NetworkingNexus.net

Using Bro DNS Logging for Network Management

I was recently asked if someone in our desktop support group could get alerted when certain laptops connected to the corporate network. We have a lot of employees who work at industrial locations and rarely connect their machines to our internal networks, so the support group likes to take those rare opportunities to do management tasks that aren't otherwise automated.

The two mechanisms that came to mind for alerting on these events are DHCP address assignment, and DNS autoregistration. While we do send DHCP logs to a central archive, the process of alerting on a frequently changing list of hostnames would be somewhat cumbersome. I have been looking for ways to use Bro for network management tasks, so this seemed like a natural use case.

We already had Bro instances monitoring DNS traffic for two of our central DNS servers. I don't fully understand how Windows DNS autoregistration works, but from looking at the Bro logs, it appears that the DHCP server sends a DNS SOA query to the central DNS servers containing the hostname of the device to which it assigns a lease.

I wanted to learn how to use the input framework in Bro 2.2, so I Continue reading

Network Topologies

Resiliency of the networks is almost the most important design criterion which needs to be considered. Packets need to be reached to destination within the time expected by the application. Although too much redundancy will affect MTBF/MTTR curve directly and start to increase MTTR of the entire system, carefully designed network topologies will play a […]

Author information

Orhan Ergun

Orhan Ergun, CCIE, CCDE, is a network architect mostly focused on service providers, data centers, virtualization and security.

He has more than 10 years in IT, and has worked on many network design and deployment projects.

In addition, Orhan is a:

Blogger at Network Computing.
Blogger and podcaster at Packet Pushers.
Manager of Google CCDE Group.
On Twitter @OrhanErgunCCDE

The post Network Topologies appeared first on Packet Pushers Podcast and was written by Orhan Ergun.

IP/FRR and Centralized Control Planes

I’ve been spending some time in the last few months talking through various fast reroute systems – we’ve looked at one (unconventional!) view of P/Q space, an alternate way of explaining MRT, Not-Via, LFAs, and a few others. Now, let’s close this series by asking: How does all this relate to the “new wave’ of […]

Author information

Russ White

Principle Engineer at Ericsson

Russ White is a Network Architect who's scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, and done a lot of other stuff you either already know about, or don't really care about. You want numbers and letters? Okay: CCIE 2635, CCDE 2007:001, CCAr, BSIT, MSIT (Network Design & Architecture, Capella University), MACM (Biblical Literature, Shepherds Theological Seminary). Russ is a Principal Engineer in the IPOS Team at Ericsson, where he works on lots of different stuff, serves on the Routing Area Directorate at the IETF, and is a cochair of the Internet Society Advisory Council. Russ will be speaking in November at the Ericsson Technology Day. he recently published The Art of Network Architecture, is currently working on a new book in the Continue reading

TOP 5 Most Commented Quizzes in 2013

Hello and Welcome to my blog in 2014 !! I'll start this year by reviewing some of the most commented quizzes in the previous year. Read here to get the Top 5 most interesting quizzes in 2013.

Please Check Your Feed URLs – FeedBurner Is Dead To Us

We here at Packet Pushers used to use FeedBurner. It was a value-added RSS service that was eventually brought under Google’s mighty power. Sadly, as with Buzz and Wave, Google has killed FeedBurner. While the FeedBurner service is still limping along, we’re seeing unpredictable results. Even the 301 redirects Greg programmed a while back are […]

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 2M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Please Check Your Feed URLs – FeedBurner Is Dead To Us appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Packet Design Appoints Daniel Ley as SVP, Sales

Expands Management Team with New Executive Role Focused on Customer Success

AUSTIN, Texas — Jan. 7, 2014 — Packet Design, a provider of IP network route analytics software, has hired technology veteran Daniel Ley to lead global sales. Ley joins Packet Design from CA Technologies, where he led the North American Solution Sales team for the capacity management and Nimsoft Monitor products.

Previously, Ley served as vice president of worldwide sales at Hyperformix, and as director of sales for NetQoS, where he led teams in the North America, Asia Pacific and emerging markets. CA Technologies acquired both companies. Prior to NetQoS, he held various sales and sales management roles at Ward Davis, a networking products and services company. Ley began his career in avionics engineering and engineering management with Hughes Aircraft Company.

“Daniel Ley is a proven leader who excels in building high-performance sales teams,” said Scott Sherwood, CEO of Packet Design. “His strong technical background helps him understand the customer domain extremely well, and his focus on sales operations best practices leads to predictable revenue and growth.”

“Packet Design is planning for impressive new customer acquisition and revenue growth, and I look forward to leading this Continue reading

Libvirt – Intro and Basic Configuration

I’ve been hearing a lot about libvirt, so I figured I’d check it out, and see if I could play around with it in my own home lab. According to the wiki, libvirt is a ”collection of software that provides a convenient way to manage virtual machines and other virtualization functionality, such as storage and network interface management.” Okay that’s pretty cool - basically if I have a multi-hypervisor environment, I can build my operational policies around libvirt, so that no matter what hypervisor a workload is being instantiated on, the process is the same.

Libvirt – Intro and Basic Configuration

OpenDaylight

This article looks takes the DDoS example and repeats it using the OpenDaylight controller.

First install Open Daylight in the Mininet testbed.

$ wget https://jenkins.opendaylight.org/controller/job/controller-merge/lastSuccessfulBuild/artifact/opendaylight/distribution/opendaylight/target/distribution.opendaylight-osgipackage.zip
unzip distribution.opendaylight-osgipackage.zip

Next start Mininet.

sudo mn --topo single,3 --controller=remote,ip=127.0.0.1

Enable sFlow on the switch:

sudo ovs-vsctl -- --id=@sflow create sflow agent=eth0  target="127.0.0.1:6343" sampling=10 polling=20 -- -- set bridge s1 sflow=@sflow

Start OpenDaylight.

cd opendaylight
./run.sh

Confirm that the controller is running and has discovered the switch by connecting a browser to port 8080 on the testbed - the screen shot at the start of the article shows the OpenDaylight Devices tab with the switch 00:00:00:00:00:00:00:01 shown in the Nodes Learned list and in the map (the default credentials to log into the OpenDaylight interface are User:admin, Password:admin).

The following sFlow-RT script modified the original to use the OpenDaylight Flow Programmer REST API to push OpenFlow rules to the switch.

include('extras/json2.js');

var flowkeys = 'ipsource';
var value = 'frames';
var filter = 'outputifindex!=discard&direction=ingress&sourcegroup=external';
var threshold = 1000;
var groups = {'external':['0.0.0.0/0'],'internal':['10.0.0.2/32']};

var metricName = 'ddos';
var controls = {};
var enabled = true;
var  Continue reading

2013 Was A Good Year

Happy new year everyone. I think 2014 will be quite an interesting year for the industry. 2013 certainly was for me, at least professionally and personally. I tried twice to get my CCIE DC, didn’t pass. I did, however, obtain my CCNP Data Center. I also learn a whole bunch of new skills. Here’s a quick clip show (and yes, there are shots of me skydiving in a Star Trek TNG Uniform).

New Year Resolution: Code Cleanup

I enjoyed Ethan Banks' post on New Year's Thoughts: Start with Documentation, so I thought I'd write about what I'm doing this week: code cleanup. Over the last couple of years I've written a decent amount of code to automate mundane network management tasks. As quick one-off hacks have turned into things that I actually depend on, I've noticed a lot of ugliness that I want to fix.

Everything here is assuming Python as the language of choice:

For scripts that send email, check to make sure the list of mail receivers is up-to-date.
Look for those nasty embedded IP addresses and replace them with DNS names.
Change from old-style open(FILE)/close(FILE) constructs to with open(FILE) as f constructs.
Get rid of "pickles" for persistent structured data storage. Pickles are a form of native Python object serialization that are quick and convenient, but have a lot of potential problems. I've mostly used Python's native SQLite3 library to store data in simple persistent databases, but occasionally I just use plain text files.
Look for repetitive code in the main script logic and try to move it into functions or classes where possible. For example, I had several scripts that were building Continue reading

DMVPN animation

Here is an interactive animation of DMVPN (Dynamic Multipoint VPN), followed by a detailed offline lab (a snapshot of the topology under test with hopefully all commands needed for analysis and study). Finally, check your understanding of the fundamental concepts by taking a small quiz. Studied topology: Animation Offline Lab You might consider the following […]

Running around HTTP firewalls

When I was in 6th form and I wanted to get SSH access to my own systems I had quite a few issues doing so, Since port 22 was blocked and just about every other port was, For the first year that was fine however since

Playing with the new HP SDN Controller – including getting started guide with Open vSwitch in GNS3

For best article visual quality, open Playing with the new HP SDN Controller – including getting started guide with Open vSwitch in GNS3 directly at NetworkGeekStuff.

So, HP has made one if its significant moves last November (2013) with the first public release of their OpenFlow based SDN VAN Controller 2.0. And because you can download it for free in 60 day trial as an ubuntu package, I wanted to create a nice environment for myself where I can play with it and some OpenFlow enabled switches effectively. This I achieved using the good old GNS3 simulator and importing VirtualBox linux hosts there, one for the SDN controller running on ubuntu system, and several small debian systems running Open vSwitch that will act as OpenFlow SDN switches.

Target solution of this GUIDE:

So lets make this article organized, first what is our target. We want to have two VirtualBox systems ready:

Ubuntu with HP SDN Controller 2.0 installed
Open vSwitch in OpenFlow mode running on debian (controlled by the HP SDN controller)

And we want it all inside GNS3 to be able to play in virtual environment anytime. The two cisco router are actually only simulating end PCs Continue reading

The NSA, surveillance, and Call Records

First off, let me be very clear. I do *not* condone placing backdoors into critical infrastructure such as firewalls and routers. This post is about the packets themselves, and capturing only what is legally allowed. I believe the NSA has the legal right (and the mandate) to do much of what they are currently doing, […]

Author information

Ken Matlock

Ken Matlock is a networking veteran of 19 years. He has worked in many fields in the networking industry including Service Provider, Retail, and Healthcare. When he's not fixing the problems of the networking world, he can be found studying for his CCIE, spending time with his family, and trying to chase the ever-elusive sleep.

He can be found on twitter @KenMatlock , email at [email protected] , irc.freenode.net #PacketPushers, or the occasional blog or forum post.

The post The NSA, surveillance, and Call Records appeared first on Packet Pushers Podcast and was written by Ken Matlock.

Show 174 – War Stories From the Hot Aisle: The Nightmare Before Christmas, Part 2

“Everything is down! The whole network!! RUN AWAY, RUN AWAY!” Yes, we’ve all had those terrible days in networking, where no one can get to anything & it’s all up to you to get it fixed. At least management is there to help, stomping their feet, making demands, and whining about the dollars lost per […]

Author information

Ethan Banks

Co-host at Packet Pushers

The post Show 174 – War Stories From the Hot Aisle: The Nightmare Before Christmas, Part 2 appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Maximally Redundant Trees

We’ve come almost to the end of our little series on fast reroute; in this episode we’ll look at maximally redundant trees (MRTs) — this episode is going to be a little “graphy,” so get your seatbelts on. The general idea behind IP fast reroute is to precalculate a set of alternate paths that can […]

Author information

Russ White

Principle Engineer at Ericsson

2013 Recap and 2014 Goals

Wow - this one snuck up on me. Seriously, when I think of how 2013 went, I’m amazed at how much happened this year but also how fast it flew by. As per the tradition I started last year, I thought it prudent to write a post summarizing how terribly I was able to forecast 2013 in terms of personal goals, and make another feeble attempt at planning out 2014.

2013 Recap and 2014 Goals

« Previous 1 … 3,772 3,773 3,774 3,775 3,776 … 3,849 Next »