules monitors for USB storage devices plugged into the computer and steals files from them based on rules defined by the attackers.To read this article in full or to leave a comment, please click here

PlexxiPulse—Networking in Boston

Our CEO, Rich Napolitano, has been hitting the road to share the Plexxi message! Just before Thanksgiving, he sat down with Paul Gillin and Dave Vellante of SiliconANGLE to discuss our most recent product launch and modernizing network infrastructure. Take a look at the video below!

Earlier this week, Rich participated in the Enterprise Tech Strikes Back event in Boston hosted by Xconomy. Rich was a member of the “Building the Next Great Infrastructure Company” panel with Andy Ory of 128 Technology, Ellen Rubin of ClearSky Data and moderator Jody Rose of the New England Venture Capital Association. The group discussed networking, storage and cloud, and what it will take to create Boston’s next big enterprise IT infrastructure company. We enjoyed meeting and networking with likeminded startups that are taking on the challenges associated with the Third Era of IT. It is always fun to have a group of brilliant minds in one room!

Captureticnplexxi1(Photo credit: Bob Brown, Network World)

Below please find a few of our top picks for our favorite news articles of the week. Enjoy.

BetaNews.com: Is your network ready for IoT devices?
By Manish Sablok
The stats are here: investment bank Goldman Sachs cites Continue reading

Stuff The Internet Says On Scalability For December 4th, 2015

Hey, it's HighScalability time:


Change: Elliott $800,000 in 1960, 8K RAM, 2kHz CPU vs Raspberry Pi Zero, $5, 1Ghz, 512MB

 

If you like Stuff The Internet Says On Scalability then please consider supporting me on Patreon.

  • 434,000: square-feet in Facebook's new office;  $62.5 billion: Uber's valuation; 11: DigitalOcean datacenters; $4.45 billion: black Friday online sales; 2MPH: speed news traveled in 1500; 95: percent of world covered by mobile broadband; 86%: items Amazon delivers that weigh less than five pounds.

  • Quotable Quotes:
    • Jeremy Hsu: Is anybody thinking about how we’ll have to code differently to accommodate the jump from a 1-exaflop supercomputer to 10 exaflops? There is not enough attention being paid to this issue.
    • @kml: “Process drives away talent” - @adrianco at #yow15
    • capkutay: Seems like a lot of the momentum behind containers is driven by the Silicon Valley investment community.
    • @taotetek: IoT is turning homes into datacenters with no system administrators and no security team.
    • @asymco: On Thursday and early Friday, mobile traffic accounted for nearly 60% of all online shopping traffic, and 40% of all online sales
    • Mobile App Developers are Suffering: It’s Continue reading

One Million Views

It’s hard to believe that my blog has just surpassed 1000000 views! I started this blog out just on the side to go over things I was learning. I’ve learned a lot in the process, and managed to bag myself two CCIEs, a JNCIE-SP, a job at Google, and the opportunity to write a book … Continue reading One Million Views

Widespread exploit kit, password stealer and ransomware program mixed into dangerous cocktail

An ongoing attack campaign combines a very effective password stealer, the most widespread exploit kit, called Angler, and the latest version of the infamous CryptoWall file-encrypting ransomware program.The attackers first use the Pony computer Trojan to pilfer passwords from compromised computers, including FTP and SSH credentials that webmasters use to administer websites, according to researchers from Heimdal Security.The stolen credentials are then used to inject malicious code into legitimate websites with the goal of redirecting their visitors to an installation of the Angler exploit kit. This is a Web-based attack tool that includes exploits for various vulnerabilities in Windows and browser plug-ins, such as Flash Player and Java.To read this article in full or to leave a comment, please click here

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored)

Riverbed’s Hansang Bae, Josh Dobies, and Kevin Glavin discuss how an application-centric approach to SD-WAN puts IT at the forefront of business innovation. And get an in-depth preview of Project Tiger, Riverbed’s engineering effort that will dramatically simplify how IT manages hybrid WANs.

The post Show 266: Exploring Riverbed SD-WAN And Project Tiger (Sponsored) appeared first on Packet Pushers.

Net neutrality could be on the line in Washington court battle

The FCC's net neutrality rules go on trial Friday as oral arguments begin in 10 lawsuits that could dramatically change the way Internet service providers are regulated.In February, the Federal Communications Commission voted to ban service providers from giving some content preferential treatment. It also reclassified broadband as a communications service, similar to old-fashioned telecommunications except with exemptions from pricing and other regulations.The rules went into effect in April but soon faced a barrage of lawsuits by carriers and industry groups that want to see them gutted. The suits were combined into one proceeding in the federal appeals court in Washington, where opening arguments will start Friday.To read this article in full or to leave a comment, please click here

Tools for debugging, testing and using HTTP/2

With CloudFlare's release of HTTP/2 for all our customers the web suddenly has a lot of HTTP/2 connections. To get the most out of HTTP/2 you'll want to be using an up to date web browser (all the major browsers support HTTP/2).

But there are some non-browser tools that come in handy when working with HTTP/2. This blog post starts with a useful browser add-on, and then delves into command-line tools, load testing, conformance verification, development libraries and packet decoding for HTTP/2.

If you know of something that I've missed please write a comment.

Browser Indicators

For Google Chrome there's a handy HTTP/2 and SPDY Indicator extension that adds a colored lightning bolt to the browser bar showing the protocol being used when a web page is viewed.

The blue lightning bolt shown here indicates that the CloudFlare home page was served using HTTP/2:

A green lightning bolt indicates the site was served using SPDY and gives the SPDY version number. In this case SPDY/3.1:

A grey lightning bolt indicates that neither HTTP/2 no SPDY were used. Here the web page was served using HTTP/1.1.

There's a similar extension for Firefox.

Online testing

There's also a handy online Continue reading

1 3,177 3,178 3,179 3,180 3,181 3,793