F5 APM, SRX and DTLS NAT Timeout

I have been having issues using the F5 APM client behind a Juniper SRX-110 using hide NAT. I believe I’ve tracked it down to the default timeout settings used for UDP services. Here’s what I did to resolve it.

Constant Connection Timeouts

The laptop client was behind the SRX-110, using hide NAT. The initial client connection would work, and things would look good for a while. The the client would stop receiving packets. Traffic graphs would show a little bit of outbound traffic, and nothing inbound. Eventually, the client might decide it needed to reconnect. But usually, it would sit there for a few minutes doing nothing. Then I would force a disconnect, which would take a while, and then reconnect. Exceedingly frustrating.

Connecting the client to a different network – e.g. using a phone hotspot – worked fine. No dropouts. Using a wired connection behind the SRX had the same issue. So clearly the problem was related to the SRX.

TLS & DTLS

I dug into the traffic flows to better understand what was going on. This SSL VPN solution makes an initial TLS connection using TCP 443. It then switches over to DTLS using UDP 4433 for ongoing encrypted Continue reading

Digging Deeper into the Cisco ASA Firewall REST API

Security orchestration methods, and of course SDN, are driving the need for programmable interfaces in  security products. The Cisco ASA Firewall added a REST API back in December with the 9.3(2) code release. I've asked Mason Harris from Cisco to write up a quick how-to primer on the ASA API capabilities. Thank you Mason for the great information.Author: Mason Harris CCIE #5916, Solutions Architect, Global EnterpriseOver the years I've seen many different custom methods used to manage ASA firewalls. Most of them involve some version of command line interface (CLI) scripting since nearly all ASA features and functions are available in this manner. Perl and Expect scripts are the common scripting languages in use today for managing ASAs.To read this article in full or to leave a comment, please click here

Digging Deeper into the Cisco ASA Firewall REST API

Security orchestration methods and of course SDN is driving the need for programmable interfaces in  security products.  The Cisco ASA Firewall added a REST API back in December with the 9.3(2) code release.  I've asked Mason Harris, from Cisco, to write up a quick how-to primer on the ASA API capabilities.  Thank you Mason for the great information.Author: Mason Harris CCIE #5916Solutions Architect, Global EnterpriseOver the years I’ve seen many different custom methods used to manage ASA firewalls. Most of them involve some version of command line interface (CLI) scripting since nearly all ASA features and functions are available in this manner. Perl and Expect scripts are the common scripting languages in use today for managing ASAs.To read this article in full or to leave a comment, please click here

Broadcom hardware platform gains support for Apple’s HomeKit

Apple’s efforts to allow people to control household appliances from their iPhones through the company’s HomeKit framework are gaining momentum.Chip maker Broadcom announced Tuesday that the SDK for its WICED hardware platform, which allows manufacturers to build so-called smart devices that can connect to the Internet, is fully compliant with HomeKit. The HomeKit protocols from Apple allow manufacturers to create products that can be controlled from an iOS device.For example, if a smart lock was integrated with HomeKit, people could use an app on their iPhones or speak a command to Siri, Apple’s voice-controlled virtual assistant, to unlock a door. Using Siri to handle voice commands when a person isn’t in his house requires an Apple TV, which works as a gateway to a home network.To read this article in full or to leave a comment, please click here

Intel looking to boost horsepower on server chips with ASIC integration

Intel is expanding its custom server chip program by integrating a special processing unit that could speed up specific applications in cloud computing environments.The chip maker said it will integrate ASICs (application-specific integrated circuits) in future Xeon chips, which will speed up cloud, security and big data applications. The ASIC designs will be provided by eASIC, a fabless semiconductor company based in Santa Clara, California.Intel declined to comment on the type of ASICs being integrated, or when they will be integrated in Xeon chips. But the integrated ASICs will be reprogrammable, and customers will be able to add more flexibility to their servers to handle specific types of tasks.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Internet-over-voice a solution for developing countries

Here's a question: who remembers the pre-broadband days of web? You'd use a voice line, acoustic coupler, and a modem, right?Well, believe it or not, huge swaths of the global population might be about to revert back to this old method for sending data. Only this time it will be over mobile 2G networks instead of dial-up copper twisted-pair—and you won't have to wrap your acoustic coupler in a pillow to prevent stray noise corrupting the data transmission.Modulated sound wave Startup Pangea Communications, presenting at Disrupt NY, reckons that the answer to a lack of data infrastructure for consumers in places such as Africa is to simply convert data into a modulated sound wave and then send the audio down existing 2G pipes to and from mobile devices. Any mobile device would work.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Internet-over-voice a solution for developing countries

Here's a question: who remembers the pre-broadband days of web? You'd use a voice line, acoustic coupler, and a modem, right?Well, believe it or not, huge swaths of the global population might be about to revert back to this old method for sending data. Only this time it will be over mobile 2G networks instead of dial-up copper twisted-pair—and you won't have to wrap your acoustic coupler in a pillow to prevent stray noise corrupting the data transmission.Modulated sound wave Startup Pangea Communications, presenting at Disrupt NY, reckons that the answer to a lack of data infrastructure for consumers in places such as Africa is to simply convert data into a modulated sound wave and then send the audio down existing 2G pipes to and from mobile devices. Any mobile device would work.To read this article in full or to leave a comment, please click here

BGP Listen Range Command

Original content from Roger's CCIE Blog Tracking the journey towards getting the ultimate Cisco Certification. The Routing & Switching Lab Exam
BGP Dynamic Neighbors are a way to bring up  BGP neighbors without specifically defining the neighbors remote IP address. Using the BGP Listen Range command you specify a range of IP addresses typically on your Hub site (maybe in a DMVPN environment) that you trust to become BGP neigbors with you. When a TCP request... [Read More]

Other pages of interest:

Post taken from CCIE Blog

Original post BGP Listen Range Command

Law firm challenges net neutrality rules, saying they’re too weak

The U.S. Federal Communications Commission is facing a new, novel challenge to its recent net neutrality rules: a communications law firm is arguing the regulations aren’t strong enough.The petition from Washington, D.C., law firm Smithwick and Belendiuk is a new wrinkle for the FCC, after a spate of lawsuits from broadband providers and trade groups challenging the rules for creating too many regulations.The FCC’s net neutrality rules, passed Feb. 26, fall short in several ways, firm partner Arthur Belendiuk said. The shortcomings are largely related to the agency’s decision to forbear from applying traditional telecommunication regulations to broadband even though it reclassified broadband as a regulated telecom service, he said.To read this article in full or to leave a comment, please click here

Citrix launches Workspace Cloud with BYOD flexibility

Life today is vastly more complicated for IT managers than it used to be, thanks in large part to two key trends: bring-your-own-device computing and the growing prevalence of mixed-infrastructure IT environments.Aiming to ease some of the pressure on both ends, Citrix on Tuesday unveiled a new cloud offering designed to give enterprises maximum flexibility.The Citrix Workspace Cloud is built on the notion of a personal “work space” that includes all the desktop, Web and mobile apps a user needs, along with data, documents and collaboration tools. Essentially, the software lets IT administrators put all that together in a unified package and deliver it securely to users wherever they are, no matter what device or network they’re using.To read this article in full or to leave a comment, please click here

iPhone 6s to feature 2GB of RAM, Force Touch, sturdier aluminum frame and much more

The iPhone 6 and 6 Plus incorporated what were arguably the most significant upgrades Apple's smartphone had ever seen. In addition to much larger screens, the iPhone 6 models also introduced to Apple Pay, Cupertino's take on mobile payments.Not surprisingly, iPhone 6 sales have been record-setting, which of course leads one to wonder what Apple has planned in order keep its iPhone sales momentum going strong.Well, thanks to KGI Securities analyst Ming-Chi Kuo, we now know a whole lot more about what type of new features we can expect to see in Apple's next-gen iPhone models.One of the more exciting things about Apple's upcoming iPhones, according to Kuo, and originally relayed by GforGames, is that they will finally come with 2GB of RAM. With more RAM in tow, next-gen iPhones will likely run a bit smoother, a bit faster, and will be able to handle more intensive apps.To read this article in full or to leave a comment, please click here

BGP PIC – Prefix Independent Convergence

BGP PIC ( Prefix Independent Convergence )  is a BGP Fast reroute mechanism which can provides sub second convergence even for the 500K internet prefixes by taking help of IGP convergence. BGP PIC uses hierarchical data plane in contrast to flat FIB design which is used by Cisco CEF and many legacy platforms. In a hierarchical… Read More »

The post BGP PIC – Prefix Independent Convergence appeared first on Network Design and Architecture.

Russian cyber group seen preparing to attack banks

A security firm is warning that a group of Russian hackers known for targeting military, government and media organizations is now preparing to attack banks in the U.S. and elsewhere.The group’s preparations, which have included writing new malware, registering domain names similar to those of intended targets, and setting up command-and-control servers, were discovered by analysts from security firm Root9B.The group has been active since at least 2007 and is known by various names including APT28 and Pawn Storm. Several security vendors believe it operates out of Russia and has possible ties to that country’s intelligence agencies.To read this article in full or to leave a comment, please click here

Verizon and Sprint to pay a total of $158M for unauthorized text billing

Mobile carriers Verizon Wireless and Sprint will pay a combined US$158 million[m] to settle complaints by two U.S. government agencies that they billed millions[m] of customers for unauthorized, third-pay text messaging services.Verizon will pay $90 million[m] and Sprint $68 million[m] to settle the so-called bill cramming complaints brought by the Federal Communications Commission and the Consumer Financial Protection Bureau.Along with other recent federal and state actions targeting bill cramming, the nation’s four largest mobile phone carriers have agreed to pay $353 million[m] in penalties and restitution in recent months, with more than $267 million[m] set aside to be returned to affected customers, the FCC said on Tuesday.To read this article in full or to leave a comment, please click here

Verizon and Sprint to pay a total of $158M for unauthorized text billing

Mobile carriers Verizon Wireless and Sprint will pay a combined US$158 million[m] to settle complaints by two U.S. government agencies that they billed millions[m] of customers for unauthorized, third-pay text messaging services.Verizon will pay $90 million[m] and Sprint $68 million[m] to settle the so-called bill cramming complaints brought by the Federal Communications Commission and the Consumer Financial Protection Bureau.Along with other recent federal and state actions targeting bill cramming, the nation’s four largest mobile phone carriers have agreed to pay $353 million[m] in penalties and restitution in recent months, with more than $267 million[m] set aside to be returned to affected customers, the FCC said on Tuesday.To read this article in full or to leave a comment, please click here

How to Become an Internet Supervillain in Three Easy Steps

One of the truisms of comic books and graphic novels is that nothing is immutable – both heroes and villains are rebooted, retconned, featured as radically (or subtly) different versions in alternate timelines, etc. The Marvel Cinematic Universe, which so far includes the Captain America, Thor, Hulk, Iron Man, and Avengers films, is a good example. DC are doing the same with The Flash and Green Arrow, and the latest cinematic incarnations of Batman and Superman are set to do battle with one another in a projected summer blockbuster movie next year.

And these new variants on old stories proliferate throughout the various versions of each character arc – variations on the same themes, but instantly recognizable to long-time fans and easily remembered by new ones. Tony Stark’s updated Iron Man origin story in the first Iron Man movie is one such example; the supervillain Mystique’s origin in the X-Men series of films (not part of the MCU) is another.

That isn’t to say that there’s no innovation taking place – Frank Miller’s The Dark Knight Returns radically migrated the general public perception of Batman away from the 1960s comedy paradigm Continue reading

CoxHealth finds relief in a network overhaul that pushes Layer 3 to the edge

The network at CoxHealth, a healthcare organization in Springfield, Missouri, with five hospitals, 83 clinics and 10,000 employees, was running out of gas just as new demands were ratcheting up, so Senior Manager for IT Dan Brewer started to rethink everything. Here’s the story he shared with Network World Editor in Chief John Dix.To read this article in full or to leave a comment, please click here(Insider Story)

1 3,492 3,493 3,494 3,495 3,496 3,841