How to emulate ASA in Ubuntu 9.10 and GNS3

Cisco ASA

Brainbump.net has an excellent and very complete how to emulate ASA using just the following components:

  • Ubuntu 9.10 – 32 bit Edition
  • GNS3 v0.7 RC1 tgz
  • Dynamips 0.2.8-RC2 binary for Linux x86 platforms
  • Qemu-0.11.0 tar.gz
  • Qemu-0.11.0 Patch
  • ASA Binary Version 8.0(2) – (asa802-k8.bin)

How-to is divided in 3 video tutorial parts for easy understanding and start with the most basic installation on GNS3 under Ubuntu 9.10 and continue with the actually configuration on the emulation.
If you are interested in security or you just want to test ASA and don’t have access to real hardware you definetely will want to try Brainbump.net tutorial.

READ THE FULL TUTORIAL on Brainbump.net


Cisco: Use TTCP to test together with TTCPW or JPerf

In one my previous posts, I shown you how to test a connection using a hidden Cisco IOS tool called TTCP.  A few days ago I run into an issue. I had to test a TCP connection to a remote Cisco router, but I had not other router on which to initiate the TTCP connection. As explained in Testing TCP Connection post, to use TTCP you need 2 Cisco routers.

Now, I found 2 new ways to do the testing without the need of having 2 routers, but just one. Maybe you already know this methods, but for those who don’t please keep on reading.

First, there is a Windows tool called TTCPW (download here) (actually you can download also the code, and I think it’s possible to compile and run it under Linux as well). This TTCW tool have the same option like Cisco TTCP and can work together without any issue.
On Cisco router, issue the ttcp command, and keep the regular parameters (we are not interested for now in fine tuning). Below I set the Cisco router to be the receiver:

Cisco TTCP
Cisco TTCP with default settings

On PC side, you download TTCPW and use the same settings. Basically to transmit you only need to input ttcpw.exe -t or -r “ip.address” and that’s it  Of course you can tune the settings to meet your needs. Just type ttcpw.exe to see all the settings.

TTCPW
TTCPW help

The second tool that you can use with Cisco TTCP is IPerf (text mode) or JPerf (Java graphical mode). Just fill in the IP address and the port (5001 if default) and you’re ready to go:

Jperf with TTCP
Jperf with TTCP

Of course there are some limitations on JPerf to TTCP compared to JPerf to JPerf testing. One of then is that you cannot use parallel streams, if you want to stress the connection. To overcome this limitation, I do the following.
Open 2 or 3 connection to the Cisco router where TTCP will run. Start one each connection one TTCP daemon with different ports (e.g. assuming 3 connection than ports 5001, 5002 and 5003). Then on the client start 3 JPerf (Iperf) with the same IP address but different ports (you can take the one below). In this way you can stress the connection a little bit.

Cisco makes its Nexus 1000v virtual switch less virtual

Cisco Nexus 1000vCisco Systems is making its virtual switch, the Nexus 1000v, a little less virtual.

The Nexus 1000v virtual switch replaces the vSwitch embedded in VMware hypervisor software and aims to give network administrators more control and visibility into the switching that takes place between virtual machines on a virtual host server. To date, however, the Nexus 1000v has existed as a virtual machine — a turn-off for network administrators who are accustomed to being able to see and touch their physical network devices.

“I think a lot of network administrators were leery about having [Nexus 1000v] as a virtual appliance because it’s something that’s beyond their control,” said Eric Siebert, senior system administrator with restaurant chain Boston Market and a TechTarget contributor. “Traditionally, the virtual administrators have control over [any virtual machines on a host server].… I think the Nexus 1010 gives them the option to have that type of control in a physical chassis.”

Read more on TechTarget.com…

Free Netflow Analyzer software

For today, I put together a list with the software that I’m using when I’m testing network behavior in the lab. The software below is free, with some restrictions but is perfect to use it when you need a quick solution to monitor your network with Netflow, sFlow or jFlow.

All the proposed software have commercial version, so if you like then and you consider one for your company please get in touch with the company that develop them for more information about licenses.

sFlowTrend

Free, graphical network monitoring tool. sFlowTrend makes use of the popular sFlow standard to generate real-time displays of the top users and applications making use of network bandwidth.

Some features:

  • Quickly understand who is using the network and what they are doing.
  • Enforce corporate acceptable network use policies.
  • Rapidly identify the cause of any problems or abnormal traffic.
  • Understand trends in usage and accurately target upgrades.
  • Generate management reports on current and historical performance.

sFlowTrend is written in Java and will run on most platforms.

Download sFlowTrend.

Solarwinds Netflow Analyzer

Solarwinds Real-Time NetFlow Analyzer captures and analyzes NetFlow data in real time to show you exactly what types of traffic are on your network, where that traffic is coming from, and where it is going. It displays inbound and outbound traffic separately for granular analysis that makes problem diagnosis quick and easy. You can view the historical NetFlow data broken out by application, conversation, domain, endpoint, and protocol. That way you know exactly how your bandwidth is being used and by whom.
Features:

  • Investigate, troubleshoot, and quickly remediate network slowdowns
  • Easily identify which users, devices, and applications are consuming the most bandwidth
  • Isolate inbound and outbound traffic by conversation, application, domain, endpoint, and protocol
  • Personalize NetFlow data displays to view traffic by specified time periods (up to 60 minutes) and by traffic type
  • Customize refresh rates and display units for NetFlow traffic

Drawback for this free version is that it can record only up to 60 minutes, than you have to restart software to record again.

Available only for Windows platforms.

Download Solarwinds Netflow Analyzer

ManageEngine Netflow Analyzer

ManageEngine NetFlow Analyzer is a, web based (no hardware probes), bandwidth monitoring, network forensics and network traffic analysis tool that has been optimizing thousands of networks across varied industries for peak performance and helping them to put their bandwidth for a better use. NetFlow Analyzer is a NetFlow, sFlow, JFLow (and more) collector, analyzer and reporting engine integrated together.

Features:

  • Real-time visibility into top applications and talkers in the network.
  • Detection of unauthorized WAN traffic.
  • Identify virus, worms and DoS attacks in real-time.
  • Understand the history of security violations with alert reports.
  • Recognize applications that use dynamic ports by performing a deep-packet inspection using Cisco NBAR.
  • Real time reports with 1 minute granularity.
  • Aggregated data stored for ever for historic reports
  • Ability to view reports in different granularity – 10 min, hourly, daily, weekly, monthly, and custom time period.

The bad aspect is that you can use it only for 30 days. Then you have to buy it. There is a trick, that if you reinstall the product you can use it again for 30 days. I advice to use this trick just for personal use or for testing purpose.

Available for Linux and Windows.

Download ManageEngine Netflow Analyzer

Plixer Scrutinizer

Plixer Scrutinizer captures Cisco NetFlow, sFlow and other flow technologies and uses that data to monitor the overall network health. Reports on which hosts, applications, protocols that are consuming network bandwidth.

Custom NetFlow Reports allow you to filter (include/exclude) in on exactly the information you need. They can be saved and run again later.

Features:

  • Adds several additional traffic analysis Report Types (e.g. Flows, Flow Volume, NBAR Support, etc.).
  • Report on Top Applications, Conversations, Flows, Protocols, Domains, Countries, Subnets, etc., across dozens of routers and switches.
  • Any saved report in Scrutinizer can be configured with a threshold to trigger an alarm.
  • DNS resolution becomes automated and a constant process.
  • Network traffic reporting and alarming on the internal network: SYN, NULL, FIN, XMAS Scans, RST/ACK worms, P2P, ICMP Unreachable, illegal IP addresses, excessive Multicast traffic, known compromised Internet hosts and more.

The bad part is that it drops the database after 24 hours. Still you can save the databases before this are dropped by the free version of Scrutinizer.

Available for Windows platforms.

Download Plixer Scrutinizer

Do you have any other alternatives that can help network engineer test their environment? Feel free to suggest in the comments form and if they are good I will add them to  this post.

Cisco EnergyWise fundamentals

Cisco EnergyWise is a key part of the Borderless Network concept. According to this document:

The network discovers Cisco EnergyWise manageable devices,
monitors their power consumption, and takes action based on business rules to reduce
power consumption. EnergyWise uses a unique domain-naming system to query and
summarize information from large sets of devices, making it simpler than traditional
network management capabilities. Cisco EnergyWise’s management interfaces allow
facilities and network management applications to communicate with endpoints and
each other using the network as a unifying fabric. The management interface uses
standard SNMP or SSL to integrate Cisco and third-party management systems

I know, I know you will say that it’s a lot of marketing and this is typically for Cisco, but let’s be fair. Tell me one company that is not marketing their product. It’s true that Cisco is quite aggressive in their campaigns, but we have to admit that many times the quality of the products meet our expectation.

Back to EnergyWise, I was lucky enough to have my question taken and being discussed in the live Cisco Borderless Network phase 2, European presentation, on 18th of March. I was curios about the following thing. The Phase 2 campaign was oriented on the power and energy saving, by controlling a lot of device power remotely and being able to shutdown an entire environment when it’s not needed. I asked how will Cisco EnergyWise accomplish this? Either controlling the power outlet in which a device (e.g. laptop) is connected or directly OVER the Ethernet wires.
Their answer was that in the moment Cisco is working closely with the companies that develop network cards, to make this compatible with EnergyWise to be able to power the device over the Ethernet wires. I know about PoE, but PoE is something different and I’m sure that it does not offer enough energy to power up a laptop.
When the recording of the live session will be available, I sure hope to get it and to posted here. In the meantime, I found a very nice explanation of the EnergyWise fundamentals from TechWiseTV. Enjoy it:

[stream provider=youtube flv=http%3A//www.youtube.com/watch%3Fv%3DhGf6DADO468 img=x:/img.youtube.com/vi/hGf6DADO468/0.jpg embed=false share=false width=560 height=340 dock=false controlbar=over skin=imeo.swf bandwidth=med autostart=false /]

Other Cisco Borderless Networks Related Articles in Internet