0

Juniper Branch SRX LACP Weirdness

Juniper SRX 300 Series firewalls may stop forwarding traffic in some situations. The firewall says it is forwarding the traffic, but it doesn’t work. Monitoring traffic looks OK, ARP entries are present, but traffic never gets to the destination, until you clear ARP. Turns out the problem comes from using LACP with fast timers and active mode. Luckily the fix is simple.

Alert: Firewall Offline

Here’s the situation we saw: Our NMS reported a Juniper SRX320 offline. All other devices at the site were still working, but the firewall was unreachable. Traffic from the firewall to the NMS goes via the firewall’s default gateway. Firewall A in this diagram was unreachable, but Firewall B was fine.

OK, what’s happening? Why is my firewall unreachable?

Firewall says its fine?

Try to ping Firewall A, no response. From the default gateway, we can see an ARP entry for the firewall, but no response to ping. We can log in to Firewall B, and we see an ARP entry for Firewall A. Crucially: we can ping Firewall A from Firewall B. Hmmm. That’s strange. Why can we ping it from one locally connected device but not another?

From Firewall B, we SSH across Continue reading

0

Untangle Rolls Out Predictive Routing to SD-WAN Router

The technology is designed to translate information from packet headers, out of band information,...

Read More »

0

WiFi 6 Feeds Need for Speed With 5X Spectrum Boost

It’s the largest swath of spectrum allocated for WiFi since 1989, and it comes as WiFi 6 begins...

Read More »

0

Daily Roundup: AT&T Selects Stankey as New CEO

AT&T selected Stankey as new CEO; Verizon claimed its 5G is COVID-19 proof; and Intel posted...

Read More »

0

Heavy Networking 513: How The Internet Is Handling The Covid-19 Load

Today's Heavy Networking looks at the impact of Covid-19 on Internet usage and capacity with two guests who have front-row views: Neil McRae, Senior Leader at British Telecom; and Dave Temkin, VP of Infrastructure at Netflix.

0

Heavy Networking 513: How The Internet Is Handling The Covid-19 Load

Today's Heavy Networking looks at the impact of Covid-19 on Internet usage and capacity with two guests who have front-row views: Neil McRae, Senior Leader at British Telecom; and Dave Temkin, VP of Infrastructure at Netflix.

The post Heavy Networking 513: How The Internet Is Handling The Covid-19 Load appeared first on Packet Pushers.

0

One Supercomputer’s HPC And AI Battle Against The Coronavirus

Normally, supercomputers installed at academic and national laboratories get configured once, acquired as quickly as possible before the money runs out, installed and tested, qualified for use, and put to work for a four or five or possibly longer tour of duty. …

One Supercomputer’s HPC And AI Battle Against The Coronavirus was written by Timothy Prickett Morgan at The Next Platform.

0

Intel Posts Strong Q1 Earnings, Warns of Q2 Headwinds

Despite pandemic related challenges, Intel reported revenues of $19.8 billion for the quarter, up...

Read More »

0

Verizon Claims 5G Plans Immune to COVID-19

Verizon’s 5G network was live in 34 U.S. cities at the end of the quarter, and CEO Hans Vestberg...

Read More »

0

AT&T CEO Shake Up Sees Stephenson Out, Stankey In

The move comes on the heels of AT&T’s most recent quarterly earnings release that was...

Read More »

0

Blessay: Coin-Operated Evangelism

This article was first published in Packet Pushers Human Infrastructure Magazine. An email newsletter that talks about being a human in technology. You can subscribe, for free here.  I struggle with the concept of ‘corporate evangelism’.  So here are some thoughts on the topic.  Religious Roots Evangelism is a religious principle that your belief is […]

The post Blessay: Coin-Operated Evangelism appeared first on EtherealMind.

0

Eventually Secure?

I have a Disney+ account. I have kids and I like Star Wars, so it made sense. I got it all set up the day it came out and started binge watching the Mandalorian. However, in my haste to get things up and running I reused an old password instead of practicing good hygiene. As the titular character might scold me, “This is not the way.” I didn’t think anything about it until I got a notification that someone from New Jersey logged into my account.

I panicked and reset my password like a good security person should have done in the first place. I waited for the usual complaints that people had been logged out of the app and prepared to log everyone in again and figure out how to remove my New Jersey interloper. Imagine my surprise when no one came to ask me to turn Phineas and Ferb back on. Imagine my further surprise when I looked in the app and on the Disney+ website and couldn’t find a way to see which devices were logged in to this account. Nor could I find a way to disconnect a rogue device as I could with Netflix Continue reading

0

Monitoring DDoS mitigation

Real-time DDoS mitigation using BGP RTBH and FlowSpec and Pushing BGP Flowspec rules to multiple routers describe how to deploy the ddos-protect application. This article focuses on how to monitor DDoS activity and control actions.

The diagram shows the elements of the solution. Routers stream standard sFlow telemetry to an instance of the sFlow-RT real-time analytics engine running the ddos-protect application. The instant a DDoS attack is detected, RTBH and / or Flowspec actions are pushed via BGP to the routers to mitigate the attack. Key metrics are published using the Prometheus exporter format over HTTP and events are sent using the standard syslog protocol.
The sFlow-RT DDoS Protect dashboard, shown above, makes use of the Prometheus time series database and the Grafana metrics visualization tool to track DDoS attack mitigation actions.
The sFlow-RT Countries and Networks dashboard, shown above, breaks down traffic by origin network and country to provide an indication of the source of attacks.  Flow metrics with Prometheus and Grafana describes how to build additional dashboards to provide additional insight into network traffic.
In this example, syslog events are directed to an Elasticsearch, Logstash, and Kibana (ELK) stack where they are archived, queried, and analyzed. Grafana Continue reading

0

Apple Dictionary Order

The right order for Apple Dictionaries in the app

The post Apple Dictionary Order appeared first on EtherealMind.

0

Stream Firewall Events directly to your SIEM

The highest trafficked sites using Cloudflare receive billions of requests per day. But only about 5% of those requests typically trigger security rules, whether they be “managed” rules such as our WAF and DDoS protections, or custom rules such as those configured by customers using our powerful Firewall Rules and Rate Limiting engines.

When enforcement is taken on a request that interrupts the flow of malicious traffic, a Firewall Event is logged with detail about the request including which rule triggered us to take action and what action we took, e.g., challenged or blocked outright.

Previously, if you wanted to ingest all of these events into your SIEM or logging platform, you had to take the whole firehose of requests—good and bad—and then filter them client side. If you’re paying by the log line or scaling your own storage solution, this cost can add up quickly. And if you have a security team monitoring logs, they’re being sent a lot of extraneous data to sift through before determining what needs their attention most.

As of today, customers using Cloudflare Logs can create Logpush jobs that send only Firewall Events. These events arrive much faster than our existing HTTP Continue reading

0

Overlay Networking with Ouroboros on Software Gone Wild

This podcast introduction was written by Nick Buraglio, the host of today’s podcast.

---

As private overlays are becoming more and more prevalent and as SD-WAN systems and technologies advance, it remains critical that we continue to investigate how we think about internetworking. Even with platforms such as Slack Nebula, Zerotier, or the wireguard based TailScale becoming a mainstream staple of many businesses, the question of “what is next” is being asked by an ambitious group of researchers.

0

Pandemic Compute Needs Drive Intel’s Data Center Group

The first half of last year was relatively weak for Intel’s Data Center Group last year, but despite the coronavirus pandemic – and in some cases, we think because of it – the world’s largest datacenter chip manufacturer is looking to not only have a good first quarter, as it just turned in, but could see growth across its various data-centric businesses well into the second half of the year. …

Pandemic Compute Needs Drive Intel’s Data Center Group was written by Timothy Prickett Morgan at The Next Platform.

0

Setting up etcd with etcdadm

I’ve written a few different posts on setting up etcd. There’s this one on bootstrapping a TLS-secured etcd cluster with kubeadm, and there’s this one about using kubeadm to run an etcd cluster as static Pods. There’s also this one about using kubeadm to run etcd with containerd. In this article, I’ll provide yet another way of setting up a “best practices” etcd cluster, this time using a tool named etcdadm.

etcdadm is an open source project, originally started by Platform9 (here’s the blog post announcing the project being open sourced). As the README in the GitHub repository mentions, the user experience for etcdadm “is inspired by kubeadm.”

Getting etcdadm

The instructions in the repository indicate that you can use go get -u sigs.k8s.io/etcdadm, but I ran into problems with that approach (using Go 1.14). At the suggestion of the one of the maintainers, I also tried Go 1.12, but it failed both on my main Ubuntu laptop as well as on a clean Ubuntu VM. However, running make etcdadm in a clone of the repository worked, and one of the maintainers indicated the documentation will be updated to reflect this approach Continue reading

0

Announcing the DockerCon LIVE 2020 Speakers

After receiving many excellent CFP submissions, we are thrilled to finally announce the first round of speakers for DockerCon LIVE on May 28th starting at 9am PT / GMT-7. Check out the agenda here.

In order to maximize the opportunity to connect with speakers and learn from their experience, talks are pre-recorded and speakers are available for live Q&A for their whole session. From best practices and how tos to new product features and use cases; from technical deep dives to open source projects in action, there are a lot of great sessions to choose from, like:

In Continue reading

0

Daily Roundup: Deutsche Telekom, Vodafone Embrace 5G DSS

Deutsche Telekom, Vodafone Germany embraced 5G DSS; Edgewise Networks CEO shared security-related...

Read More »