Delete the X-​​Bluecoat-​​via Header on Your ProxySG

If you have noticed that your Blue Coat ProxySG inserts a HTTP header in every trans­ac­tion, you might want to delete this to reduce inform­a­tion leak­age to pub­lic networks

Rant: F5 LTM and GTM Doesn’t Do External AAA Authorization

F5 BigIP LTM and GTM does not have any user author­isa­tion cap­ab­il­ity for admin­is­tra­tion by Radius or TACACS. Can you believe that?
They have been pro­du­cing F5 BigIP soft­ware for more than a dec­ade and I can­not believe that cus­tom­ers have not been ask­ing to provide external user author­isa­tion. To com­pare, I have just been con­fig­ur­ing APC Switched […]

Is the Cisco Nexus 7000 Needed Today — or Tomorrow ?

No doubt that the Cisco Nexus 7000 switch is a fine piece of tech­no­logy. The per­form­ance and through­put is wel­come, and clearly offers some fine new cap­ab­il­it­ies such as vir­tu­al­isa­tion, ISSU, bet­ter OOB and so on. I am sure that every­one can per­ceive the pos­it­ive mes­sages, lets face it, Cisco isn’t going to be shy in telling […]

Caring for Your Dynamips Install — Deleting Unwanted Files

Dynamips and dyna­gen are well behaved pro­grams most of the time. Occasionally I am con­fig­ur­ing a fea­ture or two that causes IOS to crash (most recently I was con­fig­ur­ing MPLS and redis­tri­bu­tion on c2600 IOS which got really busted).

Then I noticed that my hard drive didn’t have a lot of free space.…

Checking Connectivity on Your Blue Coat ProxySG

A very simple tool in your Proxy SG to check that you can access resources. It only works for HTTP but it provides a good check. I use this a lot in net­works where ICMP has been dis­abled for security.

Network Dictionary — Fibrechannel

Fibrechannel
1. A low latency block ori­ented data trans­fer mech­an­ism for stor­age cent­ral­iz­a­tion. Only used in Storage Area Networks.
2. A net­work­ing pro­tocol designed by the server industry so they don’t have to com­mu­nic­ate with net­work­ing people who know more than they do. Similar to Token Ring in its fer­vent belief and pas­sion as a super­ior tech­nical idea. Nobody cared about Token […]

Single Internet Connection but HA Infrastructure — Using Bridging Instead of Routing

The cus­tomer had decided to build a host­ing plat­form, but could only arrange for a single inter­net con­nec­tion to that site due to loc­a­tion. However, all other hard­ware was duplic­ated for high avail­ab­il­ity. After con­sid­er­ing the options the fol­low­ing dia­gram was pre­pared show­ing the first pass at the design. This was the Internet Connection (100Mb Ethernet) con­nec­ted to the router, then con­nec­ted to a switch, which was inter­con­nec­ted by trunk to a second switch. The first layer of fire­walls is then connected.

Cisco ASA and IOS Command Tip — Test Aaa-​​Server

I have been work­ing on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the pro­cess I dis­covered the test aaa-​​​​server com­mand. Its very handy tool when you are doing this kind of stuff.
Read on.….

Installing Tun Tap Driver on Leopard

First, I read about what TunTap is at Wikipedia and VTUN Sourceforge. From what I read, TunTap was writ­ten for the VTUN pro­ject to spe­cific­ally encap­su­late Ethernet pack­ets (TAP driver), whereas the TUN driver encap­su­lated IP pack­ets. The driver is used by other pop­u­lar soft­ware so it looks like it is here to stay. It is implemented […]

Network Tools, Craftsmen and Why My Mac Is a Good Hammer

Is a laptop a Hammer ?
I always per­ceived that my laptop is a spe­cial type of toolkit, in the same way that a trades­man has his tool­box of ham­mers and screw­drivers, I had a laptop with Windows and vari­ous pieces of soft­ware that are my tools. A TFTP server, note­pad for manip­u­lat­ing text files, mail cli­ent, ftp cli­ent, and so on. Back […]

Performance of Blue Coat BCAAA Agent for Authentication

A com­mon ques­tion in the Blue Coat for­ums is about the server spe­cific­a­tion for the BCAAA and how many users can be sup­por­ted. While I am not sure sure about the per­form­ance that Blue Coat recom­mends I can tell you my experiences.

Loading Policy Configuration in the Local File

A com­mon ques­tion in the Blue Coat for­ums is “how do I load this con­fig snip­pet into con­fig­ur­a­tion. The ques­tion most often comes from people who are new to SGOS and have been using the Virtual Policy Manager. This quick note shows you how to load a con­fig snip­pet that removes the X-​​Bluecoat-​​Via header

Network Dictionary — Reassuringly Expensive

Introducing the Network Dictionary

In this tech­nic­ally sur­real, mys­tical world of Networking, we are often fab­ric­at­ing new words, coin­ing new terms or adapt­ing old lan­guage to new require­ments. Our pro­fes­sion is not the first to do this, but our lan­guage is our own. How many people can con­duct a 15 minute con­ver­sa­tion without a single coher­ent sen­tence ? Can you count how […]

SOCKS Clients That Are Available for Your Blue Coat ProxySG — Update

A short list of SOCKS Clients that I have used or know of
Note that many pro­grams have their own SOCKS cli­ent built in, many FTP cli­ents such as Filezilla, WS FTP, Firefox and so on have built in sup­port. You really need a cli­ent when you have an applic­a­tion that must use a proxy server, but the applic­a­tion does […]

ICANN | IPv6 Address Added for Root Servers in the Root Zone

IANA  —  IPv6 Addresses for the Root Servers:
And all that IPV6 that you have been learn­ing over the last four years or so, will start being use­ful out­side of the lab. This is a quiet start to IPV6 rol­lout on the Internet.
At the moment, I don’t believe that we will be using IPV6 inside enter­prise net­works because there is […]

Reserved IP Address Range for Testing — RFC 2544

I have been look­ing at a multi host data centre and am using MPLS to securely share cer­tain resources and con­sid­er­ing what archi­tec­ture con­sid­er­a­tions for Network Management.
Lets define the prob­lem. Network Management is soft­ware and serv­ers that col­lect data from my net­work equip­ment and presents it to me in some use­ful form. Add to this […]

UDLD — to Global or Per Port

I was dis­cuss­ing UDLD today, and think­ing about mer­its of glob­ally enable UDLD on all our switches or should we con­sider enabling UDLD per port ?