Archive for September, 2015

Importance of Traffic Logs even for the home network

My little firewall logs just about everything that goes on. Blocked? Log it. Allowed? Log it. Most of the time, these logs roll over and I never even see the contents. However, every once in a while they come in very handy.

My wife usually spends a little while on Sunday evenings preparing attendance sheets for CCD (think Sunday school, but for Catholics). Our parish takes it very seriously, and they have given her a remote login to their data software, so she can update the attendance on-line, and they’ll have accurate records. This software appears to be SaaS (Software as a Service). Unfortunately, it’s not a web-based service. It is hosted on some remote system, and they provide her with something akin to a Citrix login to access the data. This software is PDS (Parish Data System) by ACS Technologies.

Recently the UPS on her computer started acting up. We had a quick blip tonight and her computer rebooted. When it came back up, she proceeded to connect back to this software, and was prompted with a small box asking for the Host. We don’t recall this being asked previously, as it usually just pops up a login box.

So, we checked the support website to see if they had any hints. A quick look around there seems to show that to get to any real support info, you need a Site code and a PIN, and my wife doesn’t know that. Their Live Chat support didn’t work. The only other options are Email (which also seems to require site details) and a toll free number, but they apparently don’t work weekends.

Thinking about the situation logically, I concluded that somehow this system “forgot” the remote hostname to which it normally connects. That’s what it’s prompting for connection details with a “Host” prompt.

It struck me that I might be able to find it in the logs, so off to my firewall I went. I filtered by my wife’s IP address, and tried filtering for the application “Citrix”. Zilch. Next, I started filtering out ports and applications that I knew it wouldn’t be, and told the firewall to lookup hostnames. Finally, after filtering out port 80, Facebook-base, Facebook-chat, iCloud-base, Twitter-base, and port 993 (secure Gmail in this case), I jumped from page 1 to page 10 (to get to a more appropriate time, prior to the power outage), and there it was. I recognized the name “”, so I tried that as the host. I believe at that point, I got a different error. So, we closed and restart the application, and it popped up and worked just fine.

So, if you have lots of logging going on with your firewall at the house, don’t bother trying to weed it down, just let it go. One day, it just might save you lots of time.

September 26, 2015 at 9:34 pm Leave a comment

Ad Blocking is stealing

I saw a quote the other day from someone in the online ad industry (I believe) who said that using an Ad Blocker is stealing.


I can see the argument related to movies and music.  I mean, for those items you have to buy a CD or a movie ticket (or buy a digital copy).  Downloading the content without legitimately purchasing it… Yea, I can see that being stealing.

Running an ad blocker and visiting a website, though?

Sorry, but no.  It’s not even in the same realm.

The real question publishers and ad companies need to ask is:

Why has Ad Blocking risen so much recently?

A recent focus has been Apple, with their release of IOS 9 that supports “content blocking”, which thus far has mainly been used to create ad blockers.  Why is this the case?

When I first got an iPhone 3GS, my first iPhone, browsing was fast.  Over the years, more and more advertising has been injected into mobile websites.  Advertising web servers are notoriously slow.  Advertising on mobile platforms has become more aggressive.  All this while bandwidth usage has spiked and most carriers have forced bandwidth caps on their customers.

With all these factors combined, the user experience is very poor.  To see how big of a difference it makes in load time, I invite you to try an ad blocker on on iPhone.  Visit sites that you normally visit, and you’ll see that the site pops up much faster than normal.  I expect that if you surf on your phone frequently, once you see the difference, you’ll want to keep using it.

September 20, 2015 at 9:48 pm Leave a comment

Monitoring a network with EIGRP

Most network monitoring involves polling.

So, you have a server (or farm of them) going out across the WAN every minute or so, talking to every remote device to ensure that they are up and running.

There are a number of products out there that do this, but what if you can do it smarter?

At my day job, we have hundreds of remote sites connected via T1 and they have an alternate link, soon to be LTE across the company.  We run EIGRP across our links so our routers know which links are available for traffic.  Yes, even our LTE links.  They all terminate on GRE tunnels on one router.  We set the EIGRP Hello time to 20 seconds and the Hold time to 60 seconds.  If 60 seconds pass without seeing a Hello, the link gets marked down.

I wrote a PHP program to handle this monitoring in a very efficient way.  Every minute, it performs an SSH into this router and runs a “show ip eigrp neighbors” command to get a list of all active neighbors.  This tells me that each of those neighbors are active at the time I performed the command.  I log this info to a database table.  I also run a command like “show ip route | inc Tu”.  Due to our database, my program knows which EIGRP neighbor is each location and which route belongs to each location.  If I see a connected route to any Tunnel, I know we are actively running traffic across the LTE link to that location.  Since this is done every minute, I’m logging each time that a remote device has an EIGRP connection to headquarters.  I track the state of all the locations and send SNMP traps to our central manager to create alarms when I see that an EIGRP connection that should be there is missing and when a route exists (meaning the LTE link is being actively used).

This database is tracking the total number of polls and the number of successful polls.  This lets me calculate an “Availability” number for that GRE Tunnel.  Note, this isn’t a real “Availability” number for the LTE link.  It’s an Availability number for the Tunnel, meaning it can easily be worse than the LTE link availability (if the remote router is down, perhaps).

If you described this to me as a monitoring solution, I wouldn’t expect it to work well.  The fact is that we’ve been running with this sort of solution for several years.  The difference now is that I’ve reduced the polling cycle from every 5 minutes to every minute to give me better granularity.  And it still works great, even with 150+ sites.  The beauty of this system is that adding more sites doesn’t really add more time (technically, it does, but it’s such a small number that it’s pretty much irrelevant).

September 18, 2015 at 9:59 pm Leave a comment

Best Cell Carrier coverage in the SouthEast US

Where I work, we wanted to put in LTE backup at all of our retail locations to handle communications in the event that our T1 circuit fails.  There are around 800 locations stretching from Louisiana, south to Key West, all the way to North Carolina.  We have relationships with the big three carriers, so we build survey boxes housing three CradlePoint cellular broadband adapters, one configured for each of the carriers, then took them around to our locations and ran a battery of Netperf tests to get real results for each location which were logged into a database.

Armed with that database of over 7000 test results, we selected the best carrier at each location by looking at the raw data.  My general criteria?  Look for the carrier with the best SINR (Signal to Interference + Noise Ratio), along with the best speed.  We are less concerned with cost, since they are all under $30 a month for our limited, pooled data plan.  Our goal is that we have a reliable backup that is at least as fast as the T1 circuit it would be “covering for” in the event of a T1 outage.  Most T1 outages would be measured in hours, so it needs to be available when we need it, first and foremost.  That said, we want better than 1.5 Mbps in both directions so that it can be a true T1 backup.  Looking at the data and making the selection was sometimes difficult, but we made our best guess in those cases.

I only have the actual numbers for the first 155 locations we have installed, which break down as follows:

AT&T was selected 50.9% of the time.
Verizon was selected 30.9% of the time.
Sprint was selected just over 18% of the time.

From the numbers I have seen (in passing), this pattern is pretty representative of the overall totals.

Now, I’m not much of an AT&T fan, but this is pretty impressive.


September 18, 2015 at 9:37 pm Leave a comment


September 2015

Posts by Month

Posts by Category