Networking Archive

It is undeniable if you read the news these days – many enterprises are moving data centers applications to the public cloud. In my experience, many security organizations aren’t prepared for the fundamental shift in security models that comes with the cloud. They may opt to build a WAN into the cloud provider to extend their existing and traditional security controls. They may opt for a premium cloud service provider that offers managed security services. Or, they may run software based network function virtualization such as Cisco’s Nexus 1000V. The reality is, with this movement comes a new paradigm in perimeter security. Major cloud providers leave network security to the Enterprise and don’t offer any more capability than security groups or SLB endpoints. A natural [&hellip

Read More...

I ran into an issue recently where I was using Linux as a router and forwarding wasn’t working between two interfaces. I could see packets entering eth0, but they weren’t forwarding out eth1. The routing table was fine and IP forwarding was enabled. I couldn’t even ping by sourcing a packet from eth0 destined for eth1 – both locally connected interfaces. My basic topology is below. Essentially, I was forwarding packets through Linux with no return route – basically “direct server return” kind of a setup where traffic flowed in asynchronous paths. In the topology below, breakingpoint is a 3064 switch with a default router to the MX240 with a default route str-ubuntuddos-02 with a default route out a second interface in a different VRF [&hellip

Read More...

I’ve been running Cloudera’s Hadoop offering on Ubuntu since December, 2013 and I thought after 6 months it was time to record some of my experiences. First, my setup has ranged from 5-7 nodes on three different hypervisor platforms – XCP, Hyper-V and VMWare. Each node is provisioned with one (1) 3.4ghz core and 4gig of memory. The first 5 nodes ran on VMWare and Hyper-V, the 6th and 7th were added on XCP. My configuration requires data exist on three different nodes. I ran a daily cron job to select count(*) using Hive – record the number of rows and the time taken to perform the query. The number of rows has ranged from 9million to close to 40 million. The source data is netflow [&hellip

Read More...

In previous posts I’ve written about how to install Hadoop on Ubuntu in under 20 minutes, how to configure NetFlow export into Hadoop and how to add multiple nodes to your Hadoop cluster. In this post, I’ll outline how to start querying Netflow data via Hive so it can be analyzed in Excel. The expectation is that you’ve followed the previous posts in this series so that your current Hadoop installation is in a predictable state. Here are the foundational things you need to know to accomplish this task: I highly suggest shutting down your netflow collector in advance. There are parts of this procedure that may be complicated by introducing new files while the metastore is in the middle of transition Hive’s metadata store [&hellip

Read More...

Sustainability is a topic I’m interested in both inside and outside of work. I’ve been doing a lot of research lately regarding data centers and energy efficiency so that I can apply my interest to my day job.  In particular, while probably the smallest source of power consumption within the data center, I’ve spent most of my time researching the power consumption and energy efficiency of network equipment. This research has led me to represent my company on The Green Grid as a voting member in the Network working group. The article below is a summary of several days of research on the topic of “Green Ethernet”. Why you should care about sustainability Data Centers today use about 3% of all energy within the United [&hellip

Read More...

Ever work with a protocol and delve into its inner-workings more than you ever wanted, more than you ever thought you needed to? That’s how I feel about NVGRE after the past two weeks. I guess that is reality when you’re dealing with a new feature, newish protocol, not well documented and that runs on top of an operating system also going under lots of innovation (Hyper-V). Overview Let me just say that most NVGRE implementation guides are based on Hyper-V 2012 syntax — and, to be blunt, they’re outdated and didn’t even work for me on 2012 let alone 2012 R2. For example, none of these examples will work on 2012 R2. http://luka.manojlovic.net/ http://gallery.technet.microsoft.com/scriptcenter/Simple-Hyper-V-Network-d3efb3b8/view/Discussions http://hikmatkanaan.wordpress.com/2013/03/28/windows-2012-hyper-v-3-0-network-virtualization/ They also are based on a single interface server, [&hellip

Read More...

List of things that don’t support Flowspec: 1) Quagga does not support flowspec 2) Juniper SRX does not support flowspec 3) ExaBGP supports flowspec but is not a listening service – it establishes connections only (note as of 1/13/2014 ExaBGP does support listening services but I have not yet tested it) 4) Cisco does not support flowspec So – if you want to play with FlowSpec — it looks like a high end Juniper router and ExaBGP are two good choices. Maybe an olive vm would also work? #fail

Read More...

In the first article here, I walked through importing netflow data into a single Hadoop instance (pseudonode) and mentioned a progression of the project to add multiple nodes. The ability to do distributed storage and distributed processing of data is ultimately the benefit of using Hadoop/HDFS. So, let’s expand on the project and add one or more nodes. Additional nodes (datanodes in Hadoop language – the namenode is the master) can be installed the same as a master, however, not all of the packages/processes are required. But, it really doesn’t matter if they are installed. So, installing a new node can follow the same procedure as the first node. The quickest install procedure I’ve seen I have documented here. You can follow this process to [&hellip

Read More...

It is hard to ignore all of the hype around Hadoop and Big Data these days. Like most infrastructure engineers, we tend to focus on how to build highly-available, highly-scalable networks – and I’m no exception. However, it is still important to me to keep up with and implement projects on popular trends, directly infrastructure related or not, especially when I can apply the project in some way to the infrastructure. With that, here is my first Hadoop project that uses netflow, nfdump (nfcapd), Hadoop/hdfs and Hive. The end result is being able to query historical netflow data from a hadoop data store. When you think about it – Hadoop is a great repository for netflow data written by nfdump. Hadoop handles extremely large data [&hellip

Read More...

In a previous post, I went through how to enable IPv6 on an SRX facing Comcast’s HSI service. I limited the scope of that post to  IPv6 on the egress interface. This post will be enabling IPv6 on the local LAN. As I mentioned in my first post, this config is not optimized for security. It also currently does not automatically delegate the prefix learned from Comcast’s gateway. These are static configurations that I’ve hard coded currently. It may be necessary to hard code these configurations, it may not – hard coding them was the only way that I was able to get them to work. The first things I did was disable IPv6 tunneling protocols via group policy across my entire domain. As I [&hellip

Read More...


Warning: file_get_contents(/opt/httpd/sites/rickmayberry.com/gpslogger.txt): failed to open stream: No such file or directory in /var/sites/rickmayberry.com/wp-content/plugins/google-maps-widget/google-maps-widget.php on line 150