Lutz Donnerhacke IKS Service GmbH

Slides:

Advertisements

Similar presentations

Presented by Mr.Vihang S. Kathe IBC High availability Solution High performing IT Solutions.

Advertisements

Implementing Layer 3 High Availability

© 2009 Cisco Systems, Inc. All rights reserved. SWITCH v1.0—6-1 Implementing Layer 3 High Availability Configuring Layer 3 Redundancy with HSRP.

Understanding Layer 3 Redundancy. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 Upon completing this lesson, you will be able.

Improving Availability in Multilayer Switched Networks

Institute of Technology Sligo - Dept of Computing Chapter 11 Layer 3 Protocols Paul Flynn.

10/02/2004ELFms meeting1 Linux Virtual Server Miroslav Siket FIO-FS.

Data Center Network Redesign using SDN

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Module 3: Designing IP Addressing. Module Overview Designing an IPv4 Addressing Scheme Designing DHCP Implementation Designing DHCP Configuration Options.

© 1999, Cisco Systems, Inc. 1-1 Chapter 2 Overview of a Campus Network © 1999, Cisco Systems, Inc.

EXPOSING OVS STATISTICS FOR Q UANTUM USERS Tomer Shani Advanced Topics in Storage Systems Spring 2013.

Setup and Management for the CacheRaQ. Confidential, Page 2 Cache Installation Outline – Setup & Wizard – Cache Configurations –ICP.

Introducing a New Concept in Networking Fluid Networking S. Wood Nov Copyright 2006 Modern Systems Research.

S7C8 Hot Standby Router Protocol

Delivery and Forwarding Chapter 18 COMP 3270 Computer Networks Computing Science Thompson Rivers University.

The Benefit and Need of Standard Contribution for IXPs Jan Stumpf System Engineer.

Redundancy. Single point of failure Hierarchical design produces many single points of failure Redundancy provides alternate paths, but may undermine.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Linux Virtual Server Jim Lawson VAGUE/University of Vermont /

1 Computer Networks Chapter 5. Network layer The network layer is concerned with getting packets from the source all the way to the destination. Getting.

EVPN: Or how I learned to stop worrying and love the BGP Tom Dwyer, JNCIE-ENT #424 Clay Haynes, JNCIE-SEC # 69 JNCIE-ENT # 492.

ARP spoofing ARP tutorial with pictures -7 Watch animation to learn networking. Visualize.

Why do we update Tenda UI?

CCNA Practice Exam Questions

Layer 3 Redundancy 1. Hot Standby Router Protocol (HSRP)

Services DFS, DHCP, and WINS are cluster-aware.

VSNL Sify /24 / 24 / 24 /24 Internal Network / Default gateway is

Virtual Local Area Networks or VLANs

Martin Casado, Nate Foster, and Arjun Guha CACM, October 2014

Instructor & Todd Lammle

Instructor Materials Chapter 9: Testing and Troubleshooting

Revisiting Ethernet: Plug-and-play made scalable and efficient

Planning and Troubleshooting Routing and Switching

HEPiX Fall 2017 Firewall Load Balancing Solution

Troubleshooting Network Communications

ANTS Goals Today’s networks lack flexibility …

Network Load Balancing Functionality

Network Load Balancing Topology

Chapter 6 – Routing.

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

1. Public Network - Each Rackspace Cloud Server has two networks

2TCloud - Veeam Cloud Connect

Introduction to Computers

Introduction to Networking

Chapter 2: Static Routing

Introduction to Networks

Introduction to Networking

Virtual Router Redundancy Protocol (VRRP)

technical-service/ technical-service/

Chapter 2: Static Routing

Firewalls Purpose of a Firewall Characteristic of a firewall

Extending MPLS/BGP VPNs to End-Systems

Rotating Prefixes in xDSL networks

Chapter 4: EtherChannel and HSRP

Cisco networking CNET-448

AD FS Installation Active Directory Federation Services (AD FS) 7.1

COMP/ELEC 429/556 Introduction to Computer Networks

COMPUTER NETWORKS CS610 Lecture-29 Hammad Khalid Khan.

Computer Networks ARP and RARP

Figure 6.11 Configuration for Example 4

Host and Small Network Relaying Howard C. Berkowitz

Hosted Security.

Multicasting Unicast.

Discussion Issues on IMS-based NGN

Chapter 4: EtherChannel and HSRP

Presentation transcript:

Lutz Donnerhacke IKS Service GmbH ND Spoofing for Fun and Profit Distributing server farm traffic efficiently Lutz Donnerhacke IKS Service GmbH

The Problem High bandwidth servers Distributed clients Distribute locations Intermediate bandwidth limited Third party appliances Internal communications? Single default gateway No technical contacts Design violation Should buy two clusters

First Hop Redundancy Single active router Traffic flow HSRP, etc. Failover Traffic flow Deterministic Not optimal Intermediate bandwidth required

Disturb First Hop Redundancy Prevent FHR communication Both nodes active Complicated, error prone Low latency = local First come, first serve Slow and unstable redundancy Do not disturb the cluster May harm internal communication Hard to operate Always a fail state

SDN for the rescue Inject the router twice Pro Con (for us) MAC into BGP Least cost route Pro Stable Redundant Con (for us) Redesign of core network Expensive

Back to the blackboard Different gateways Each server has an other router HSRP still possible Locality depend configuration Communicate with vendor Change application Change rollout Unlikely 

Can we fool the servers? Trivial idea Fails in practice Same IP, different MAC First come, first server Fails in practice Duplicate IP detection Missing ND responses Core in danger

ND for the rescue Router ND-Server Server IPs from different networks Down: Host routes to interface ND-Server Fake ND responses Rule based: who, whom, what Can respond with HSRP-MACs Server Automatically learn optimal MAC

Background xDSL networks PARPD Sources Carrier blocks Customers need Rule based ARP/ND responder Sources https://lutz.donnerhacke.de/Blog/ Proxy-ARP-daemon https://bugs.freebsd.org/bugzilla/ show_bug.cgi?id=223594