On proxies and network performance there are obviously many components which can be an influencing factor. One of those is content filtering, which in most networks form an important part of perimeter and internal security. Nowadays most employees enjoy access to the internet from their corporate PCs which in itself necessitates the need for some content filtering. URL filtering is one such process, the impact of intense checking against patterns to block.
There are huge risks with allowing access to the internet, so it is essential that these risks are mitigated in some way. Users obviously can be made aware of code of conducts and a robust internet usage policy is essential. However there will always be some users who will ignore these issues and even some who will actively seek to bypass them. It is not uncommon to analyse outbound connections and see many people with constant media streams of UK TV from abroad which obviously is not good for your network.
Other examples of content filtering are things like HTML tag filtering and screening for viruses and malware. HTML tag filtering allows certain tags to be removed from transferred HTML documents usually for security purposes. Many organisations for example will routinely screen out all Java or Active X controls from content. Blocking any content which contains viruses or malware is of course a sensible option in today’s security environment.
When these objects are being transferred and cachesd through a proxy server, there is an opportunity to filter this content. It is the logical place for example to implement virus screening plugins. The problems are that most of these plugin will require the whole object to be retrieved before it can be scanned. This leads to the undesirable situation where the proxy server is caching a potentially dangerous file. Also this can lead to a large amount of latency from the user perspective as the entire content is first downloaded and cached before the user sees anything on their computer screens.
There have been some technological developments which are improving this situation with more sophisticated scanners which can operate on streaming files and content. Other filtering applications can deal with HTML tag filtering in this way so that the data can be sent almost immediately and prevent that large data lag at the client’s side.
John ITV Stevens
Fog computing refers to a specific extension of the standard cloud computing model. It specifies a more decentralized architecture which collaborates with one or more node devices. This provides the subsequent control and configuration of end devices, something that is difficult for standard cloud computing models where data must be accessible centrally.The Fog computing model offers the chance for cloud based services to expand their reach and increases speed of accessibility to such devices.
There are two distinct planes – control and data which is often known as the forwarding plane.The destination and control of data packets is the responsibility of the data plane.This allows specific computing resources to be placed anywhere on the network unlike traditional cloud based computing which has to be focussed on central servers.An overview of the network is provided by the control plane which works with all the routing protocols specific in the architecture.
This Fog model allows data from devices in the Internet of Things to be processed in hardware that can be nearer the origin of the data. It’s important to remember that the client side architecture is becoming increasingly complex too. For example many of our devices actually are connected through VPNs or specialist DNS servers, read more in this article – Smart DNS vs VPN.
Cloud computing relies on the existence and a connection to that central server, which means you have to specify connectivity and bandwidth to accommodate this. Not so with the fog computing model, data can easily accessed between local devices – there is no dependency on the cloud. This model improves accessibility and the availability of device data.The idea also promotes collaboration between devices and data centres.
The model will work better in managing the capacity requirements of the IoT which is growing exponentially.This rise is partly due to the increase in smartphones and other devices which need access to data handling and computation power often in real time. With the conventional cloud, the smallest piece of data needs to be transmitted up to the central cloud from edge devices – this of course slows the whole network down.
Here’s a Quick Summary of the Advantages
- Globally distributed network helps minimal downtime
- Load balancing
- Maximize network bandwidth utilization
- Optimal operational expense
- Business Agility
- Better Interconnectivity
- Enhanced QoS
- Latency Reduction
There are several popular mechanisms which can allocate an IP address to a computer or network device, however DHCP is probably the most advanced method in common use. It’s a robust and efficient protocol which uses UDP as it’s transport mechanism. It exists largely as a result of the shortcomings of it’s predecessor BOOTP to which DHCP offers a host of enhancements.
One of the biggest improvements was that a DHCP allows the inclusion of a client’s subnet mask, which allows clients to be configured much easily particularly on large networks with many subnets. The other addition was regarding the ability to lease IP addresses for a specified period. In large networks this is crucial because of several reasons but primarily it made managing IP addresses much simpler and ensured that IP addresses weren’t locked into computers which weren’t even switched on. It enabled a network administrator to work with a much smaller pool of usable IP addresses than the number of ‘potential’ network enabled clients.
Although DHCP is a huge improvement on the IP addressing allocations systems that preceded it, there is still some situations which can cause problems. It’s worth considering issues with DHCP if there are network connectivity problems with your clients.
Typically DHCP related problems are to do with configuration or connectivity. One of the simplest issues is that DHCP hasn’t actually been configured on a client, although most later versions of Windows attempt to use DHCP by default some older versions need the IP address mechanism configured first.
A DHCP server will often be on a different network segment that the client it is attempting to update, any issues of connectivity between the two segments will be made worse if IP addresses are not allocated by the DHCP server. Remember the protocol uses UDP as it’s transport mechanism which does not have any delivery checking. A client will also broadcast attempting to find the nearest connectible DHCP server, this can cause issues if these broadcasts are not repeated by some network hardware.
If you do have problems on larger networks with DHCP broadcasts not being repeated then you should configure IP helper addresses on routers within the network to solve this. Sometimes it can get confusing with multiple DHCP servers on different networks, it’s important you have a good VPN service in order to connect to the various devices to ensure connectivity across segments.
If you’ve ruled out connectivity problems make sure the DHCP server is configured properly and has plenty of available IP addresses to allocate. Sometimes problems are not that the DHCP can’t be contacted but has simply run out of addresses to allocate to clients.
Raphael Silvano – Italian Networks, Rai Streaming Estero, 2017 Haver Press
Troubleshooting applications which operate across WAN (wide area networks) can be especially difficult. When a PC has the potential to both communicate with servers and other workstations across different IP networks and subnets there will almost always be complications. The PC could be using various methods and protocols to communicate and there’s inevitably the difficulty of identifying if your network hardware or the end network is causing the problems.
It’s important before looking for complex solutions is to start with the basics. A computer that needs to communicate across a wide area network will normally be configured to route it’s traffic through a default gateway. Although it sounds unlikely, misconfiguration of this very basic setting is quite often the root cause of any network connectivity issue. Basic IP configuration on the workstation will break most connectivity, remember it may be some external change that has caused this problem too. If a router or gateway is removed or updated, then any static configurations must be updated.
The error could be a simple incorrect IP address of the default gateway, or more commonly something like a incorrect subnet mask. Always remember that many operating systems require a reboot to enforce changes in IP configuration, another simple mistake to make especially if diagnosing remotely. If you can talk to a user or have command access on the workstation, the first checks should be basic connectivity ones. If a workstation can ping hosts on the same subnet but not on other subnets, your next step should be to check connectivity to the default gateway.
Other errors can be simply down to incorrect name resolution. If all network configuration and operation is ok, then it may simply be that the machine is being directed to the wrong address. Static information for name resolution can unfortunately be stored in all sorts of places, some difficult to locate. There are files on the host PC which should be checked both hosts and lmhosts can cause connectivity issues if there’s an incorrect address. Also many devices cache addresses to help with speed and network connectivity.
Checking IP connectivity might not tell the whole story though particularly if you’re trying to troubleshoot an application. Many have their own connectivity and configuration information pre-installed, a configuration files with incorrect connectivity information. These could potentially overwrite things like a default gateway and cause issues. Many applications work through web browsers and can also pick up connection details from these, users will offer specify a proxy in their browsers settings for various reasons, perhaps for accessing a popular web site like BBC iPlayer from abroad – such as this http://bbciplayerabroad.co.uk/which would also cause the application to be routed through the proxy too. It may work ok depending on the configuration of the proxy server (many just pass through data like this) however it will have an extra step added to the route.
Further Information on BBC News
It’s often the more complex IP routing protocols which are the most difficult to diagnose and troubleshoot and BGP (Border Gaetway Protocol) is no exception. Like many such protocol, BGP has a fairly specialised application in that it is used specifically for routing between different routing domains and autonomous systems. You’ll normally find BGP being used in advanced or specialised network environments like Internet Service Providers (ISP) or global corporate networks with advanced routing requirements.
Another situation where you may encounter BGP is when companies have merged, it is ideally suited to bring disparate computer networks together without starting from scratch. During the end of the last century there was a huge amount of these sort of corporate mergers and huge networks needed to be joined together – BGP provided the optimum solution for many of these situations and indeed is still commonly used today. Many a network administrator will have spent hours analysing at the end of residential VPN trying to determine the complexities behind a long established BGP routing tables.
When troubleshooting issues that may be related to BGP it’s important to understand the fundamental characteristics of the protocol. Without knowing these core concepts it can be very difficult to analyse a complex and specialised protocol like BGP:
Neighbour Formation : Like many routing protocols, BGP creates neighbour adjacency between routers before it starts exchanging information. These neighbours though are almost always defined statically rather than dynamically by the protocol. Their formation is normally determined by the setting up of a simple TCP connection, the command for determining a list and status of BGP neighbours is as follows:
show ip bgp neighbor
Most of the important data is found in the first few lines of the output of this show command. The most useful parameter for troubleshooting is the BGP state which will switch from Idle-Active-Open-Established as the formation of the neighbour state takes place. Remember this process can take a little time to complete, especially compared to some modern day routing protocols, so give it time, however if the state ends up as anything other than Established then the formation has not completed successfully.
Other relevant information that is important are the BGP version. There are quite a few different versions of BGP being used in the wild and they will always establish on the lowest common version when establishing a connection. If you see these version constantly changing and switching it is usually indicative of some fundamental network configuration problem.
External BGP : This is usually run between two different but autonomous systems which are defined on networks which must be directly connected. The neighbors are established by specifying the address of the link, for example you could configure by naming the address of a serial links between two routers on the two networks. You may have to use the ebgp-multihop parameter in these situations as often interfaces are not directly connected as specified by the loopback address. In order to ensure that there is a loop-free topology, BGP will ignore any BGP routes which has originated in any autonomous systems (AS).