F5’s iRules are a powerful tool used to access information about the network traffic flowing through your load balancer. Using the Tools Command Language Tcl, a common interface found across the networking industry, we can focus on network-level events and extract information. Unlike most IPFIX-exporting devices, the user needs to manually build a netflow monitor in the Tcl/iRule environment. This means determining which metrics are important to us, where in the conversation they can be collected, and how the IPFIX messages will be structured prior to export.Read more
Modern networks are designed to provide fast and reliable access to the applications that make us productive. Maybe it’s the inventory system used to keep procurement and warehousing in sync, or maybe it’s a system that queues and processes financial transactions. In any case, often these business-critical apps will need to be scaled horizontally to allow for additional concurrent capacity. Orchestrating access to multiple nodes serving the same app can be a technical challenge.Read more
Real-time applications have redefined the world around us. We can now hold meetings with members distributed across the world, play games with long-distance friends we haven’t seen in a while, or binge our favorite shows over a streaming service without missing a frame. But while using these tools has made life easier for the end users, the same cannot be said for those responsible for managing the networks that support them. Whether it is a datagram-based media stream like RTP, or an interactive TCP-based session, network performance is key to ensuring these applications work. It is essential that teams have a good workflow for identification and resolution of issues that can degrade or interrupt service. This blog focuses on the metrics that are important when trying to improve real-time application performance.
NetFlow can give us all kinds of rich information about our network infrastructure. You’ll find standard fields with information like source and destination and routing details along with advanced fields which give you information like network communication delay, RTP metrics, or DPI application labels. Exported as a standard field from most devices, TCP Flag aggregates can provide more insight into what your flow data is telling you about network activity. Read more
In today’s world of connected refrigerators, thermostats, cars, and phones, IP addresses are in high demand. IPv6 was invented to solve this problem, but the radical departure from the IPv4 standard has made it slow to adopt. This problem isn’t going away any time soon either: Cisco forecasts that by 2021, the average North American consumer will own 13 connected devices. Publicly addressing each device in North America alone would consume 3,780,000,000 of the 4,294,967,296 IPv4 addresses, or about 90% of the global total of IPv4 addresses available.
When measuring NetFlow volume, we typically speak in thousands of flows per second. That data is exported over UDP from the network infrastructure to a NetFlow collector. This results in huge streams of data that are proportional in volume to the amount of unique traffic observed by NetFlow-monitoring devices. Collecting all this data without missing packets can be a real challenge, but with some basic tuning and a high performance tool like Scrutinizer, perfect flow collection is possible.
Threat intelligence feeds help us keep our networks secure and our engineers informed on the latest issues. Huge volumes of this data get published every day with details on the latest command-and-control schemes, malware, and malicious domains. There are many malicious actors that are identified in intelligence feeds. So many, in fact, that manually processing every event to check your local assets can quickly become an impossible task. Knowing about these new threats is essential to good network security, but how can we verify if our network is affected?
In the wake of recent vulnerabilities with memcached, Distributed Reflection Denial of Service (DRDoS) is currently in the focus of public attention. Using this technique has generated some of the largest attacks seen to date. This blog will cover how you can use Flow Analytics to detect this behavior in your environment.
Screen sharing applications have changed the landscape of the modern office. These tools allow users to remotely control another PC and receive image data that represents what the local user would see on their monitor. This greatly simplifies telecommuting, support calls, or remote access to files. A question we often receive from customers using Scrutinizer for monitoring network utilization and traffic is, “How can we identify screen sharing traffic on our network?” With vulnerabilities recently found in products like TeamViewer, it is more important than ever to gain visibility into the who, what, when, and where of screen sharing network traffic.
Confidentiality, integrity, and availability are the three major components of information security. Over the years it has become easier to ensure the confidentiality of information via encryption, limiting data access to those who possess the correct key. Information integrity can be validated with a hash like MD5 or SHAxxx. If a file produces the same hash, we can trust it has remained unaltered. This leaves us with availability, a space that has become the front line of the information security war.