Recently, I had a need to understand IP fragmentation better, so I built a lab to experiment with. I wanted it to be easy to setup, and built in a way that is repeatable by others, so I designed automation to stand it up with virtual machines in a hypervisor. The lab network topology is shown in Figure 1.
Figure 1 – Network Diagram for IP Fragmentation Lab
Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a computer network. Flows provide a convenient unit for the measurement and/or treatment of traffic.
Following on from What is a Network Traffic Flow?, this second post delves into Internet layer flow considerations. Previously, we found that the definition of a flow is mainly arbitrary, primarily driven by the capabilities of hardware/software, and the use cases. We now delve further into the considerations around specific features and behaviours of IP.
Figure 1 – Where this Blog Post fits in the Internet Protocol suite Continue reading
Network traffic flows (flows) are useful for building a coarse-grained understanding of traffic on a computer network, providing a convenient unit for the measurement and/or treatment of traffic.
Flows can be measured to understand what hosts are talking on the network, with details of addresses, volumes and types of traffic. This view of the network can be useful for troubleshooting, detecting security incidents, planning and billing
But what exactly is a flow, and how is it defined?
This question sounds trivial to answer, however when we dig deeper we find nuances and corner cases that make flows interesting, and ultimately difficult to define. Continue reading
This blog post is for network experimenters who want to export flow records from an Ubuntu Linux host bridging multiple network segments. Such a network might look like this:
An Ubuntu Linux host is bridges two network segments and traffic passing through the bridge is recorded as flow records. Continue reading
This blog post is for network experimenters who want to collect (receive) NetFlow or IPFIX flow records using the nfdump package (which includes nfcapd). An example use case, building on previous blog post NetFlow on OpenWRT, is shown in diagram below (highlighted boxes):
Flow records can be useful for various applications such as network visibility and security alerting. Continue reading
This blog post is for network experimenters who want to export flow records from a small network, such as a home network using an OpenWRT router. Such a network might look like this:
Flow records can be useful for various applications. Here is an example flow record:
Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2018-08-04 21:31:34.518 0.000 TCP 10.1.1.19:52465 -> 10.1.1.1:22 100 4600 1
Flow records give a coarse-grained view of what traffic is passing over a network, including flow source and destination addresses/protocols/ports, as well as volume information such as packets and bytes.
In this tutorial we use OpenWRT[1], a popular free and open source router operating system, and add the softflowd package to it to generate NetFlow flow records. There are however many other options to achieve the same outcome. Continue reading
Previously in part 1, we covered containers at a high level, including how they scale, alternatives and properties. Now in this second post we find out what Docker is, how it runs on Linux, and how images work. And we’ll do all this without the usual analogies of containers and ships, but instead with restaurants & food. Sound good? Well, keep reading…
Docker is the dominant container technology (as of 2018); with around 79% of organisations in a 2017 survey[1] saying Docker is their primary method for running containers.
There is a tendency to conflate Docker with containers and assume they are one and the same. This is not true. Continue reading
One of my 2018 learning goals is to become more familiar with containers. This blog post (first of a series) is intended to help broaden my own understanding of containers; hopefully it is also of use to others.
A container is a type of application virtualisation that isolates and sandboxes application processes within an operating system (OS).
On Linux, a container is a process (or multiple), isolated from other processes through namespaces. The container sees a separate isolated filesystem:
Overview of how a container runs on Linux
In part 2 of this blog post, we cover off how to install the necessary components to build virtual SDN labs with Vagrant. Continue reading
I’ve been experimenting with Vagrant to automate the creation of virtual Software-Defined Networking (SDN) labs. This blog explains how create SDN labs with Vagrant.
Why SDN labs? Maybe you’re a network student or engineer learning new skills. Maybe you want to develop the next killer SDN app. Perhaps you’re doing SDN research. Virtual labs are a great way to test ideas without having to invest in SDN switch hardware, and can be set up quickly. Continue reading
Bits 'n Bytes 