0

Validation Testing Matters

A couple of weeks ago, a CLN Member Posted a question with the heading Does ASA drop active session.

The specific question was as follows–

I have a time based ACL configured on a Cisco ASA. I need to know if the active sessions are dropped by the ASA when the time limit is over.

For example, users are allowed to connect between 12 and 1 PM. If there are any active connections just before 1 PM then will they be dropped at 1 PM?

Many network and security administrators would blindly assume that a time-based ACL would block or allow traffic based on the time-range attached to the individual ACE. Having quite a lot of experience with the ASA, I was skeptical and assumed that any ongoing connections would continue to allow the flow of traffic. I decided to do a little testing and here is what I found.

1. Viewing the ACL, the time based ACE (line in the ACL) switched from active to inactive about 60-70 seconds after I expected it to
2. When testing with sessionized ICMP (fixup protocol icmp–to enable ICMP inspection), ICMP Echoes were blocked as soon as the ACE switched to inactive
3. Testing with TCP, a connection through Continue reading

0

The Importance of Seeing Your Network Topology

by Alex Hoff, originally published on the Auvik blog As our product development adventure has unfolded over the past two years, we’ve

0

Interact with Ansible

Find Ansible on all of your favorite social networks and on the web.

Twitter

Facebook

Github

Ansible Meetups

LinkedIn (Group)

LinkedIn (Page)

Google+

Ansible Project Google Group

0

Configuring a load balancer with VMware NSX

In the previous post a NAT has been configured to allow access from external networks:   Now the edge router will act as a load balancer too: connection to the edge router with destination port 2222 will be balanced on both internal VM using the port 22. Go to “Networking & Security -> NSX Edges”, […]

0

Configuring NAT and firewall on a NSX Edge Router

On a previous post the edge router has been connected to external network: In this post NAT and Firewall will be configured to allow SSH access to VM1 from external networks. Go to “Networking & Security -> NSX Edges”, double click on the edge router and follow “Manage -> NAT”. Add a DNAT role so […]

0

Truly Educated

0

But Does it Work?

When I was in the USAF, a long, long, time ago, there was a guy in my shop — Armand — who, no matter what we did around the shop, would ask, “but does it work?” For instance, when I was working on redoing the tool cabinet, with nice painted slots for each tool, he walked by — “Nice. But does it work?” I remember showing him where each tool fit, and how it would all be organized so we the pager went off at 2AM because the localizer was down (yet again), it would be easy to find that one tool you needed to fix the problem. He just shook his head and walked away. Again, later, I was working on the status board in the Group Readiness Center — the big white metal board that showed the current status of every piece of comm equipment on the Base — Armand walked by and said, “looks nice, but does it work?” Again, I showed him how the new arrangement was better than the old one. And again Armand just shook his head and walked away. It took me a long time to “get it” — to Continue reading

0

Improving ECMP Load Balancing with Flowlets

Every time I write about unequal traffic distribution across a link aggregation group (LAG, aka Etherchannel or Port Channel) or ECMP fabric, someone asks a simple question “is there no way to reshuffle the traffic to make it more balanced?”

TL&DR summary: there are ways to do it, and some vendors already implemented them.

Read more ...

0

PQ Show 42 – HP Networking – Location Aware Wireless

This sponsored podcast is another in our series of recordings made at HP Discover 2014 in Barcelona, Spain. Once again, our special thanks to Chris Young for bringing us technical guests and not just fluffy marketing folks. Technical Marketing Engineer at HP Networking Yarnin Israel and Senior Research Scientist at HP Labs Souvik Sen join Packet […]

Author information

The post PQ Show 42 – HP Networking – Location Aware Wireless appeared first on Packet Pushers Podcast and was written by Ethan Banks.

0

PfSense VirtualBox Appliance as Personal Firewall on Linux

The tutorial explains how to set up pfSense VirtualBox appliance in order to use it as a personal firewall on Linux. It shows Linux network

0

PfSense VirtualBox Appliance as Personal Firewall on Linux

The tutorial explains how to set up pfSense VirtualBox appliance in order to use it as a personal firewall on Linux. It shows Linux network configuration to support this scenario and provides an installation script that automatically builds a VirtualBox virtual machine ready for pfSense installation. It also describes pfSense installation and shows minimal web configuration needed for successful connection to the Internet.

pfSense Live CD ISO disk can be downloaded from here.

1. Linux Network Configuration

We are going to install pfSsense from live CD ISO image on a VirtualBox virtual machine. To do so we must reconfigure an existing network interface, create a new one and configure new static default routes. A network topology consists of Linux Fedora with installed VirtualBox virtualizer. is shown below.

Picture 1 - Network Topology

A wireless network card is installed in Linux and presented as an interface wlp3s0. The interface wlp3s0 is the interface that connects Pfsense virtual machine to the outside world. This interface will be bridged with a first network adapter (em0) of the Pfsense virtual machine. Bridging host adapter wlp3s0 with the guest adapter em0 (WAN interface of Pfsense) will be done using vboxmanage utility and shown later in the tutorial.

As the Pfsense appliance is Continue reading

0

Docker Networking – CoreOS Flannel

This blog is part of my ongoing series on Docker containers. In this blog, I will cover Flannel which is a CoreOS networking solution to connect containers across multiple hosts. Please refer to my first blog on CoreOS to understand CoreOS basics as well as how to setup CoreOS cluster. Flannel Overview: Flannel creates an … Continue reading Docker Networking – CoreOS Flannel →

0

CoreOS overview

This blog is part of my ongoing series on Docker containers. In this blog, I will cover basics of CoreOS and some hands-on stuff I tried with CoreOS. As mentioned in my other blog on Docker  orchestration, CoreOS falls in the category of specialized Linux distributions that can host Containers and are suitable for massive server deployments. … Continue reading CoreOS overview →

0

Docker Networking – Weave

This blog is part of my ongoing series on Docker containers. Weaveworks is developing a Docker Networking solution to connect Containers. I recently played around with their solution and in this blog, I will capture some of my thoughts. Following are some internals on their implementation as I understood: Weave creates a Weave bridge as well as … Continue reading Docker Networking – Weave →

0

Docker Networking – Socketplane

This blog is part of my ongoing series on Docker containers. In my previous blogs 1 and 2, I covered basics of Docker Networking and also covered some of the limitations with the current solutions. In the next few blogs, I will cover Docker Networking solutions from Socketplane, Weaveworks, CoreOS. Socketplane is developing a Docker networking … Continue reading Docker Networking – Socketplane →

0

Welcome to MovingPackets.NET!

Welcome to my new home! If you’ve come over here because you used to read my drivel on LameJournal, then thank you! If you’re a new visitor, you are very welcome and I hope you choose to subscribe by RSS or Email so you can get notified of new posts.

MovingPackets.net is the new name for LameJournal. All the networking and computer-related content from LameJournal has been duplicated here at MovingPackets, but the photography content is gone and I’ll attempt to stay focused on things related to moving packets around as I post here going forward.

I have a new site theme, and with the new name as well, things are still likely to change a bit here visually (I have no logo yet for example). Still, there’s no time like the present so I decided to launch the site and I’ll tweak things as we go along with the aim of making the content more easily accessible. I hope you like my new home; it’s going to take a while before it feels comfortable!

Thanks for stopping in at MovingPackets.

John.

If you liked this post, please do click through to the source at Welcome to MovingPackets.NET! and give me a share/like. Thank you!

0

MovingPackets.NET – The New Name for LameJournal

I’ve been quiet lately, mostly because I’ve been horribly busy but also in part because I’ve been thinking that it’s about time to rebrand LameJournal to something that better reflects the content. And to that end, MovingPackets.net has been born. All the … Continue reading →

If you liked this post, please do click through to the source at MovingPackets.NET – The New Name for LameJournal and give me a share/like. Thank you!

0

QoS Design Notes for CCDE

Trying to get my CCDE studies going again. I’ve finished the End to End QoS Design book (relevant parts) and here are my notes on QoS design.

Basic QoS

Different applications require different treatment, the most important parameters are:

• Delay: The time it takes from the sending endpoint to reach the receiving endpoint
• Jitter: The variation in end to end delay between sequential packets
• Packet loss: The number of packets sent compared to the number of received as a percentage

Characteristics of voice traffic:

• Smooth
• Benign
• Drop sensitive
• Delay sensitive
• UDP priority

One-way requirements for voice:

• Latency ≤ 150 ms
• Jitter ≤ 30 ms
• Loss ≤ 1%
• Bandwidth (30-128Kbps)

Characteristics for video traffic:

• Bursty
• Greedy
• Drop sensitive
• Delay sensitive
• UDP priority

One-way requirements for video:

• Latency ≤ 200-400 ms
• Jitter ≤ 30-50 ms
• Loss ≤ 0.1-1%
• Bandwidth (384Kbps-20+ Mbps)

Characteristics for data traffic:

• Smooth/bursty
• Benign/greedy
• Drop insensitive
• Delay insensitive
• TCP retransmits

Quality of Service (QoS) – Managed unfairness, measured numerically in latency, jitter and packetloss

Quality of Experience (QoE) – End user perception of network performance, subjective and can’t be measured

Tools

Classification and marking tools: Session, or flows, are analyzed to determine what class the packets belong to Continue reading

0

NFD9 Prep: NetBeez

I’m reviewing the presenters for Network Field Day 9, in particular looking at those I’m not familiar with. NetBeez is one of those making their first Tech Field Day appearance.

NetBeez

We all know that our users and the applications they access are incredibly distributed. We don’t control all the network elements, but the network team still gets the blame if things go wrong. You need greater visibility to prove it’s not the network, but getting that visibility is tough. Current options for probes aren’t always cost-effective to deploy across many sites. Many sites don’t have any local server infrastructure.

That’s where NetBeez comes in. They have developed Raspberry Pi-based agents that can easily be deployed to many locations. Plug in power, plug in a network cable, and it phones home. Go to the NetBeez dashboard, and from there you can configure the tests you want the agent to run.

Since the devices are so small, they can easily be deployed to a range of small sites, and can simulate a range of user traffic. Tests include Ping, HTTP, Traceroute, DNS. A particularly nice feature is the ability to run an ad-hoc iPerf test with custom parameters.

The dashboard shows you how the Continue reading

0

It’s About Application Delivery, Not Networking

Send to Kindle@DrDust tweets: @packetpushers – at the beginning you appeared very Cisco centric. Now not so much. What do you guys “like” working on? Be warned, @DrDust. This is probably not the post you’re looking for. But it’s where my mind went after reading your question. ;-) On Early Cisco-centrism I don’t especially remember that […]