Configuring the HP MSR930 for BT Infinity

After trying in vain to make my BT Home Hub 3 work as a Proper Router™ for my home lab I decided to take the plunge and get something better. Seeing as I work at HP, I thought I’d try the HP MSR 930

First step is to get your Fundamentals configured. The config below is a snippet from my configuration. This will enable SSH, SFTP, and HTTPS access from local IP addresses only.

sysname <Your Hostname>
#
# Change some web timeouts
#
web https-authorization mode auto
web idle-timeout 3
#
# ACL for Local Access
#
acl number 2000
 description *** Local Only ***
 rule 0 permit source 192.168.1.0 0.0.0.255
 rule 5 permit source 10.0.0.0 0.255.255.255
#
# Secure Web Interface
#
undo ip http enable
ip https enable
ip https port 443
ip https acl 2000
#
# SSH Setup
#
ssh server enable
ssh server authentication-timeout 10
sftp server enable
#
# Restrict VTY to SSH from Local IP's
#
user-interface vty 0 4
 acl 2000 in
 authentication-mode scheme
 protocol inbound ssh

Once we have our fundamentals done, we can get our firewall ready. Continue reading

Learning though experimentation and breaking things

Lifehacker suggested“Learning to Code by Breaking Someone Else’s Code” and I wanted to share my personal experiences with this method….

The DOS era

When I was young, 7ish, my parents bought a Packard Bell 486 machine (a DX with goofy speakers that hook on the side of the monitor IIRC). It was supposed to be for school, but as far as I was concerned it was for playing games! While the PC ran Windows 3.11, all of my games ran on DOS. DOS, as many of you probably know, has no UI, so in order to install or run a game you were at the mercy of the manual. Typically, the manual would instruct you to “cd” to a removable disk drive and run an “.exe”. This taught me some basic DOS and that an “exe” was an application that I could run.

Sound, Joysticks, IRQ and DMA

Upon running the “exe” in DOS you would be lucky if the game would run correctly first time. Sometimes you would have graphics issues, other times no sound and sometimes your joystick wouldn’t work. To get a game to work you had to select the correct drivers for graphics Continue reading

Tech Field Day Round Table at Cisco ACI Launch

I was honored to be part of a round table discussion held at the Cisco ACI launch with a lot of smart folks. I recommend a watch, we got into some really cool topics, and helped create the framework for some future blog posts of mine. For more on Tech Field Day, head over to TechFieldDay.com I attended the Cisco ACI launch event as a Tech Field Day delegate.

Tech Field Day Round Table at Cisco ACI Launch

I was honored to be part of a round table discussion held at the Cisco ACI launch with a lot of smart folks. I recommend a watch, we got into some really cool topics, and helped create the framework for some future blog posts of mine. For more on Tech Field Day, head over to TechFieldDay.com I attended the Cisco ACI launch event as a Tech Field Day delegate.

Making JSON more Readable with Sublime Text

I saw Scott Lowe’s post on how he is making JSON more readable in BBEdit and I thought I’d share how I’m doing this in Sublime Text.

If you aren’t using Package Control, you should be, so install it using the instructions here.

Open the prompt with ^⌘P then type Install and press Enter Then type Pretty JSON and press enter on more time.

Then to make your JSON pretty, you can simply ^⌘J or ^⌘P and type pretty

F5 Networks iRule Event Order – HTTP

I hit an issue recently where I thought I knew what was what but found myself doubting my knowledge. To that end, here’s a diagram detailing the iRule event order where HTTP traffic is concerned – I’ll follow up shortly with one for HTTPS flows. I’d be grateful to any F5’ers out there that can […]

Author information

Steven Iveson

Steven Iveson

Steven Iveson, the last of four children of the seventies, was born in London and has never been too far from a shooting, bombing or riot. He's now grateful to live in a small town in East Yorkshire in the north east of England with his wife Sam and their four children.

He's worked in the IT industry for over 15 years in a variety of roles, predominantly in data centre environments. Working with switches and routers pretty much from the start he now also has a thirst for application delivery, SDN, virtualisation and related products and technologies. He's published a number of F5 Networks related books and is a regular contributor at DevCentral.

TwitterLinkedIn

The post F5 Networks iRule Event Order – HTTP appeared first on Packet Pushers Podcast and was written by Steven Iveson.

ACI Launch

Tech Field Day brought me to the Cisco Application Centric Infrastructure launch event last week in New York. I attended at someone else's expense, but that doesn't mean my opinions are for sale, etc...

If you're totally unfamiliar with ACI (formerly Insieme), I recommend listening to Episode 12 of the Class C Block podcast with guest Joe Onisick. This was far more informative than anything I encountered at the actual launch event, probably because the Tech Field Day crew went straight from the John Chambers presentation into a room where we recorded a roundtable discussion. There may have been some technical discussion going on next door, but I missed it.

There's no shortage of people expressing opinions about ACI and what it will or won't do for you, most of whom have beaten me to the punch by several days. I'm going to post instead about a few details of the launch that I found interesting.

Defining Policy Might Not Be Easy
ACI requires that applications (really application owners) express to it the relationships between nodes before any traffic is allowed to flow. There are countless ways this might happen, but they all boil down to figuring out which ports Continue reading

On IPSec complexity – maybe AWS VPC’s IPSec will emerge as a de-facto standard

Here is a delayed reaction to the posts about IPSec complexity by Jason Edelman and Ivan Pepelnjak last month. AWS might give us decent IPSec ‘standard’ to rally around. There has been plenty of discussion of the past few years about whether it’s a good idea for providers and orchestration stacks to adopt the AWS APIs. There’s no need to […]

Author information

Nik Weidenbacher

Nik Weidenbacher

Nik has been into linux, networking and software development for the past couple of decades. He's been working for a service provider for a long time, and in recent years has been doing a lot with data center automation (the buzzword-enhanced version of that being "cloud orchestration").

The post On IPSec complexity – maybe AWS VPC’s IPSec will emerge as a de-facto standard appeared first on Packet Pushers Podcast and was written by Nik Weidenbacher.

Show 167 – Cisco ACI Software Defined Networking – A First Look

Ethan and Greg got together to talk over the Cisco Application Centric Infrastructure (ACI) announcement this week. From the information that we have available to us, we look at some of the early concepts and technology that we know about. 40 GB BiDir optics and what it means for data centre design Nexus 9000 hardware […]

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+

The post Show 167 – Cisco ACI Software Defined Networking – A First Look appeared first on Packet Pushers Podcast and was written by Greg Ferro.

Packet Design CTO to Discuss SDN Management Challenges

Session to cover need for route analytics to facilitate SDN across wide area networks

SANTA CLARA, Calif. – Nov. 11, 2013 – Packet Design CTO Cengiz Alaettinoglu will conduct a technical session during the 16th annual MPLS/SDN 2013 International Conference about how route analytics can address software defined networking (SDN) management challenges. Specifically, he will introduce the need for a network access broker to verify if the wide area network (WAN) can handle the traffic demands of SDN applications without impacting other applications adversely.

Session Title: “Challenges in Operating a Software Defined Network: How Route Analytics Alleviates the Risks”

Session Description: Northbound SDN APIs allow creation of network-aware applications. Cloud and data center applications have successfully taken advantage of these APIs to provide seamless virtual machine mobility and elasticity. However, these applications are unaware of whether or not the underlying WAN can provide acceptable performance.

Technology vendors have toyed with bandwidth on demand, demand placement and rapid provisioning as SDN applications for carriers. The ability to provide performance guarantees for these applications as well as cloud applications requires deep understanding of underlying real-time network topology and traffic demands. Route analytics is the state-of-the-art-technology needed to provide this information.

In this presentation, Cengiz will Continue reading

Cisco ACI: As The Dust Settles

So, the industry is sufficiently abuzz about the Cisco ACI launch last week, and the stats on my introductory series I wrote tells me that, like it or not, this is having a pretty big impact. The focus on the application is clearly the right approach - all of this talk about SDN and network virtualization is taking place because the current network model’s complexity results in bad kluges and long provisioning times, and the applications folks are always waiting on the network to respond.

Cisco ACI: As The Dust Settles

So, the industry is sufficiently abuzz about the Cisco ACI launch last week, and the stats on my introductory series I wrote tells me that, like it or not, this is having a pretty big impact. The focus on the application is clearly the right approach - all of this talk about SDN and network virtualization is taking place because the current network model’s complexity results in bad kluges and long provisioning times, and the applications folks are always waiting on the network to respond.

Install Open vSwitch v2 from Source on Red Hat Fedora 19

This is a walk through for installing Open vSwitch v2.0+ on RedHat Fedora 19 from source. If you want to build Open vSwitch from RPM binaries please see this post There are some new OVS tables included in the latest builds that include some neat concepts. OVS is often regarded as the SDN reference data plane implementation in the early ...

...

Who Uses Google’s DNS?

Much has been said about how Google uses the services they provide, including their mail service, their office productivity tools, file storage and similar services, as a means of gathering an accurate profile of each individual user of their services. The company has made a very successful business out of measuring users, and selling those metrics to advertisers. But can we measure Google as they undertake this activity? How many users avail themselves of their services? Perhaps that's a little ambitious at this stage, so maybe a slightly smaller scale may be better, so let's just look at one Google service. Can we measure how many folk use Google's Public DNS Service?

Handy Tshark Expressions

Tshark is the CLI version of Wireshark, and it's amazing. I'm going to start collecting some of my favorite tshark one-liners here. Check back often.

Find All Unique Filenames Referenced in SMB2
tshark -r file.pcap -Tfields -e ip.src -e ip.dst -e text smb2 | grep -oP "GUID handle File: .*?," | sort | uniq | awk -F: '{print $2}' | sed 's/,//'

Notes:
You don't actually need to include the ip.src and ip.dst fields, since they're not extracted by the grep command. I include them in case I want to do an ad-hoc grep for an IP address during the analysis process. Another way to do the same thing would be to modify the display filter to look only for certain addresses, e.g.:

tshark -r file.pcap -Tfields -e text smb2 and ip.addr==1.1.1.1 | grep -oP "GUID handle File: .*?," | sort | uniq | awk -F: '{print $2}' | sed 's/,//'
1 3,801 3,802 3,803 3,804 3,805 3,872