DNS and DHCP performance testing tools

When there are Internet issues, the first thing we say at Ariadnex is there is something wrong with DNS servers. Maybe the DNS service is stopped, the domain name which is requested doesn’t exist or even the DNS server can't respond so many requests per second (RPS). Another important thing to take into account when there are Internet issues is to know if the user’s computer has an IP address. Maybe the user’s computer hasn’t requested an IP address, the DHCP service is stopped, there is no more free IP addresses to offer or even the DHCP server can’t offer so many leases per second (LPS).

We have at the office a book about DNS with more than 500 pages. This means the DNS service is a powerful service with lots of options and parameters. It’s important to know the DNS service can listen in 53/tcp port and 53/udp port as well. It’s important to know what means NXDOMAIN code and NOERROR code. It’s important to know what is an authoritative server, a master server and a slave server. It’s important to know what is an internal view and a external view. Therefore, it’s important to know many things to configure a DNS service properly.

DNS and BIND book

If you have already configured a DNS server and you want to know how many requests per second (RPS) it can manage, you can use the DNSPerf tool to test the performance of the DNS Server. It is a DNS performance testing tool which can be downloaded from GitHub and it requires the BIND package. This tool is really easy to use. We have to set the DNS server which is going to be used, the datafile with the domains we want to request, the number of clients we want to simulate and the max queries we want to run.

DNSPerf example

 

DHCP is also a very important service in a user network. It is not so important in a server network because servers usually have static IP addresses configured. However, user’s computers usually have dynamic IP addresses configured. If a user’s computer doesn’t receive an IP address, we should look for the four way handshake. DISCOVER, OFFER, REQUEST and ACK are the packets we should look for with an sniffer tool such as Wireshark. In addition, we should also take into account whether there is a Relay DCHP configured and unicast and broadcast requests.

DHCP four way handshake

 

If you have already configured a DHCP server and you want to know how many lease per second (LPS) it can manage, you can use the PerfDHCP performance testing tool. It is really easy to install. If you have a Debian base computer, you just have to execute apt-get install kea-admin. As a result, perfdhcp should be installed. We’ll have to set the DHCP server which is going to be used, the network interface we are going to use, how many clients we are going to simulate, and how many LPS we want to run.

PerfDHCP example

 

To sum up, DNSPerf and PerfDHCP are two performance testing tools which help us to know if DNS and DHCP services are well configured and the performance fit our needs.

Have a nice day! Take care!

F5 AVR – Application Visibility and Reporting

There are lots of companies which would like to have statistics about application traffic to know metrics such as transactions per second, server and client latency, request and response throughput, URLs, countries, sessions, etc. This information is really useful for troubleshooting and immediate reaction to sudden changes. However, it’s also really difficult to get this information if you are not in the middle of the communication between the server and clients. F5 BIG-IP has module which help us to get Application Visibility and Reporting (AVR) thanks to the fact that this appliance is between servers and clients.

Analytics

Configuring F5 AVR is really easy. On the one hand, we have to provision the AVR module from the resource provisioning tab. Finally, we have to create an analytic profile with the statistics gathering configuration to collect metrics and entities such as max TPS and throughput, URLs, countries, client IP addresses, client subnets, response codes, user agents, HTTP methods, etc. In addition, we could even configure sending reports by email. Therefore, if you want to improve user experience, you will need application visibility and reporting.

Regards my friends! How do you know URLs latency to improve the user experience?

F5 APM - SSL VPN - Portal Access Webtop

There are lots of people that they don’t know what is a VPN. They don’t know how to install a VPN client and configure it. They only know the browser. Therefore, we should deliver applications easy to use. It should be a secure web portal where users log in with their credentials and they see all the applications they want to use. On the other hand, there will be users which only have to access to one application. They don’t need a web portal with lots of applications' icons but a secure web portal which access directly to the application.

F5 APM has also think about this use case. It’s really easy to configure a secure web portal where users log in and get access directly to a web application. They won’t know it’s a VPN to the internal application. We can configure this use case with a Webtop in Portal Access mode. You will watch in the video that a Webtop in Full mode with a Portal Access is a web portal with applications’ icons, while a Webtop in Portal Access mode is a web portal which accesses directly to the internal application.

Regards my friends! You should configure VPN easy to use for users! Take care!

F5 APM- 15 Use Cases

I’m working a lot these days with F5 APM. You will have watched all videos I’ve uploaded to my YouTube Channel. F5 APM is a module few people know it. It’s a module which is more than a VPN. It’s a module which is useful for many other use cases. I’m going to write today about use cases. You will read all the use cases where F5 APM can help you. Maybe, you know some of them, but others will be new for you.

Identity federation, SSO and Network Access are common use cases. Identity federation is an use case useful when we want to verify user identity (authentication) and control (authorization) the resources each user can access from a centralized system (IdP) to access to other systems (SP). SSO is increasingly used to avoid users write the credentials again and again to access the systems. Network Access is a tunnel mode SSL VPN.

Per-Application VPN, Application tunnel and Web Access Management are also three interesting use cases. Per-Application VPN is an use case mainly for mobile applications and MDM solutions, where we can apply per-user bandwidth policies and, in addition, only data relevant will be sent to the internal network. Application tunnel is like Network Access. However, Application tunnel have lower overhead in connection establishment, lower client module complexities, and faster application connections when compared to Network Access. Web Access Management (also called LTM+APM) provides authenticated access to internal resources.

Per-Application VPN

 

Portal Access, Citrix integration and VMware View support are also use cases we can configure with F5 APM. I think Portal Access is one of the most configured use case. It can provide clientless access to internal web resources. Portal Access is like Web Access Management. However, Portal Access rewrites page content. Citrix integration and VMware View support are also interesting because we can replace some of its core services with F5 APM.

VMware View support

Do you want more use cases? Exchange proxy, Webtop and ACLs. F5 APM can be configured as an Exchange proxy to secure remote access for all Microsoft Exchange services. You will also configure Webtop. It’s really interesting to have a customizable landing page with icons to access to web internal services. ACLs are less used. They can be used to restrict user access to specified internal hosts, ports and/or URIs. In addition, we can even store ACLs in an LDAP, RADIUS, or Active Directory server to apply ACLs dynamically to users. It sounds interesting!

Finally, there are three more use cases I would like to write about it. Step-up authentication use case is useful when we want to apply a time-limited policy to a user for accessing to areas of an application. Forward proxy, along with Secure Web Gateway (SWG) subscription, enforces access controls and implements a compliance policy for Internet access. F5 APM supports OAuth 2.0. Therefore, it can also be configured as an OAuth Authorization Server or an OAuth Client.

Fifteen use cases where F5 APM fits your needs! Take into account all the things F5 APM can do for you! Regards! Take care!