NetworkingNexus.net

HP Network Simulator

Is released by HP the new version of simulator for network devices (Switches and Routers) based on Comware 7 OS. This software is called HP Network Simulator.

I’m very happy about that because I have waited for a long time to run some commands and features in a lab environment.

The simulator is based on Cowmare 7 ( most commands are very similar to OS 5 version)

List below the link for download, inside there are some instructions for installing and configuring the topology that you wish.

http://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/psi/swdDetails/?swItem=nw_130365_1&ac.admitted=1403627434906.876444892.199480143

Despite of the software working on GUI mode, the topology design must be made via text in a configuration file (also explained in the software manual).

Enjoy it, share and comment. It’s a good time to celebrate.

If the link is broken, please leave a comment.

Show 198 – Kirk Byers on Network Automation with Python & Ansible

Kirk Byers has been doing network automation work for quite a while now. I’ve been following his Pynet mailing list, where he teaches list members in a series of structured lessons how to code in Python, harnessing the scripting language’s power for network automation. I met Kirk at Cisco Live US, and we got to […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Show 198 – Kirk Byers on Network Automation with Python & Ansible appeared first on Packet Pushers Podcast and was written by Ethan Banks.

[SDN Protocols] Part 2 – OpenFlow Deep-Dive

In the last post, I introduced you to the concept of control plane abstraction, specifically the OpenFlow implementation. I talked about how OpenFlow allows us to specify the flows that we want to be programmed into the forwarding plane, from outside the forwarding device itself. We can also match on fields we typically don’t have access to in traditional networking, since current hardware is optimized for destination-based forwarding. In this post, I plan to cover quite a few bases.

[SDN Protocols] Part 2 – OpenFlow Deep-Dive

HTIRW: DNS Security

In the last few posts on this topic, we’ve talked about the various bits and parts of the DNS system, from who pays to how it works to DNS tools. This time, we’re going to finish off DNS in this (probably record breaking for Packet Pushers) series, and talk about some various aspects of DNS […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the area Continue reading

Recognizing IP MTU Issues

At some point, Network engineers will likely face some type of issue with MTU or maximum transmittable unit. Their first experience with this may be an eye opening and time consuming effort. After resolving the issue, those with a thirst for knowledge will take the necessary time to understand the issue.

MTU problems are most often seen when Path MTU Discovery, or PMTUD, fails to function. This is the process by which one end host determines the largest possible packet size to another station on the network. Symptoms of this type of issue include two devices having proven reachability, but applications fail to work in a way that indicates a network issue. Some applications may even crash or hang the system.

Symptoms of PMTUD Failure

Hosts may be able to ping one another
Service/Port may prove accessible using telnet
Severe and persistent application issues
Partial page loads
Either host appearing to hang

Understanding IP MTU

To understand the problems of Path MTU Discovery, it is first necessary to understand how MTU relates to the conversation. MTU, or maximum transmittable unit, is the maximum chunk of data that a given interface can transmit. The type of data receiving our attention is IP Continue reading

Some Internet Measurements

At APNIC Labs we’ve been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP.

Handling “Multiples” in Cisco NX-API with Python

A few weeks ago, I was working with the NX-API currently found on Cisco’s Nexus 9000 series switches, and ran into some peculiar behavior.

NX-API returns all information in terms of Tables and Rows. For a specific example, let’s look at what NX-API returns when I ask the switch for running OSPF processes:

There’s actually a lot more information in this snippet that pertains to the OSPF process itself, but I have omitted it for brevity. This specific example focuses on the section that describes the areas in this OSPF process.

{
  "ins_api": {
    "sid": "eoc",
    "type": "cli_show",
    "version": "0.1",
    "outputs": {
      "output": {
        "code": "200",
        "msg": "Success",
        "input": "show ip ospf",
        "body": {
          "TABLE_ctx": {
            "ROW_ctx": {
              ### OSPF process information omitted for brevity ###
              "TABLE_area": {
                "ROW_area": {
                  "age": "P15DT15H27M6S",
                  "loopback_intf": "1",
                  "passive_intf": "0",
                  "last_spf_run_time": "PT0S",
                  "spf_runs": "9",
                  "lsa_cnt": "5",
                  "no_summary": "false",
                  "backbone_active": "true",
                  "stub": "false",
                  "aname": "0.0.0.0",
                  "total_intf": "2",
                  "auth_type": "none",
                  "act_intf": "2",
                  "nssa": "false",
                  "lsa_crc": "0x18d91"
                }
              }
            }
          }
        }
      }
    }
  }
}

NXAPI uses a special tag that starts with TABLE, and within that, tag(s) that start with ROW, whenever it needs to describe something that would normally be Continue reading

Understanding IPv6: Link-Local ‘Magic’

Denise Fishburne performs a little IPv6 sleight of hand in the second post in her series on IPv6.

Working with VMware NSX – Logical networking

In my last post, we wrapped up the base components required to deploy NSX. In this post, we’re going to configure some logical routing and switching. I’m specifically referring to this as ‘logical’ since we are only going to deal with VM to VM traffic in this post. NSX allows you to logically connect VMs at either layer 2 or layer 3. So let’s look at our lab diagram…

If you recall, we had just finished creating the transport zones at the end of the last post. The next step is to provision logical switches. Since we want to test layer 2 and layer 3 connectivity, we’re going to provision NSX in two separate fashions. The first method will be using the logical distributed router functionality of NSX. In this method, tenant 1 will have two logical switches. One for the app layer and one for the web layer. We will then use the logical distributed router to allow the VMs to route to one another. The 2nd method will be to have both the web and app VMs on the same logical layer 2 segment. We Continue reading

Quick’n’dirty Nslookup BASH Script

I’m always wondering if the addresses I’m assigning to interfaces aren’t already in DNS. So I came up with a little BASH script that takes a list of IP addresses and performs an nslookup on them to ensure they’re not in use already:

$nslookup < input-filename > output-filename

The addresses in the input file are carriage return delimited.

A better use for this would be to check if DNS entries already have an IP address assigned to them.

Handling “Multiples” in Cisco NX-API with Python

A few weeks ago, I was working with the NX-API currently found on Cisco’s Nexus 9000 series switches, and ran into some peculiar behavior. NX-API returns all information in terms of Tables and Rows. For a specific example, let’s look at what NX-API returns when I ask the switch for running OSPF processes: There’s actually a lot more information in this snippet that pertains to the OSPF process itself, but I have omitted it for brevity.

Handling “Multiples” in Cisco NX-API with Python

27 – Stateful Firewall devices and DCI challenges – Part 1

Stateful Firewall devices and DCI challenges

Having dual sites or multiple sites in Active/Active mode aims to offer elasticity of resources available everywhere in different locations, just as with a single logical data center. This solution brings as well the business continuity with disaster avoidance. This is achieved by manually or dynamically moving the applications and software framework where resources are available. When “hot”-moving virtual machines from one DC to another, there are some important requirements to take into consideration:

Maintain the active sessions stateful without any interruption for hot live migration purposes.
Maintain the same level of security regardless the placement of the application
Migrate the whole application tier (not just one single VM) and enable FHRP isolation on each side to provide local default gateway (which works in conjunction with the next bullet point)
While maintaining the live migration, it can be crucial to optimise the workflow and reduce the hair-pining effect as much as we can since it adds latency. As such, the distances between the sites as well as the network services used to optimize and secure the multi-tier application workflows amplify the impact of performances.

As with several other network and security services, the Continue reading

Everything can be a bomb

This last week, pranksters replaced the US flag on top the Brooklyn Bridge with a white-flag. Nobody knows who or why. Many in the press have linked this to terrorism, pointing out that it could've been a bomb. Not only local New York newspapers have said this, but also CNN.

Such irrational fears demonstrate how deeply we've fallen for police-state fears, where every action is perceived as a potential terrorist threat.

It could've been a bomb, of course. But what could also have been a bomb is a van full of C4 explosives driven across the bridge. There are no checkpoints at either end inspecting vehicles with bomb sniffing dogs. What also could've been a bomb is a ship full of fertilizer that, when ignited, would act as a small nuke. The point is that everything can be a bomb. Instead of using this as justification for an ever increasing police-state, we just need to accept this and live with the danger -- because this danger is, in the end, tiny. A thousand 9/11 events would still not equal cancer, for example.

I mention this because the former 9/11 commission released a new report yesterday stoking the fears of cyber-terrorism, Continue reading

Configuring NetFlow on vSphere 5.5

The NetFlow protocol was developed by Cisco to collect traffic statistics. An enabled NetFlow device send to a NetFlow receiver a set of flows via UDP protocol. Each NetFlow contains one or more records: Input and output interface index Timestamps Number of bytes and packets observed in the flow Source and destination IP addresses Protocol, source […]

(Visited 300 times since 2013-06-04, 1 visits today)

Um, talks are frequently canceled at hacker cons

Talks are frequently canceled at hacker conventions. It's the norm. I had to cancel once because, on the flight into Vegas, a part fell off the plane forcing an emergency landing. Last weekend, I filled in at HopeX with a talk, replacing somebody else who had to cancel.

I point this out because of this stories like this one hyping the canceled Tor talk at BlackHat. It's titled says the talk was "Suddenly Canceled". The adverb "suddenly" is clearly an attempt to hype the story, since there is no way to slowly cancel a talk.

The researchers are academics at Carnegie-Mellon University (CMU). There are good reasons why CMU might have to cancel the talk. The leading theory is that it might violate prohibitions against experiments on unwilling human subjects. There also may be violations of wiretap laws. In other words, the most plausible reasons why CMU might cancel the talk have nothing to do with trying to suppress research.

Suppressing research, because somebody powerful doesn't want it to be published, is the only reason cancelations are important. It's why the Boston MTA talk was canceled, because they didn't want it revealed how to hack transit cards. It's why the Continue reading

How to run Juniper Firefly Perimeter vSRX on GNS3

Firefly Perimeter is a virtual security appliance that provides security and networking services at the perimeter in virtualized private or public cloud environments. It runs as a virtual machine (VM) on a standard x86 server and delivers similar security and networking features available on branch SRX Series devices.

However not all the features that are supported by SRX hardware devices are supported. Here is the list of features supported by current firefly 12.1x46-d10 release.

Firefly Perimeter Hardware Specifications

Memory 2 GB
Disk space 2 GB
vCPUs 2
vNICs Up to 10
Virtual Network Interface Card type (NIC) E1000

Thanks to Juniper’s software evaluation program we can download the Firefly Perimeter security solution for free and test it out for 60 days. In this tutorial we are going to connect Firefly Perimeter to GNS3 and create a simple lab to test connectivity between two vSRX instances. As GNS3 has built-in support for VirtualBox and Qemu/KVM they both can used as hypervisor.

Firefly Perimeter virtual machines can be download here. You have to use your Juniper account to proceed the download but a valid service contract is not required to to download Firefly Perimeter virtual machine.

Picture 1 - Juniper Login Window

Notice that they Continue reading

Big Switch Networks Launches Mature Hardware-Centric Data Centre SDN Solution

Big Switch Networks (BSN) launches Version 4.0 of Big Cloud Fabric for hardware-centric SDN data centre fabric. The Data Centre Fabric solution clearly shows the maturity gained from 5 years of shipping products while adding innovation in switch hardware through Switch Light operating system. At the same time, they have completed the transition from platform to product. A product that really has what you need in a hardware-centric SDN platform and addresses nearly all of the issues the competitors have not addressed. And it is shipping now.

The post Big Switch Networks Launches Mature Hardware-Centric Data Centre SDN Solution appeared first on EtherealMind.

« Previous 1 … 3,576 3,577 3,578 3,579 3,580 … 3,693 Next »