NetworkingNexus.net

Elephant Detection in Virtual Switches & Mitigation in Hardware

These are notes from a “Elephants and Mice” on elephant flow detection and mitigation in software switches. The result of tests demonstrate that integration between overlay and underlay networks has value. This solution uses low cost networking components and highlights some competitive positioning against Cisco ACI.

The post Elephant Detection in Virtual Switches & Mitigation in Hardware appeared first on EtherealMind.

[minipost] How to fix MySQL lost table description from .frm files after emergency migration of /var/lib/mysql

For best article visual quality, open [minipost] How to fix MySQL lost table description from .frm files after emergency migration of /var/lib/mysql directly at NetworkGeekStuff.

In May 2014, networkgeekstuff.com got a small problem when the hosting BeagleBone Black went dead and the old Raspberry PI environment was on that point already used for another project. I was forced to migrate quickly to a virtual server hosting company that I use. Actually it was a performance boost and quick quick, my MySQL and Apache migration scripts for backup recovery made the transition in ~2 hours. But last week I noticed that my MySQL backup system had troubles with two WordPress tables.

The MySQLdump was telling me that two tables do not exist with this message:

root@gserver:~/scripts/tachicoma_remote_backup# mysqldump -h localhost -u mysqlbackuper -p<removed> wordpressikdata > wordpressikdata.sql
mysqldump: Got error: 1146: Table ‘wordpressikdata.wp_rfr2b_options‘ doesn’t exist when using LOCK TABLES

root@gserver:~/scripts/tachicoma_remote_backup# mysqldump -h localhost -u mysqlbackuper -p<removed> wordpressikdata > wordpressikdata.sql
mysqldump: Got error: 1146: Table ‘wordpressikdata.wp_rfr2b_options‘ doesn’t exist when using LOCK TABLES

But when I looked at /var/lib/mysql/wordpressikdata, the files for these tables are there, and show tables showed these tables as well.

mysql> show  Continue reading

Relaying email with postfix + TLS through gmail

I needed to relay email from appliances in my house, and wanted to use my gmail domain + TLS to do it. Following are my notes from setting up a postfix server to do that job. All email relayed by this server appear to be sourced from the gmail account I created for it.

I wouldn't use this for anything customer-facing, but it's a reasonable way to get messages out of closed environments without worrying about how the messages were sourced, who they appear to be from, will SPF records screw things up, etc...

Create gmail account
I'm using an account named [email protected]. I set that guy up, and gave him a password.

Install Linux somewhere
I'm using a minimal installation of CentOS 6.5 for this project, installed with some automated nonsense I've long used for this sort of thing.

Tweak hostname

 sed -i 's/localhost.localdomain/postfix-relay.marget.com/' /etc/sysconfig/network

NFS mount my CentOS repository
The next little bit uses automounter to hang my CentOS repository on /CentOS and configure it as a repository. Skip it.

 yum install -y nfs-utils wget tcpdump unzip autofs  
 service rpcbind start  
 service autofs restart  
 ln -s /net/my_nfs_server/path/to/CentOS/ /CentOS  
 cp /etc/yum.repos.d/CentOS-Media.repo  Continue reading

HP Unified Wireless: Central 802.1x configuration

This post is a sample configuration of an 802.1x WPA2/AES WLAN service on the HP Unified Wireless platform. This configuration assumes: Central authentication: AP forwards all 802.1x over the LWAPP tunnel to the Access Controller (AC). The AC is the … Continue reading →

Creating a Vagrant base box for RHEL with Bento

I <3 the Opscode Bento project. I use the Amazon S3 hosted images for pretty much all of my Vagrant boxes. When I started to use RHEL, I didn't want to make an exception... Fortunately Bento allows you to build your own RHEL, OSX or Windows boxes using Packer. This is how I built my RHEL 6.4 x64 box, but this process should work for any other box you want to build manually...

Creating a Vagrant base box for RHEL with Bento

Install Packer

If you are on OSX, you can install Packer using Homebrew:

brew tap homebrew/binary
brew install packer

If not, you can follow the instructions on the Packer's website

Pre-Reqs

Clone bento and add your RHEL Server ISO

https://github.com/opscode/bento.git
cd bento/packer
mkdir iso
#cp your rhel-server iso here... it should be named rhel-server-6.5-x86_64-dvd.iso

Build your RHEL box

packer build -only=virtualbox-iso -var 'mirror=file:///`pwd`/iso' rhel-6.5-x86_64.json

This takes a little while so go and get some coffee...

Add to Vagrant

cd ..
vagrant box add rhel65x64 builds/virtualbox/opscode_rhel-6.5_chef-provisionerless.box

Then to test it, create a new Vagrant image that uses the new rhel65x64 image

cd <a tmp dir>
vagrant init
sed -i '' 's/config.vm.box = "base"/config.vm.box = "rhel65x64"/g' Vagrantfile
vagrant up
vagrant ssh
vagrant destroy

Fin.

@dave_tucker

HP Unified Wireless: Free access option on guest portal

This post covers a simple portal web interface customization, which will provide a “Free Access” option for guest users. Some organizations do not want to administer guest accounts, but simply want to display a legal disclaimer which should be accepted … Continue reading →

Show 190 – The Silicon Inside Your Network Device – Part 3

The third and final episode in the very popular series on where we attempt to discover what really happens inside your network device.

Although software will be at heart of network innovation for the enxt decade, it will still run on hardware and it's time to expose the internals of our network hardware and understand the hardware architecture inside a typical device. Many people are surprised to find that CPUs, memory, storage and buses are similar to computers while the forwarding engines are rather spectacularly different.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post Show 190 – The Silicon Inside Your Network Device – Part 3 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

NFV – CPE vendors MUST evolve!

Customer Premises Equipment (CPE) devices have always been a pain point for the service providers. One, they need to be installed in large large numbers (surely you remember the truck rolls that need to be sent out), and second, and more importantly, they get complex and costlier with time. As services and technology evolve, these need to be replaced with something more uglier and meaner than what existed before. In a large network, managing all the CPEs — right from the configuration, activation, monitoring, upgrading and efficiently adding more services – in itself becomes a full time job (and not the one with utmost satisfaction i must add).

ETSI’s Use case #2 describes how the CPE device can be virtualized. The idea is to replace the physical CPEs with all the services it supports on an industry standard server that is and cheaper and easier to manage. Doing this can reduce the number and complexity of the CPE devices that need to be installed at the customer sites.

The jury is still out on the specific functions that can be moved out of the CPE. Clearly, what everybody agrees to is a need for a device that will physically connect the customer to the network. Continue reading

The Best Of Both Worlds – Soraya

By Matt Bing & Dave Loftus

Arbor Networks’ ASERT has recently discovered a new malware family that combines several techniques to steal payment card information. Dubbed Soraya, meaning “rich,” this malware uses memory scraping techniques similar to those found in Dexter to target point-of-sale terminals. Soraya also intercepts form data sent from web browsers, similar to the Zeus family of malware. Neither of these two techniques are new, but we have not seen them used together in the same piece of malware.

Initialization

Soraya begins by injecting itself as a thread on several system processes, including the Windows Shell explorer.exe. The malware maintains persistence by writing a copy of itself into the AppData directory with the name servhost.exe, and setting itself to execute with the registry key HKCUSOFTWAREMicrosoftWindowsCurrentVersionRunWinServHost.

New processes launched from the infected explorer.exe shell, notably web browsers, will have Soraya code injected. The malware does this by hooking calls to the ntdll.dll!NtResumeThread() function, which is responsible for process initialization. The function ntdll!NtQueryDirectoryFile() is also hooked to hide displaying the servhost.exe file. Both of these techniques are similar to functionality found in the Zeus family of malware.

Memory Scraping

One thread Continue reading

QoS Pre-Classify – Where to Apply the Service Policy ?

This post represents the solution and explanation for quiz #23. Quiz Review This quiz shows a scenario where the network engineer has to configure Low Latency Queuing (LLQ) for some traffic that will be encrypted into an IPsec tunnel. The configuration of the policy-map is given but it has not been applied yet anywhere, as shown below: The final question is “what is missing to finish this task ?” giving... [read more]

The OpenStack Network Node – Layer 3 Agent

When networks are deployed in a box by box model, network admins know exactly what, where, and how something is being configured. In highly dynamic environments, this may not be the case. This is why it’s crucial to understand what is really going on behind the scenes. In OpenStack, there are several components that together are comprised to make OpenStack Networking (aka Neutron). These include the Neutron server, dhcp agent, metadata agent, L3 agent, and then the agents that would reside in the infrastructure to be programmed (on either physical and/or virtual switches). For example, in Open vSwitch deployments, there would be a Neutron OVS agent on each host/server. And this could vary based on which particular vendor plugin is being used too!

In this post, I’m going to mainly focus on the Neutron Layer 3 agent because I had a hard time grasping this one at first. It turns out that it’s not so bad after all.

When I first started reading about Neutron, I saw many references that there was only one (1) layer 3 agent supported in a given deployment. That just didn’t seem to make sense because that Continue reading

PQ Show 31 – Dell, Cumulus Networks and the Open Networking Revolution – Sponsored

Packet Pushers Greg Ferro and Ethan Banks recently sat down with Arpit Joshipura, VP of Product Management for Dell Networking and J.R. Rivers, CEO of Cumulus Networks, to discuss their recent historic announcement to make Open Networking solutions available to consumers worldwide.

Author information

Greg Ferro

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

The post PQ Show 31 – Dell, Cumulus Networks and the Open Networking Revolution – Sponsored appeared first on Packet Pushers Podcast and was written by Greg Ferro.

QoS Pre-Classify – Where to Apply the Service Policy ?

This post represents the solution and explanation for quiz-23. The quiz shows a scenario where the network engineer has to configure Low Latency Queuing (LLQ) for some traffic that will be encrypted into an IPsec tunnel. This article presents QoS Pre-Classify and other solutions to the problem...

Recap – Cisco Live US 2014

I don’t think I’m going to give a direct review of Cisco Live US this year. The conference was great with lots of stuff going on, but I really can’t contribute any more than the vast library of other posts on the subject. What I will do, though, is give my take on where I think the conference is headed. These are all my thoughts and have little to do with reality in some cases.

Social Events Passes. My wife had one of these this year, and it worked very well for meatspace networking and seeing the sites. So did Bob. And many others. This was the trendy thing to do this year, and it was successful for sure. I didn’t hear a single “I wish I could have seen that session” at all thanks to everything being available online afterward. Next year, I predict that a good number of attendees in my circles will opt for the cheaper pass; I would say 40% or so of the group will do so. After all, we go to see people and exchange ideas. Traditional learning can come when you get home.

Host City. San Francisco’s a great city (as others say…not me) Continue reading

Mumble: A referral was returned from the server.

You may get A referral was returned from the server. when launching Digitally signed applications like Mumble on windows.

This is normally caused by the Digital Signature expiring. You can check

SDN fabric controller for commodity data center switches

Figure 1: Rise of merchant silicon

Figure 1 illustrates the rapid transition to merchant silicon among leading data center network vendors, including: Alcatel-Lucent, Arista, Cisco, Cumulus, Dell, Extreme, Juniper, Hewlett-Packard, and IBM.

This article will examine some of the factors leading to commoditization of network hardware and the role that software defined networking (SDN) plays in coordinating hardware resources to deliver increased network efficiency.

Figure 2: Fabric: A Retrospective on Evolving SDN

The article, Fabric: A Retrospective on Evolving SDN by Martin Casado, Teemu Koponen, Scott Shenker, and Amin Tootoonchian, makes the case for a two tier SDN architecture; comprising a smart edge and an efficient core.

Table 1: Edge vs Fabric Functionality

Virtualization and advances in the networking capability of x86 based servers are drivers behind this separation. Virtual machines are connected to each other and to the physical network using a software virtual switch. The software switch provides the flexibility to quickly develop and deploy advanced features like network virtualization, tenant isolation, distributed firewalls, etc. Network function virtualization (NFV) is moving firewall, load balancing, routing, etc. functions from dedicated appliances to virtual machines or embedding them within the virtual switches. The increased importance of network centric software has Continue reading

BGP Synchronization

The Basic Question >>Why an IGP is necessary to support IBGP and why SYNC is necessary b/w IGP and IBGP .

Lets take rule of SYNCHRONIZATION

A BGP router with synchronization enabled will not advertise its iBGP learned routes to its eBGP peers unless it has learned or verified this route on its routing table through an IGP.

In above Topology ,

R1 R2 R3 R4 are running OSPF as IGP

R1 and R2 are IBGP Peer

R1 R5 and R2 R6 are Ebgp peer respectively.

Lets Have the config of each router

======================================================================

CONFIGURATION

=====================R1=====================

int fas1/0
no sh
ip add 9.9.15.1 255.255.255.0
!
int fas0/0
no sh
ip add 9.9.14.1 255.255.255.0
!
int lo0
ip add 9.9.0.1 255.255.255.255
!
router ospf 9
router-id 9.9.0.1
network 9.9.14.1 0.0.0.0 area 0
network 9.9.0.1 0.0.0.0 area 0

=====================R2=====================

int fas1/0
no sh
ip add 9.9.26.2 255.255.255.0
!
int fas0/1
ip add 9.9.23.2 255.255.255.0
no sh
!
int lo0
ip Continue reading

NANOG 61 – My first!

I have been meaning to write a post about my upcoming NANOG 61 trip, just have not had the time to. Between Cisco Live, Kindergarten graduation, pool installation planning, and life – time was focused on other things. So, here is the post! I have been a member of the NANOG mailing list for a […]

« Previous 1 … 3,646 3,647 3,648 3,649 3,650 … 3,751 Next »