Thursday, October 18, 2018

networking: pcaps tell the whole story

Working for an MSP, I have the opportunity to interface with a large number different clients and vendors. A few months ago a vendor contacted me on behalf of a mutual client, stating they "updated their scripts" and now their application, wasn't working for our mutual client. They had tested in their (the vendors) test environment, and determined the clients firewall (of which I was responsible), must be blocking the traffic.

I tested with the client and saw the traffic being allowed through; so I informed the client I'd work directly with the vendor and provide them with updates.

During testing with the vendor, I could see two way traffic being allowed thru the firewall; however, the vendor reported they weren't receiving any traffic from the client.

This caused me great confusion, and requested we run a Packet Capture on both sides to compare. Which quickly allowed me to determine that traffic was being sent / received on both sides. Not only that, all traffic was making it thru in a timely manner, but still the SFTP uploads and webpage calls were failing.

With the pcaps determining that bi-directional traffic was allowed; they agreed to dig into the pcaps with me. And we quickly determined the clients server was attempting to negotiate TLS 1.0, which had been depreciated on the vendors servers, in favor of TLS 1.2, as part of the "script updates".

A quick installation of the TLS 1.2 libraries on the clients servers resolved the issue. This experience has made me much quicker to run packet captures to check for obvious issues, rather than pushing them off as a last resort!

Monday, October 15, 2018

networking: Class of Service

In part 1, I stated that CoS doesn't refer to just layer 2 tagging of frames, as is commonly believed. Rather, CoS is the implementation of QoS principles enacted at various layers of the OSI model.

CoS facilitates the prioritization of traffic flows over a common path.
  • a means to recognize and control different types of traffic
  • ability for application traffic to be considered more or less important
  • mechanism to manage congestion of traffic
IEEE 802.1p/Q at the Ethernet layer and DSCP at the IP layer are some of the most commonly utilized standards-based CoS mechanisms.

Layer 2 method of CoS: 802.1p/Q Priority Code Point

  • 3-bit field in the 802.1q tag, with a value between 0-7, used to differentiate / give priority to certain Ethernet traffic.
  • When configuring lldp med, setting the "priority" or PCP value to 5, sets the PCP flag to 101, which will give those Ethernet frames the highest priority.
  • Because 802.1p/Q is a Layer 2 (Ethernet) standard, it only applies to the Ethernet header. At every Layer 3 boundary (router hop), the Layer 2 header, including PCP parameters, are stripped and replaced with a new header for the next link. Thus, 802.1Q doesn’t guarantee end-to-end QOS.

Layer 3 method of CoS: DSCP - Differentiated Services or DiffServ

  • 6-bit field in an IP header, with a value between 0-64, used to differentiate / give priority to certain IP traffic.
  • When configuring lldp med, configuring the DSCP value to "46", sets the DSCP flag in the IP header to "101110", and Datagrams with this tag will have the highest priority.
  • Network devices MUST be configured to use existing CoS values or they may be overwritten.

An example configuration string from a Brocade / Ruckus switch:

lldp med network-policy application voice tagged vlan 30 priority 5 dscp 46 ports ethe 1/1/1 to 1/1/48

Part 1, 2

Resources Utilized:

Tuesday, October 9, 2018

powershell: check service status and health

Had a unique situation recently with a client whose IMAP Proxy would go offline after a reboot. All the services were running, and Event Logs were less than helpful to determine root cause. So while I wait for Microsoft support to check into and resolve the root cause (haha), I wrote a basic script to to resolve preventable outages due to this bug.

The script is written to import the Exchange Management Module.

Then check the health and status of the IMAP Proxy.

If the health and status of the IMAP Proxy is NOT online and healthy, it triggers a condition to start the service.

If the health and status of the IMAP Proxy IS online and healthy, it exits the script.

This script is scheduled via Task Manager to run on startup, after a 15 minute delay (to allow normal Exchange services a chance to start).

    Checks the health & status of the IMAP Proxy service, and starts it if not healthy and online.

    CREATE DATE:    2018-10-09
            v1.0 - Completed script and deployed via Task Schedulder to run on startup, after a 15 minute delay.

# add exchange management module
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

# check status, and start if NOT already online
Get-HealthReport -Identity "$servername" | where {$_.HealthSet -eq "IMAP.Proxy"}
    if ({$_.State -ne "Online"}) {
            Set-ServerComponentState -Identity "$servername" -Component "imapproxy" -Requester "HealthAPI" -State "Active"
        elseif ({$_.State -eq "Online"}) {
link to code on github

Wednesday, October 3, 2018

networking: CoS vs. QoS

CoS - Class of Service
QoS - Quality of Service

NOT a layer 2 vs layer 3 differentiation.
NOT a guarantee for traffic (dependent upon each hop respecting the request).

QoS - Quality of Service: an umbrella term which covers the use of features such as traffic policy, shaping, and advanced queuing mechanisms.

CoS - Class of Service: a form of QoS applied at layer 2 (ex: PCP) and layer 3 (ex: DSCP).

Part 1, 2

Resources Utilized: