Networking Tools , Upgrades , Deployments and Troubleshooting.
Last week was a productive one. I started a new site build, reviewing security scans with NMAP. Auditing Speed Testing with iperf. Troubleshooting with Nexus switches and some augments to my local environment.
This week , a client was reporting speed issues on a P2P circuit that egresses off Nexus 3064. The device continued to demonstrate log messages “MTM Buffer”. There was hundreds of these logs. The system messages between the ASIC on the interface to the CAM table were being left open and not updating the CAM table. The Layer 2 consistency check continued to fail. The recommendation from TAC was a reload of the switch. Following a reload the quantity of the (show system internal mts) was back to normal levels.
Iperf: Following this reload. I needed to test the transit service off this impacted switch. I wanted to test against the capacity of the server before I tested across the circuit. Baseline Speed Test with iperf3. I turned the server on locally. (iperf -c localhost -p 5002). Once the server was on, I ran a test against the server (iperf -c localhost -p 5002). I also learned about the ‘nohup’ command in linux. The nohup command executes commands specified and ignores any hangup messages. I tested across the circuit as well successfully.
NMAP: A client has been running some nmap scanning for the internal network monitoring. Any issue was discovered the existing method was not picking up all open ports. The client was using the TCP Connect method (nmap -sT) . The TCP Connect method used the underlying OS to establish a connection rather than a raw packet connection. This method missed an open rsync port. The method was moved back to (nmap -sS). The SYN Scan is problematic since it triggers reactions from security devices in the path but I was able to whitelist the “attack” server in this case.
Over the last few weeks, I have discovered the need to expand and monitor my home network. One of my latest decision is to expand capacity with UniFi Dream Machine Pro. The device is combination of firewall & security gateway with 10G SFP+ WAN and LAN. There is also support for hosting the Ubiquiti controller directly on the appliance, DNS filtering , IPS/IDS , and direct support for the camera system. I hope to write more about the deployment in the next blog.
I am looking forward to the webinar on “History of IPv6: Past, Present, and Future” hosted by Nalini Elkins and Bob Hinden. Bob Hinden is the Co-Creator of the Ipv6 Protocol. There is a follow up later in the month on “IPv6 Transition Mechanisms and DHCPv6”. These are sponsored by ARIN.
Last item of this weeks post is the Packet Pusher’s podcast. Ethan & Greg discussed the last decade of hosting the show, how their relationships with other professionals , vendors have changed over the years. The Slack channel is one of my favorite places to discuss everyday networking. I highly recommend.
Loud Networking 