A10 Health Monitors

This post is an equivalence check of A10 vs ACE probes/health monitors.

    ACE

ACE-A# show probe

probe : tcp-3121-probe-1
type : TCP
state : ACTIVE
----------------------------------------------
port : 3121 address : 0.0.0.0 addr type : -
interval : 10 pass intvl : 30 pass count : 2
fail count: 2 recv timeout: 5

--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
serverfarm : vip-11.95.79.90_3121
real : ip-11.95.79.68[3121]
11.95.79.68 1286028 1104 1284924 SUCCESS

interval – the time period health checks for a healthy server are sent
pass intvl – the time period health checks for a server marked “DOWN” are sent
pass count – the number of successful probes required to mark a server as “UP”
fail count – the number of unsuccessful probes required to mark a server as “DOWN”
recv timeout – timeout before a probe fails


a10-1[test-1]#show health monitor
Idle = Not used by any server In use = Used by server
Attrs = Attributes G = GSLB
Monitor Name Interval Retries Timeout Up-Retries Method Status Attrs
---------------------------------------------------------------------------------
tcp-443-monitor-1 30 2 5 2 TCP In use

Interval – the time period Continue reading

IPv6 and the Swinging Technology Pendulum

35 years ago, mainframes, single-protocol networks (be it SNA or DECnet), and centralized architectures that would make hard-core SDN evangelists gloat with unbridled pride were all the rage. If you’re old enough to remember IBM SNA, you know what I’m talking about.

A few years later, everything changed.

Read more ...

Foxconn to invest $5B to set up first of up to 12 factories in India

As part of its plan to set up to 12 manufacturing facilities in India by 2020, contract manufacturer Foxconn Technology Group is investing US$5 billion in a factory and other facilities in the western Indian state of Maharashtra.The Indian government has been coaxing foreign companies, including smartphone makers, to set up manufacturing units in India under its “Make in India” program.A number of smartphone makers are planning to make the devices in the country, with Chinese maker Xiaomi expected to announce its first phone manufactured in India on Monday.The government recently gave security approval to Huawei Technologies’ plans to set up a manufacturing facility for network equipment in the country, though the facility still needs final approval from the ministry of commerce as it is a Chinese company, according to sources close to the matter. India and China have a border dispute.To read this article in full or to leave a comment, please click here

Writing a Custom IPAM Application

Four years ago, I lamented the lackluster selection of IPAM applications available for service providers. Unfortunately, it seems not much has changed lately. I was back to exploring IPAM offerings again recently, this time with the needs of a cloud hosting provider in mind. I demoed a few tools, but none of them seemed to fit the bill (or they did, but were laughably overpriced).

So, I decided to write my own. In my rantings a few years back, I had considered this option:

Could I create a custom IPAM solution with everything we need? Sure! The problem is that I'm a network engineer, not a programmer (a natural division of labor which, it seems, is mostly to blame for the lack of robust IPAM solutions available). Even if I had the time to undertake such a project, I have little interest in providing long-term maintenance of it.

My opinion has not changed, but I've come to realize that if I want a tool that fits my requirements, I will need to build it. And after surprisingly little time, I'm happy to report that I have now have a kick-ass IPAM tool that does exactly what I want it to.

Continue reading

Writing a Custom IPAM Application

Four years ago, I lamented the lackluster selection of IPAM applications available for service providers. Unfortunately, it seems not much has changed lately. I was back to exploring IPAM offerings again recently, this time with the needs of a cloud hosting provider in mind. I demoed a few tools, but none of them seemed to fit the bill (or they did, but were laughably overpriced).

So, I decided to write my own. In my rantings a few years back, I had considered this option:

Could I create a custom IPAM solution with everything we need? Sure! The problem is that I'm a network engineer, not a programmer (a natural division of labor which, it seems, is mostly to blame for the lack of robust IPAM solutions available). Even if I had the time to undertake such a project, I have little interest in providing long-term maintenance of it.

My opinion has not changed, but I've come to realize that if I want a tool that fits my requirements, I will need to build it. And after surprisingly little time, I'm happy to report that I have now have a kick-ass IPAM tool that does exactly what I want it to.

Continue reading

Writing a Custom IPAM Application

Four years ago, I lamented the lackluster selection of IPAM applications available for service providers. Unfortunately, it seems not much has changed lately. I was back to exploring IPAM offerings again recently, this time with the needs of a cloud hosting provider in mind. I demoed a few tools, but none of them seemed to fit the bill (or they did, but were laughably overpriced).

So, I decided to write my own. In my rantings a few years back, I had considered this option:

Could I create a custom IPAM solution with everything we need? Sure! The problem is that I'm a network engineer, not a programmer (a natural division of labor which, it seems, is mostly to blame for the lack of robust IPAM solutions available). Even if I had the time to undertake such a project, I have little interest in providing long-term maintenance of it.

My opinion has not changed, but I've come to realize that if I want a tool that fits my requirements, I will need to build it. And after surprisingly little time, I'm happy to report that I have now have a kick-ass IPAM tool that does exactly what I want it to.

Continue reading

MacKeeper customers can file a claim to get their money back

Customers of the oft-criticized security and performance program MacKeeper have until Nov. 30 to file a claim for reimbursement, the result of a proposed class-action suit settlement.Those who bought MacKeeper before July 8 are eligible, according to the settlement website where claims can be filed.The class action suit accused MacKeeper’s original developer, ZeoBIT, of deceptively advertising the program and making false claims about what it could fix. It was filed in May 2014 in the U.S. District Court for the Western District of Pennsylvania.To read this article in full or to leave a comment, please click here

$32 RollJam Device can break into most cars and garage doors

When car manufacturers hear Samy Kamkar’s name, they likely cringe as Kamkar has been on a car-cracking spree. About a week after he unveiled OwnStar, Kamkar was at Def Con 23 presenting “Drive It Like You Hacked It: New Attacks and Tools to Wirelessly Steal Cars.”At the end of July, Kamkar revealed his $100 OwnStar device that could “locate, unlock and remote start any vehicle with OnStar RemoteLink after intercepting communications between the RemoteLink mobile app and OnStar servers.” GM quickly patched the OnStar app.To read this article in full or to leave a comment, please click here

Internal LTE/3G modems can be hacked to help malware survive OS reinstalls

With their own dedicated processor and operating system, LTE/3G modems built into new business laptops and tablets could be a valuable target for hackers by providing a stealthy way to maintain persistent access to an infected device.In a presentation Saturday at the DEF CON security conference in Las Vegas, researchers Mickey Shkatov and Jesse Michael from Intel’s security group demonstrated how a malware program installed on a computer could rewrite the firmware of a popular Huawei LTE modem module that’s included in many devices.The module runs a Linux-based OS, more specifically a modification of Android, that is completely independent from the computer’s main operating system. It’s connected to the computer through an internal USB interface, which means that it could be instructed to emulate a keyboard, mouse, CD-ROM drive, network card, or other USB device. Those would appear connected to the primary OS.To read this article in full or to leave a comment, please click here

Many to Many Multicast – PIM BiDir

Introduction

This post will describe PIM Bidir, why it is needed and the design considerations for using PIM BiDir. This post is focused on technology overview and design and will not contain any actual configurations.

Multicast Applications

Multicast is a technology that is mainly used for one-to-many and many-to-many applications. The following are examples of applications that use or can benefit from using multicast.

One-to-many

One-to-many applications have a single sender and multiple receivers. These are examples of applications in the one-to-many model.

Scheduled audio/video: IP-TV, radio, lectures

Push media: News headlines, weather updates, sports scores

File distributing and caching: Web site content or any file-based updates sent to distributed end-user or replicating/caching sites

Announcements: Network time, multicast session schedules

Monitoring: Stock prices, security system or other real-time monitoring applications

Many-to-many

Many-to-many applications have many senders and many receivers. One-to-many applications are unidirectional and many-to-many applications are bidirectional.

Multimedia conferencing: Audio/video and whiteboard is the classic conference application

Synchronized resources: Shared distributed databases of any type

Distance learning: One-to-many lecture but with “upstream” capability where receivers can question the lecturer

Multi-player games: Many multi-player games are distributed simulations and also have chat group capabilities.

Overview of PIM

PIM has Continue reading

TruView Live Application Monitoring

Fluke Networks recently released TruView Live, a subscription-based service for monitoring internal & external applications. Tests can run from Fluke-managed cloud locations, your own systems, or from dedicated hardware appliances. I’ve been testing it out, and I like it so far.

Disclaimer: I have no relationship with Fluke Networks, other than lusting after their measuring equipment as a young EE student. I could never afford it though. They’ve briefed me on this new solution, and been available to answer my questions, but I’m not paid in any way.

Provisioning

Overall setup is pretty straightforward. Choose what you want to monitor, and how you want to monitor it – from AWS locations, from your own server, or from a dedicated hardware device.

Global Pulse

Global Pulses run on Fluke-managed AWS instances. You just pick the Global Locations you want to run from, and assign tests as needed.

Go to Administration -> Pulses -> Deploy Global Pulse. Select the locations you want, and click Deploy.

Global Pulses

Virtual Pulse

A Virtual Pulse is an application running on Windows (7/8/2008/2012) or Linux systems (RHEL 7.0, Ubuntu 14.04). This does not need to be a dedicated device – e.g. You might need Continue reading

Hackers hit UK phone retailer, possibly compromising data of up to 2.4M customers

Cyberthieves broke into the IT systems of Carphone Warehouse, a large cell phone retailer in the U.K., and may have stolen personal and bank data of up to 2.4 million customers and the credit card details of up to 90,000 customers.Specifically, the division that was attacked operates the OneStopPhoneShop.com, e2save.com and Mobiles.co.uk websites, and provides services to iD Mobile, TalkTalk Mobile, Talk Mobile and some customers of Carphone Warehouse, the company said Saturday in an emailed statement.The attack, which the company described as “sophisticated,” was discovered Wednesday afternoon, and likely happened at some point in the two weeks prior to the discovery. Carphone Warehouse has secured the breached systems, put in place additional safety measures and hired a security company to determine what data was compromised. It is also notifying customers that could be affected.To read this article in full or to leave a comment, please click here

Hackers show off long-distance Wi-Fi radio proxy at DEF CON

A talk about a radio-based privacy device dubbed ProxyHam that promised to allow hackers to connect to Wi-Fi networks from as far as 2.5 miles away was abruptly pulled from the DEF CON schedule by its creator a few weeks ago.The incident, which some speculated was the result of pressure from the FBI or the NSA, outraged the security community. But as hackers are not the type to give up easily, they quickly came up with a replacement that in many respects is better than the original.Called HamSammich, the new device is the creation of security researchers Robert Graham and David Maynor and can proxy data over the 900 Mhz radio band from 20 miles away at up to 56kbps—the top speed of a dial-up modem from the late 1990s. It was presented at the DEF CON hacking conference on Friday.To read this article in full or to leave a comment, please click here

golang – some constructs part 1

Since starting to play with golang I’ve run into a couple of interesting items I thought worth writing about.  For those of you that are seasoned developers, I assure you, this wont be interesting.  But for us that are getting started this might be worth reading. 

Pointers
Nothing super exciting here if you’ve used them in other languages but it’s worth talking about since it can be confusing.  Pointers are really just a way for us to gain access to the ‘real’ variable when you aren’t in the function that defines it.  Put another way, when you call a function that takes a variable, you are only giving that function a copy of the variable, not the real variable.  Pointers  allow us to reference the actual location in memory where the value is stored rather than the value itself.  Examples always make this more clear.  Take for instance this example of code…

package main

import "fmt"

func main() {
        //Define myname and set it to 'jonlangemak'
        myname := "jonlangemak"
        //Rename without using pointers
        rename(myname)
        fmt.Println(myname)
        //Rename using pointers
        pointerrename(&myname)
        fmt.Println(myname)
}

//Function without pointers
func rename(myname string) {
        myname =  Continue reading

Address Transfers in APNIC

In 2010 the Asia Pacific Regional Address Policy community adopted a policy that permitted address holders in the region to transfer address registration records, enabling an aftermarket in IPv4 addresses to operate with the support of the APNIC registry function. While APNIC was still able to allocate addresses to meet demands there was very little in the way of activity in this market, but once APNIC was down to its last /8 of addresses in April 2011 the level of transfer activity has picked up. In this article I’d like to take a more detailed look at APNIC’s transfer log and see what it can tell us about the level of activity in the address market in the Asia Pacific region.