Thursday, May 18, 2017

Using Artica Squid Open Source Project to Build Powerful and Safe but Simple to Use Proxy

Looking for a pre-installed GUI based Proxy for a while and found Artica recently. The feature is pretty attractive and GUI interface looks cool.

What is Artica?
"Artica Proxy is an appliance that claim to manage Squid-cache proxy with all features that Squid Cache provides.With the Artica Web interface you can monitor, manage get statistics of your proxy service.
Artica Proxy provides ISOs in order to build a full proxy appliance without any technical skills.
Artica Proxy allows to enable Web filtering engine with more than 30.000.000 categorized websites.

Other features included such as reverse-proxy, RDP proxy, VPN, DHCP, DNS..."
Here are some my experience on it.

1. Download Link:

There are ISO, ESXi, Hyperv, Xen versions to download.

Friday, May 12, 2017

Configure Netflow on network devices for PRTG Netflow Monitoring

Netflow is a feature first introduced into Cisco routers and switches and then flow concept has been widely accepted by other network product vendors. Basically the network devices which support xflow feature can collect IP traffic statistics on the interfaces where xFlow is enabled, and export those statistics as xFlow records to remote defined xFlow collector.

PRTG can use this NetFlow feature for detailed bandwidth usage monitoring and it also shows you:
  • where your bandwidth is used
  • who is using it
  • how it is being used
  • why it is being used
It lets you see which specific applications are being used and how the usage might affect your network. NetFlow monitoring is included in all PRTG Network Monitor licenses, which means no special license to enable this feature. It will be counted into your sensors license.

Monday, April 17, 2017

Check Point Firewall Memory Issue

During regular firewall health check , I found one Check Point firewall cluster has a abnormal virtual memory usage from System Counters - System History view.  The cluster is 5600 Security Appliance.

It looks the memory usage is going up significantly recently. There is no recent changes on hardware, software and configuration except normal firewall changes. I am afraid of Check Point gateway will freeze after this counter reached certain high number based on some SKs such as sk66482, sk110362,

sk35496 has a bunch of methods to detect memory leak. In my this case, the fix was simple, just installed a latest Jumbo Hotfix 205 for R77.30.

Friday, April 7, 2017

Avocent® ACS 8000 Advanced Console System Configuration

My company has used Avocent ACS (Advanced Console Server) to do network devices' console management for many years already. I were using 4000, 5000 and 6000 serie, and now 8000 series is coming to refresh some old ones.

Emerson (EMR) acquired infrastructure management specialist Avocent Corporation (AVCT) for $1.2 billion on Oct 2009. Since then Emerson combined its Aperture and new Avocent businesses as a new division focused on helping data center customers better manage their infrastructure. Now it is part of Vertiv which launched as standalone business. The Vertiv's Trellis DCIM platform was the first to use real-time data to enhance data center management and has been recognized as a leader in every DCIM Magic Quadrant published by Gartner.

Interesting thing is I even could not find Avocent product from Vertiv's product page. Total it is 13 products under IT management category, but ACS product line is not there. I managed to google and find one link which shows more this product at this link:

Thursday, March 30, 2017

Juniper Space License Issue on Citrix Xen Environment

Based on Juniper "Junos Space Virtual Appliance Installation and Configuration Guide" , JunOS Space " must deploy the virtual appliance on a VMware ESX, VMWare ESXi or KVM server, which provides a CPU, hard disk, RAM, and a network controller, but requires installation of an operating system and applications to become fully functional."

In my test environment, one JunOS Space has been installed on Citrix Xen environment and it is working fine until we tried to import a license.

The license was generated from Juniper License site and emailed to us in a txt file. It used to work on another machine hosted in Vmware ESX environment. Unfortunately, this time, JunOS Space said no.

The License Information windows says:
License upload failed. Please check the following:
1) License data format
2) License Keys

Brocade Switch Access Through SSH and Web Tools

1. Through SSH
It is pretty straightforward, launch ssh client, enter your switch ip and credential, you will be in the command line.

Monday, March 27, 2017

Cisco Switch 2960x Memory Increasing Issue Troubleshooting - Memory Leak


Our network monitoring software found memory usage on some new production switches keep increasing. Those switches are Cisco 2960X and coming with 15.0(2) EX3 IOS.

As we know there are two types of memory in Cisco IOS: process memory and IO memory.
  • When a feature is enable on an IOS device (e.g. PIM, HSRP, and etc), IOS allocates process memory for the process.
  • IO memory is used when a software switched traffic hits the CPU. The CPU allocates IO memory to store the frame temporarily.
Our case is process memory increasing. What we need to do is to find out which process.