This is a memo and reminder about the routing limitations that I stumbled into when working with Nexus 9000 series switches running NX-OS. Feature Limitation Link to documentation PBR You cannot configure PBR on port-channel subinterfaces Interfaces configuration guide for 9.3(x) QoS You cannot configure QoS on port-channel subinterfaces QoS configuration guide for 9.3(x) QoS […]
Category: Networking
File Transfers and the Cloud (Or How Latency Affects Your Application)
In this post I’ll discuss a reality that is often overlooked when talking about using cloud services: Network latency matters. Here is the test network: On Your Marks Let’s first imagine that the hosts HostA and HostB are near each other, like in the same data center. The latency between the hosts is negligible: markku@HostA:/mnt$ […]
LDAPS Problem: Can’t contact LDAP server (-1)
LDAP authentication problem in the customer environment: The error message was received right after entering the password. Tshark says: 1 0.000000000 192.168.99.200 → 10.10.10.10 TCP 74 44780 → 3269 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2891116193 TSecr=0 WS=128 2 0.001225814 10.10.10.10 → 192.168.99.200 TCP 74 3269 → 44780 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 […]
How to Decrypt TLS Traffic with Wireshark
This is a small note to keep the links to posts by Peter Wu: Extract pre-master keys from an OpenSSL application Extracting openssl pre-master secret from apache2 Example in Debian Buster: With the keys saved by that process (and doing the packet capture at the same time, in either server or client side), you can […]
High Availability Clustering with Zabbix on Debian
Later in this document: Setting up the database servers Setting up the Zabbix servers Setting up the frontend (web) servers Edmunds Vesmanis had a presentation in Zabbix Summit 2019 about Zabbix HA setups (video in Youtube), and he also wrote a post in Zabbix blog titled High Availability cluster building with Zabbix for continued service: […]
Zabbix Protocol Dissector for Wireshark
While troubleshooting a Zabbix communication problem I realized that there was no Zabbix protocol dissector in Wireshark. Long story short: I wrote my own dissector in Lua as an exercise. Actually, I wrote two dissectors, one for Zabbix passive agent communication (port 10050, the not-so-json-style protocol) and one for other Zabbix components (port 10051). You […]
Linux Routing Memos
These are just small hints and memos what to do on a Debian Linux setup. This is not a complete guide on doing a secured routing environment with Linux. /etc/sysctl.conf: net.ipv4.ip_forward=1 Configure /etc/network/interfaces iptables -t nat -A POSTROUTING -o <upstream_interface> -j MASQUERADE apt-get install iptables-persistent apt-get install iftop apt-get install conntrack conntrack -L -s 10.11.1.10 […]
Zabbix Components and Ports
Zabbix monitoring system consists of components that communicate with each other. Here is a summary of the TCP ports and some configuration characteristics of various connections. Active agent: The Zabbix agent periodically asks the Zabbix proxy (or Zabbix server, if configured to use the server directly) for the list of items that should be collected, […]
Wireshark and 802.11 Data in Capture Files
Once again I was asked to get involved when a customer had problems with an application. I won’t go into application or problem details here but the process eventually involved capturing traffic on a customer laptop to see what was actually happening. The consultant doing the capture was not using Wireshark as I would have […]
Junos Default Applications
From Junos 12.1X47-D25.4 on SRX240H2: markku@srx> show configuration groups junos-defaults applications # # File Transfer Protocol # application junos-ftp { application-protocol ftp; protocol tcp; destination-port 21; } # # Trivial File Transfer Protocol # application junos-tftp { application-protocol tftp; protocol udp; destination-port 69; } # # Real Time Streaming Protocol # application junos-rtsp { application-protocol […]