Andrisoft Wanguard: Cost-Effective Network Visibility

Andrisoft Wansight and Wanguard are tools for network traffic monitoring, visibility, anomaly detection and response. I’ve used them, and think that they do a good job, for a reasonable price.

Wanguard Overview

There are two flavours to what Andrisoft does: Wansight for network traffic monitoring, and Wanguard for monitoring and response. They both use the same underlying components, the main difference is that Wanguard can actively respond to anomalies (DDoS, etc).

Andrisoft monitors traffic in several ways – it can do flow monitoring using NetFlow/sFlow/IPFIX, or it can work in inline mode, and do full packet inspection. Once everything is setup, all configuration and reporting is done from a console. This can be on the same server as you’re using for flow collection, or you can use a distributed setup.

The software is released as packages that can run on pretty much any mainstream Linux distro. It can run on a VM or on physical hardware. If you’re processing a lot of data, you will need plenty of RAM and good disk. VMs are fine for this, provided you have the right underlying resources. Don’t listen to those who still cling to their physical boxes. They lost.

Anomaly Detection

You Continue reading

Lessons Learned from Deploying Multicast

Lately I have been working a lot with multicast, which is fun and challenging! Even if you have a good understanding of multicast unless you work on it a lot there may be some concepts that fall out of memory or that you only run into in real life and not in the lab. Here is a summary of some things I’ve noticed so far.

PIM Register

PIM Register are control plane messages sent from the First Hop Router (FHR) towards the Rendezvous Point (RP). These are unicast messages encapsulating the multicast from the multicast source. There are some considerations here, firstly because these packets are sent from the FHR control plane to the RP control plane, they are not subject to any access list configured outbound on the FHR. I had a situation where I wanted to route the multicast locally but not send it outbound.

Even if the ACL was successful, care would have to be taken to not break the control plane between the FHR and the RP or all multicast traffic for the group would be at jeopardy.

The PIM Register messages are control plane messages, this means that the RP has to process them Continue reading

SDN, Network Virtualization and Hypervisors

Packet Pushers sponsor Pluribus Networks sent along Robert Drost to bring us this blog post. He’s a pretty interesting guy. Robert Drost was a Sr. Distinguished Engineer and Director of Advanced Hardware at Sun Microsystems. Robert has extensive hardware experience, including over 90 patents and a 17 year career in high-performance computing systems. Among other recognitions, […]

Author information

Sponsored Blog Posts

The Packet Pushers work with our vendors to present a limited number of sponsored blog posts to our community. This is one. If you're a vendor and think you have some blog content you'd like to sponsor, contact us via [email protected].

The post SDN, Network Virtualization and Hypervisors appeared first on Packet Pushers Podcast and was written by Sponsored Blog Posts.

Network Management Should Be Way Easier

End-Of-Sale date announced for various Cisco IPS’s

SDN Jobs Vs. Traditional Jobs, 3QCY14

Are the number of #SDN jobs catching up to traditional networking skills, for instance, for jobs that require OSPF skills? Today’s post wraps this short series about the SDN job market in the 3^rd quarter of 2014, with a comparison of the number of SDN jobs versus other search terms. Other posts in the series for this quarter:

• SDN Job Report – Methods
• SDN Job Report – 3QCY14 Numbers

I Wanted to Know, and Thought You Might as Well

Let’s say the SDN numbers show us 25 new jobs/week in the US. Is that a lot? Not many? I have no idea. So I pondered how we could get some perspective, with just a little effort (translated: only a little time and money). The solution seemed obvious: track some traditional networking terms with the same kinds of searches that we were already tracking with “SDN”.

So, we’ve been tracking a few other terms for a while now:

• CCIE
• CCNP
• OSPF

Note that we didn’t track for each type of CCIE or CCNP, but simply that single term. So our data counts any and every job with CCIE in the title or description, and another counter for CCNP.

However, Continue reading

Source-Driven Configuration for NetOps

I mentioned in a previous post that version control is an important component of efficiently managing network infrastructure. I’m going to take is a step further than what most are doing with RANCID, which is traditionally used at the end of a workflow (gathering running config diffs) and show you what it’s like to start with version controlled configuration artifacts, specifically using Ansible’s “template” module.

I’m not going to discuss how you get the resulting configurations actually running on your network devices – that is best saved for another post. This is more focused on using version control and review workflows to initiate what will eventually turn into a networking-centric CI pipeline.

Config Review and Versioning with Gerrit

Let’s say you are the Senior Network Engineer for your entire company, which boasts a huge network. You don’t have time to touch every device, so you have a team of junior-level network engineers that help you out with move/add/change kinds of tasks. You’ve already moved your configurations into Jinja2 templates, and have created an Ansible role that takes care of moving configuration variables into a rendered Continue reading

Teambuilding. Whisky Tango Foxtrot? Check.

If you’ve ever done a network audit or a stock inventory check, you’ll know that it is possible one of the most boring activities you could possibly undertake, unless the stock you’re checking is particular salacious, I suppose. Certainly it’s … Continue reading →

If you liked this post, please do click through to the source at Teambuilding. Whisky Tango Foxtrot? Check. and give me a share/like. Thank you!

Leading Disruption

My entire career has been spent finding disruption and cultivating the technologies needed to convert that disruption into real business value for customers. It is with that objective in mind that I am thrilled to join the Plexxi team as Chief Executive Officer, alongside my good friend and colleague Dave Husak, who will lead our product development efforts.

We are in a unique moment in time, with massive technological and business model changes underway in parallel. Everything we know about compute, storage, networking, and applications is in transformation. Changes like this have not occurred in over twenty years. And change of this magnitude breeds opportunity.

My decision to join Plexxi was actually many months in the making. In my previous job leading EMC’s Unified Storage Division, I drove over $30B in revenue during my tenure with over 2000 people in the global organizational for which I was responsible. In that role, I had a fairly unique vantage point of the IT industry as a whole. I certainly spent time viewing the landscape from my position within a major infrastructure manufacturer. But I also got to engage with channel and technology partners across the entire IT spectrum to see how they Continue reading

The Degree or the Certification: Learn to See

This week I was reading through various RSS feeds, and ran across a couple that fell within the scope of last week’s topic. So, rather than moving on to more practical concerns, as I had planned to do — well, I thought I should respond to some common lines of thinking.

First of all, the IT space is in constant change, and the speed of change is just increasing. That change manifests itself in new technologies coming about, and new processes associated with the technologies. Secondly is work experience: What you’ve done in the past is not necessarily useful for the future. Like in the financial realm, where it’s recognized that past performance is no guarantee of future performance, it’s also true in the work environment. When you look at past experience, it’s already dated, from a technology perspective. -IT Business Edge

Now, I’m not one to argue with the idea that the IT world is always changing. Certainly new technologies come, and old technologies go. As the saying goes, legacy just means what you’re currently installing. And certainly there will always be a need to learn the new language, the new command line, the new hardware choices, the Continue reading

Automated Network Diagrams with Schprokits & AutoNetkit

SDN Jobs Vs. Traditional Jobs, 3QCY14

Are the number of #SDN jobs catching up to traditional networking skills, for instance, for jobs that require OSPF skills? Today’s post wraps this short series about the SDN job market in the 3^rd quarter of 2014, with a comparison of the number of SDN jobs versus other search terms. Other posts in the series for this quarter:

• SDN Job Report – Methods
• SDN Job Report – 3QCY14 Numbers

I Wanted to Know, and Thought You Might as Well

Let’s say the SDN numbers show us 25 new jobs/week in the US. Is that a lot? Not many? I have no idea. So I pondered how we could get some perspective, with just a little effort (translated: only a little time and money). The solution seemed obvious: track some traditional networking terms with the same kinds of searches that we were already tracking with “SDN”.

So, we’ve been tracking a few other terms for a while now:

• CCIE
• CCNP
• OSPF

Note that we didn’t track for each type of CCIE or CCNP, but simply that single term. So our data counts any and every job with CCIE in the title or description, and another counter for CCNP.

However, Continue reading

The Routing Resilience Manifesto

If you run BGP in your network, you need to think about BGP security. It might not seem like it’s important if you’re not a provider, but two points to consider: First, if you’re connected to the Internet, making certain your little corner of the Internet is secure is important Second, no matter where you […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. He recently published The Art of Network Architecture, is currently working on a new book in the area of network complexity with Addison Wesley, a book on innovation from Continue reading

Handling the Bottom of MPLS Stack

MPLS bottom-of-stack bit confused one of my readers. In particular, he had a problem with the part where the egress MPLS Label Switch Router (LSR) should go from labeled (MPLS) to unlabeled (IPv4, IPv6) packets and has to figure out what’s in the packet.

Source-Driven Configuration for NetOps

Source-Driven Configuration for NetOps

The Paris OpenStack Summit

I had the opportunity to attend last week’s OpenStack summit. With 4500 attendees, it clearly demonstrates that OpenStack is the clear mindshare leader for organizations interested in building cloud infrastructure. It is also significant to note that approximately half of the participants came from Europe which demonstrates that the “Old World” is not far behind the “New” when it comes to the desire to adopt cloud technology.

Parallel to the summit, the OpenContrail community organized both a user group meeting as well as an Advisory Board meeting. Both of these events ended up focusing the discussion in operations. While the user group presentations typically started with a description of the goals of the project most of the discussion in the room focused on topics such as automating and documenting deployment, provisioning, software upgrades and troubleshooting.

As a software developer, one often tends to focus on expanding the feature set. In both of these events there was a clear message that the user community takes reliability, scale and performance as the main reasons they adopted OpenContrail but is grappling with operational aspects. This means in one hand that testing, specifically unit testing of each component, is absolutly key is maintaining users Continue reading

Non-Functional Requirements

I’m currently reading and enjoying “The Practice of Cloud System Administration.” It doesn’t go into great depth in any one area, but it covers a range of design patterns and implementation considerations for large-scale systems. It works for two audiences: A primer for junior engineers who need a broad overview, or as a reference for more experienced engineers. It doesn’t cover all the implementation specifics, nor should it: it would date very quickly if it tried.

I’ve long disliked the term “non-functional requirements,” so I enjoyed this passage:

Rather than the term “operational requirements,” some organizations use the term “non-functional requirements.” We consider this term misleading. While these features are not directly responsible for the function of the application or service, the term “non-functional” implies that these features do not have a function. A service cannot exist without the support of these features; they are essential.

It is all the fashion today to separate requirements into ‘functional’ and ‘non-functional,’ but the authors are right to point out that this can be misleading. Perhaps it’s the old Operations Engineer in me, but if a product doesn’t have things like Backup & Restore, or Configuration Management, then it’s a Continue reading

Network Break 20

This week we walk through the news of the week (there wasn't much).

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Network Break 20 appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Forming a Thought Process for Troubleshooting

Periodically, I get a message from someone asking for troubleshooting help. The most recent of these went something like the following (paraphrasing)–

I have the following routers, R1 through R5, and I cannot ping R5 from R1. Please tell me what the problem is.

In these cases, I could review the configuration or import them into my lab. Inevitably, that might solve the problem for the individual. However, it doesn’t really help the individual solve problems in the future. I prefer to try to help others think through the problem and reach the solution on their own.

Given the symptom of R1 not being able to ping R5, what could that mean? My initial thoughts are–

1. R1 isn’t producing packets destined to R5
2. R5 isn’t producing packets destined to R1
3. One of the routers between R1 and R5 doesn’t know how to reach R5
4. One of the routers between R5 and R1 doesn’t know how to reach R1
5. Traffic is being filtered somewhere along the way

The first step in troubleshooting this is to understand that there should be two flows being produced. The first flow is a series of echo requests from R1 to R5 and the other flow is a Continue reading