Please join us for our free webcasts. Many of these sessions were also presented at the SHARE, Computer Measurement Group (CMG), National Systems Programmer Association (NASPA), or SharkFest conferences. Each session will be approximately 40 minutes long. Following the webcast, we will provide an open forum for participants to discuss the topic for 10 minutes. To get a notification to register for our webcasts, please sign our guestbook at Guestbook. You will receive a new email to register for each webcast. Please check back often, more webcasts will be announced soon.
The sessions will be presented by the CEO and Founder of Inside Products, Nalini Elkins, or other invited speakers. Nalini is a frequent speaker and invited guest speaker at many technical conferences. To view her biography, please click on: Nalini's Biography.
You may also wish to join the IPv6 Business Information Exchange. This is a free forum provided by Inside Products. We will have web assisted meetings every quarter. For the meeting schedule, topics to be discussed, and mission of the IPv6 Business Exchange, please click here.
Send us suggestions for future topics by contacting us HERE.
Date: October 23, 2018
Time: 10am - 12pm Pacific time
Click HERE to register.
This class will consist of the following:
Click HERE to register.
IPv6 is coming, sooner or later! The time may be now to really start planning.
Inside Products, Inc.
(831) 659-8360
www.insidethestack.com
You may be interested in some of the webcasts we have given in the past. If you are interested in the foils and / or audio from these sessions, please email us and let us know what you would like. Audio is available for some of these past webcasts.
Phishing and social engineering attacks are a large problem for enterprises. As we move into a completely encrypted world, some of these attacks may be even more undetectable than today.
There is a discussion going on at the IETF about what may be potential solutions in this area. Might there be protocol solutions? Are there best practices documents that need to be developed? What has worked? What has not worked?
We may set up a research group at the IETF to work on this topic. This problem, however, spans multiple standards organizations, multiple protocols, and may even require governmental intervention.
This webcast will be a discussion of the issues so that concrete examples can be provided for any ongoing discussion. As always, if you wish to be more involved, please contact:
nalini.elkins@insidethestack.com
or
bill.jouris@insidethestack.com.
Enterprises have put off IPv6 adoption. What if you could sell your IPv4 address block for a substantial amount of money?
Many enterprises have large unused IPv4 address blocks. Do people actually do this? How does this work? What might be the problems you want to think of ahead of time? You may be wondering - how much can I get for them?
Lee Howard, an IPv6 expert who led one of the largest IPv6 deployments, whose former roles include co-chair of the IPv6 Operations (v6ops) working group at IETF, member of the Internet Architecture Board, and ARIN board member, is also a well-known researcher on the IPv4 address market. He will give us his insight into IPv4 address market pricing and mechanics.
January 30, 2018 (3.5 hours)
Free Webcast and Live event: TLS1.3 Round Table: Atlanta, GA
The Computer Measurement Group (CMG) and the Enterprise Data Center Operators (EDCO) are co-sponsoring a live seminar hosted at Kennesaw State University on TLS1.3. You will also have an option to attend remotely if you are not able to travel to Atlanta. You do not have to be a member of CMG to attend this seminar.
Agenda
TLS1.3 disallows the use of RSA key exchange. This means that large data centers will need a different way to decrypt out-of-band traffic. We need ways to manage our networks when traffic is encrypted. When you cannot inspect traffic, there can be malware, leaks, fraud and many other security and diagnostic problems.
Scheduled Presentations:
The webcast will be a recap of the IETF 100 meeting. There are a number of quite interesting discussions underway at the IETF.
These include:
TLS1.3 Status
We will discuss the implementation status of TLS 1.3. TLS1.3 disallows the use of RSA key exchange. We need ways to manage our networks when traffic is encrypted. When you cannot inspect traffic, there can be malware, leaks, fraud and many other security and diagnostic problems.
Endpoint vs. Middle Box Tension
Some who are developing endpoint or host based protocols feel that they cannot make changes to the protocols because the boxes in the middle of the network will not pass them. Their viewpoint is that the network then becomes ossified. That is, changes cannot be made to add functionality, improve protocols or provide additional privacy.
Two examples of this are:
On the other hand, some network operators feel that "hiding" all portions of the transport header, as has been suggested by the QUIC protocol, create an unmanageable scenario where traffic cannot be prioritized and optimized properly. This side of the argument also notes that "middle boxes" such as routers, load balancers, proxies, and so on, provide a needed function or else they would not exist and be so pervasive.
QUIC
The QUIC, initially developed by Google as HTTP over UDP, is being standardized by the IETF. Its long-term aim is to become a new transport layer protocol as are TCP or UDP. It offers many performance and privacy benefits but others have issues with the ability to manage this new protocol.
Need to read a Wireshark Trace?
Click HERE.
Are you trying to solve difficult network problems using a Wireshark packet trace?
Would you like some help? Including help with IPv6 traces?
If you are sitting in meetings hour after hour trying to figure out the actual cause of your network problems, you may want to take a look at how the Problem Finders might be able to help you.
Click HERE.
Date: Wednesday, September 13, 2017
Join us as we and our partner Software Diversified Services (SDS) demonstrate how we accomplished this "Impossible Mission".
Our task:
Analyze a packet trace with thousands of packets containing TLS sessions. Find out which sessions have failures and where. Find out which sessions have performance problems and why. And, we have one hour to do it.
We chose to accept the challenge.
How did we do it?
We used our SSL Problem Finder product.
It analyzed the packet trace in 5 minutes. Then, we started looking at the results.
What did we find?
Click HERE for the report.
There were 385 handshakes. 342 were good and 43 handshakes were bad. Some handshakes took over 2 seconds with at least one as bad as 8 seconds.
Some of the failing handshakes had a bad server certificate.
There were also some potential application perfornance problems because of how the application data was sent for encryption. (We can tell you of a case where one byte at a time was sent to be encrypted with 20 bytes of overhead per byte (95% overhead!).
What else?
We used the rest of the time to see the proportion of data traffic to the handshake and to analyze the handshake timing. Click HERE and HERE.
We can also see that the Tor browser was used for this session because of the Server Name in the TLS handshake. Click HERE to see the fingerprint of such sessions.
Our hour was well-spent. We had time to spare.
Do you want to do this?
First, you will need our expert system products for network diagnostics. You may see them HERE.
Then, you will need to get training on how TLS actually works. You would not expect to use an X-ray machine without training. This is how our products are also. Once you are trained and have the right products, what may have seemed to be an impossible mission, is now quite possible. We offer training for TLS. Just ask us.
This webcast will be a recap of the IETF 99 meeting. The Performance and Diagnostics Metrics (PDM) is in the last stages of becoming an RFC - it is in the RFC Editor's queue. We will show and discuss our prototype implementation of PDM on FreeBSD.
We will discuss the implementation status of TLS 1.3 and a proposal which may be of interest to many large data centers to allow for Static Diffie Hellman. TLS1.3 disallows the use of RSA key exchange.
We need ways to manage our networks when traffic is encrypted. When you cannot inspect traffic, there can be malware, leaks, fraud and many other security and diagnostic problems.
We will also discuss other interesting developments from IETF99 in Prague including the successful continuation of the Enterprise Data Center Operators group. This group will soon become its own entity.
What does the IETF do?
The Internet Engineering Task Force (IETF) creates the standards that are incorporated into products and operating systems that allow them to interoperate. These standards are known as RFCs. There are RFCs for TCP, UDP, TLS, IPSEC, MPLS and many other protocols.
How does that impact my organization?
When there are changes in the way a protocol works, it can dramatically impact the way you use, operate or diagnose problems on your network. The IETF standards are the core protocols which run the Internet and the TCP/IP Intranets run by large data centers.
A very recent example is where a change in TLS would mean potentially millions of dollars of spending required for new diagnostic methods.
Date: Tuesday, May 16, 2017
IETF98 Update: Net Neutrality / TLS1.3
The webcast will be a recap of the IETF 98 meeting. The European regulators have prepared a requirements draft for what they would like to see to measure Net Neutrality. We have responded with a draft to indicate how our Performance and Diagnostics Metrics (PDM) can be used for this purpose. We will discuss this on the webcast.
We will discuss the implementation status of TLS 1.3 and a proposal which may be of interest to many large data centers to allow for Static Diffie Hellman. TLS1.3 disallows the use of RSA key exchange.
We will also discuss other interesting developments from IETF98 in Chicago including the first meeting of the Enterprise Data Center Operators.
Date: Tuesday, March 14, 2017
The Future of DNS: Encryption
IETF standards are being worked on for encryption of DNS traffic using both TLS and DTLS. This may have an impact on how operation and diagnostics are done at large data centers.
The reason for the changes is that hackers and malicious parties can get quite a bit of valuable data about your network from DNS queries. So, of course, it is necessary to move in this direction.
Having said that, what is the potential impact to response time when DNS needs to use TLS? This will mean first that a TCP connection needs to be established rather than the normal UDP connection used for DNS today. Then, there needs to be a TLS handshake. What will happen when there are problems?
This webcast will discuss the drafts and RFCs currently underway at the IETF in this space. We will also discuss the differences between DNSSEC and encrypted DNS queries.
Date: Tuesday, Jan. 31, 2017
Internet Governance: IETF97 and IGF Update
The Internet Engineering Task Force (IETF) and Internet Governance Forum (IGF) are two of the bodies which create the technical and policy standards for the Internet. What happens at the IETF and IGF will impact your strategic network direction and operation. Sometimes it will be in a few years; other times, it will be in the coming year. This webcast will provide an update on IETF 97 and IGF activities. You may also wish to attend IETF 98 as it will be in Chicago. For those of us in the United States, it is an opportunity which does not come often to attend locally.
More Details
The IETF creates standards (RFCs) for the Internet. RFCs are implemented in network stacks. We will discuss the following:
Changes to TLS1.3 which are likely to affect you.
Date: September 27, 2016
IPv6 Neighbor Discovery Explained
IPv6 Neighbor Discovery, including Stateless Address Auto Configuration (SLAAC), is one of the new functions which mystifies many.
This webcast will:
- Explain the steps of SLAAC
- Explain the network prefix
- Explain the Interface ID (IID)
- Show packet traces for normal SLAAC
- Explain Duplicate Address Detection (DAD)
We will also discuss security aspects of Neighbor Discovery as well as some of the new RFCs and drafts at the IETF such as "Recommendation on Stable IPv6 Interface Identifiers" (draft-ietf-6man-default-iids-15).
Date: August 16, 2016
Effects of Ubiquitous Encryption: IETF96 Update
IETF standards are being worked on for encryption of network traffic without static RSA cipher suites. This includes TLS1.3.
There are, of course, many good reasons for this: privacy, protection of data from hackers and malicious parties, and much more. But the impact to enterprise networks may be that visibility of traffic to do network diagnostics and management nearly disappears except at the endpoints.
Many companies have spent 10, 15, or even 20 million dollars on products and equipment to capture network traffic at many points throughout their network. With the changes coming in the new standards, the investment in such products may come to nothing. Worse, the ability to diagnose problems for Internet based applications for the enterprise will become much harder -- possibly leading to prolonged outages.
You may wish to read a draft on the impacts of ubiquitous encryption: https://tools.ietf.org/html/draft-mm-wg-effect-encrypt-03
This draft will be updated and presented in Seoul at IETF97. We will be contributing language to this draft as well as forming a group of enterprise operators to support finding a solution to balance the needs of strong encryption and network diagnostics. We hope you will join us. Please contact me at nalini.elkins@insidethestack.com if you want more information.
The bigger lesson to be learned here is that, in the end, standards are implemented in products which will impact the large networks that enterprise operators run. Many millions of dollars are at risk. The voices of enterprises and private networks, which run the economies of the world, are hardly visible at the IETF. They need to be at the table where such decisions are made.
Large transfers can be done via FTP, Apple Filing Protocol (AFP) and Server Message Block (SMB). You may wonder "Why is my FTP so slow?" How can you know what is going on?
We will discuss the TCP mechanisms used in transferring large amounts of data. We will examine a number of real problems to see where the slowdowns may be. We will discuss the concepts:
- Bytes in flight
- Segment size
- Send and receive buffers
- Receive window size
- Delayed acks
- Filling the window
- Throughput comparison
We will compare an IPv6 FTP to an IPv4 FTP using the same file. We will also look at how SSL configuration options may impact throughput. We will show sample tuning for AFP / SMB, and much more!
This webcast will demonstrate how we accomplished this "Impossible Mission".
The packet trace contained thousands of packets and over 300 TLS sessions. With SSL Problenm Finder we did the initial analysis in 5 minutes!
Then we used the rest of the time to see the proportion of data to the handshake, and to analyze the handshake timing. We found bad handshakes, and we found (very!) slow handshakes. There were also some potential application performance problems because of how the application data was sent for encryption.
April 26, 2016
IETF 95 Update: TLS 1.3 / IPv6
This is a meeting of the IPv6 Business Information Exchange (BIE). The webcast will be a recap of the IETF 95 meeting. Our draft for embedded diagnostic metrics (IPPM Considerations for the IPv6 PDM header ) now has a document shepherd and will now proceed to full IETF approvals.
The PDM header will flow in the clear even when using IPSec / ESP mode. This will provide information on out-of-order packets and packet loss. We are starting work on kernel level implementations on some operating systems and will be sharing our results soon.
We will discuss the implementation status of TLS 1.3 and expected availability in OpenSSL.
There were also some quite interesting discussions in the IPv6 Working Groups which we will share. For example, the potential new Working Group for Intelligent Transport Systems discussed IPv6 in automobile
March 22, 2016
Introduction to IPv6
Access via IPv6 to Google is at 23% for the United States. The usage last year at this time was about 12%. The usage is expected to increase every year.
IPv6 is very different from IPv4. You may have been putting off learning about it but the time may be now.
Join us in this webcast to learn about:
- IPv4 / IPv6 differences
- IPv6 addresses and address types
- IPv6 neighbor and router discovery
Feb 23, 2016
TLS Extensions: Why are they used?
Transport Layer Security (TLS) is used to protect much TCP traffic. TLS extensions are passed in the Client Hello packet and extend the functionality provided by the TLS protocol.
Such extensions include:
Other extensions deal specifically with Elliptical Curve cipher suites such as:
This webinar will discuss the use of a number of these TLS extensions.
Jan 26, 2016
Intro to IPv6: IPv6 Business Information Exchange
Access via IPv6 to Google is at 23% for the United States. Please look HERE to see the statistics. The usage last year at this time was about 12%. The usage is expected to increase every year.
IPv6 is very different from IPv4. You may have been putting off learning about it but the time may be now.
Join this webcast to learn about:
We have been involved in creating some of the RFCs for IPv6 and are heavily involved in the IETF. You may wish to see our standards work HERE.
December 1, 2015
TLS Connection Performance Analysis
More and more companies are using TLS to protect their application traffic. Do you know what the performance is for such connections?
We have seen very good connections add 200 milliseconds to the overall traffic. Other connections have doubled the response time or even more! Where do your connections fall? Do you know?
How do you start analyzing such performance issues? Is the problem in the TLS (SSL) handshake? Is it in the way that the application records are encrypted? In this sesssion, we will present an analysis methodology for looking at such problems.
We will also show good connections and bad connections using our SSL Problem Finder product.
October 20, 2015
Ease TLS Migrations
Our popular Early Warning System product is being enhanced with checks for SSL (or TLS) cipher suite and protocol level.
It seems that every day, we hear about some cipher suite which should not be used or problems with a version of the SSL / TLS protocol.Many companies have just migrated away from SSL v 3.0. Others are migrating away from TLS 1.0. Keeping up with the changes and migrating customers smoothly can be a challenge!
Best practices in cipher suites or SSL / TLS protocol levels may change as vulnerabilities are found. As you implement the new standards, you need to be aware of which of your customers is using the old ciphers or protocols.
With the new Early Warning System, you may define cipher suites or SSL / TLS protocols which are acceptable. If a connection is made to your mainframe with using another cipher suite or SSL / TLS protocol level, then you will receive an alert. You may then contact the customer to change their settings. This will make the migration much easier.
August 25, 2015
IETF 93 Recap: IPv6 Business Information Exchange
The webcast will be a recap of the IETF 93 meeting. We presented our draft for enhanced performance and diagnostic metrics (IPPM Considerations for the IPv6 PDM header) at the IPPM working group session.
We presented results of our testing with IPSec. The PDM header will flow in the clear even when using ESP mode. This will provide information on out-of-order packets and packet loss.
We will also discuss the changes for TLS 1.3, a proposal for enhancing TCP for data center environments, the concerns about censorship attacks, as well as a proposal for remote participation hubs that we will make at IETF94.
July 14, 2015
Understanding DNS Performance and Configuration
Whether you are using IPv4 or starting the migration to IPv6, DNS performance is critical. Poor DNS configuration can add many seconds of delay to response time. Some DNS servers are set up to do both IPv6 and IPv4 queries with each request. Some DNS servers are using multicast. Do you know the performance of this critical resource at your installation?
In this session, we will start by understanding how DNS works and then move on to discuss performance issues. The topics include:
DNS configuration files
DNS commands
DNS messages
Changes to DNS for IPv6
Calculating DNS response time
May 26, 2015
Why is my FTP so slow? How can you know what is going on?
We will discuss the TCP mechanisms used in transferring large amounts of data. We will examine a number of real FTP problems to see where the slowdowns may be. We will discuss the concepts:
- Bytes in flight
- Segment size
- Throughput comparison
- Receive window size
- Filling the window
We will compare an IPv6 FTP to an IPv4 FTP using the same file. We will also look at how SSL configuration options may impact throughput.
April 28, 2015
Turn GSKSRVR Traces to PCAP
This webcast will discuss System SSL GSKSRVR traces and show how SSL Trace Translator turns such traces into PCAP files.
Do you need to diagnosis SSL problems for applications which use System SSL on IBM® z/OS® (such as Connect:Direct®)? If so, GSKSRVR traces must be used.
When might you have to use System SSL GSKSRVR traces? If you have an SSL handshake problem.
Inside Products can make finding and analyzing SSL handshake problems in GSKSRVR traces much easier. How? By translating GSKSRVR traces into PCAP format. Then you can read the PCAP file in Wireshark. And, of course, you can import the PCAP file into SSL Problem Finder.
SSL Trace Translator from Inside Products will:
For more information about SSL Trace Translator, SSL Problem Finder or the IP Problem Finders, click HERE.
Sterling Commerce is an IBM Company
Connect:Direct® and z/OS® are registered trademarks of IBM
March 31, 2015
IETF 92 Update: IPv6 Business Information Exchange (BIE)
This webcast will be a recap of the IETF 92 meeting. We will be presenting our draft for enhanced performance and diagnostic metrics (IPPM Considerations for the IPv6 PDM header ) at the IPPM working group session.
This draft is co-authored by Nalini Elkins - Inside Products, Inc., Mike Ackermann - Blue Cross Blue Shield of Michigan, and Rob Hamilton - Chemical Abstracts Service.
Google IPv6 statistics show IPv6 traffic to Google of over 6%. This is expected to double in 2015.
In this webcast, we will present our proposal and bring you up to date on the latest activities at the IETF. You may wish to view information on our IPv6 Problem Finder or IPv6 consulting. To arrange for an IPv6 class at your site, please contact us at training@insidethestack.com.
February 25, 2015
SSL Handshake Analysis
We are pleased to announce a presentation on SSL Handshake Analysis in conjuction with the Computer Measurement Group (CMG).
SSL is being widely implemented to protect TCP application traffic. How can you diagnose problems? If the connection setup and negotiation causes poor response time, can you tell?
Part of the security relies on digital certificates. In the past, only server certificates were used. Now, more and more companies are requiring client certificates. This complicates the handshake process and poses a number of new issues in management and control.
We will review a case study involving SSL FTP and show why there was so much overhead.
January 27, 2015
Anonymous Proxies
Anonymous proxies can be used to hide your IP address while accessing the web.
Anonymous proxies are being used for quite a few reasons:
- Privacy
- Allow users to bypass legal restrictions on visiting certain
web sites imposed by their country or admin
- Malicious activity without having it be tracked back to you
We will take a look at what is available both as a free and as a charged service.
We will do a live demo using one such service and take a packet trace to see what happens.
November 18, 2014
IETF 91 Update: IPv6 Business Information Exchange (BIE)
This webcast will be a recap of the IETF 91 meeting. We will be presenting our draft for enhanced performance and diagnostic metrics (IPPM Considerations for the IPv6 PDM header ) at the IPPM working group session.
This draft is co-authored by Nalini Elkins - Inside Products, Inc., Mike Ackermann - Blue Cross Blue Shield of Michigan, and Rob Hamilton - Chemical Abstracts Service.
Google IPv6 statistics show IPv6 traffic to Google of 4.75%. This is expected to double in 2015. It may be worth considering the impact to your web sites of 10% of the incoming traffic becoming IPv6 only. How many customers does that mean? Will your website handle such customers or turn them away? Remember IPv4 and IPv6 are not compatible. Users are now accessing websites with mobile devices which are IPv6 only. This will only continue to grow.
We believe that networks cannot continue to grow sustainably without adequate measurement and diagnostic techniques. Our proposal for the IPv6 PDM header would embed such measurement in the packet header. If a uniform mechanism is available for all applications and upper layer protocols (TCP, UDP, SCTP, ICMP), then stack and hardware vendors can process this header in hardware for best performance.
In this webcast, we will present our proposal and bring you up to date on the latest activities at the IETF.
October 21, 2014
Geolocation and DNS Merge with Deep Packet Inspection
External information such as DNS names and geographical information can help when troubleshooting network problems. This webcast will show how the TCP Problem Finder product can merge geolocation and DNS data with deep packet inspection to quickly resolve problems.
With TCP Problem Finder, the steps for diagnosis are:
1. Find the DNS and geographical information
2. Deduce the subnet or VLAN configuration
3. Analyze the problems by diving deep into the packets.
How can geographical information help in network troubleshooting? We were analyzing a response time problem and found that the server we were going to was located halfway around the world from us. No wonder we were seeing so many errors and such poor throughput! Mapping is the first step to positioning yourself to quickly solve problems.
September 23, 2014
Integrating Layer 2 and Layer 3 Diagnostics
What can we learn from the layer 2 (interface - MAC) addresses which will help in diagnosing network problems more quickly? It turns out that by analyzing a packet trace and integrating layer 2 with layer 3, we can:
1. Deduce the subnet or VLAN configuration
2. Find the kind of devices on the network
In this session, we will briefly discuss the OSI Layers:
1: physical
2: data link (neighbor-neighbor, e.g., Ethernet)
3: network (entire path, e.g., IP)
4: end-to-end (e.g., TCP, UDP)
Then, we will look at the structure of MAC addresses and the role of the IEEE.
We will finish by looking at ARP packets. ARP or Address Resolution Protocol deals with layer 2 and layer 3 addresses. ARP can help to deduce what is in the neighbor cache. It can also help us find which devices are asking to join the network - for example, on a hotel or airport WiFi network.
August 26, 2014
Large Scale Measurement of Broadcast Performance
The measurement of performance on the Internet, and corporate intranets, in a standard and consistent manner is of great interest to many. Performance issues touch our lives daily. You may encounter a slow download from a web site, a flickering streaming video, or even problems accessing financial data.
This talk will be on the work being done at the IETF for broadband measurement. It will be given by Al Morton of AT&T, an expert in the area of performance metrics and the author or co-author of 21 RFCs and 11 drafts which are in process. His work includes :
RFC5835 : Framework for Metric Composition
RFC3432 : Network performance measurement with periodic streams
RFC4737 : Packet Reordering Metrics
RFC5357 : A Two-Way Active Measurement Protocol (TWAMP)
RFC5481 : Packet Delay Variation Applicability Statement
Topics discussed include:
- How did we reach this point in IETF evolution?
- Brief overview of LMAP
- Supporting work in IPPM - IP Performance Metrics WG
- Definitions of Fundamental Metrics and Measurement Protocols
- Reference Path and Measurement Points
- Registry for Performance Metrics
- The Holy Grail: a standardized capacity/throughput metric
- LMAP Charter
- LMAP Details
- Use Cases for wanting measurements (provider, regulator, end user)
- Key Tenets of the Operational Framework
- Information Model for configuring measurements and reporting results
- Protocol proposals for controlling/configuring endpoints and reporting resultsLarge Scale Measurement of Broadband Performance
July 29, 2014
IETF 90 Update : IPv6 Business Information Exchange
This webcast is a meeting of the IPv6 Business Information Exchange. It will be an update of the events at IETF 90 in Toronto starting July 20th. In this session, we will discuss the activities of the IPv6 (v6ops) and IPPM (IP Performance Metrics) groups.
At IETF 90, we will be presenting the Passive Framework draft in the IPPM working group. We will discuss any comments on that. We will also discuss the next steps for our IPv6 Performance and Diagnostic Metrics Extension Header.
June 24th, 2014
Case Study: 95% Overhead for SSL FTP
This webcast will show how SSL Problem Finder can help quickly analyze problems such as a recent case with 95% overhead for an SSL FTP.
After much analysis, it turned out that the SSL application was coded to encrypt one byte at a time. So, data was being sent with one byte of real data and 20 bytes of SSL overhead. No wonder it was taking so long!
The FTP application was an in-house effort coded by the business partner. Do you know if your applications have such inefficiencies? Our SSL Problem Finder product includes analysis of such problems. It can save you days or weeks of tedious effort!
We will also show other interesting problems that can be solved by SSL Problem Finder.
May 27, 2014
TLS and DTLS Handshakes / Heartbeats
This webcast will discuss the handshake process for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). How are they the same? How are they different? TLS is used often for securing connections. What about DTLS? Where might that be used?
You have undoubtedly heard of the TLS and DTLS heartbeat packets involved in the Heartbleed security bug. We will look at a number of traces with such packets.
This session will cover:
1. Introduction to DTLS
2. DTLS / TLS differences
3. TLS handshakes
4. DTLS handshakes
5. Heartbeat packets
We will look at a number of traces to illustrate these concepts.
April 22, 2014
IPv6 Business Information Exchange
Nalini Elkins (Inside Products) and Mike Ackerman (Blue Cross Michigan) will talk about the current status of our draft RFC on Network Performance Data Metrics for IPv6. Where we are, and what we hope to accomplish for the IETF meeting in Toronto in July.
We have been pursuing establishing an RFC for measuring the performance of IPv6 networks for some time now. The process is time-consuming, but we think we are creating a stronger result. See where we have gotten, and feel free to offer up suggestions for further improvements.
March 25, 2014
Why is My FTP So Slow?
This session will discuss the TCP mechanisms used in transferring large amounts of data. We will go through a number of real FTP problems to see where the slowdowns may be. We will discuss the concepts:
We will also compare an IPv6 FTP to an IPv4 FTP using the same file.
February 25, 2014
Timing Issues in SSL Handshakes
This webcast we will discuss the timing issues that affect SSL handshakes. We will discuss:
We will look at actual packet flows for SSL handshakes.
You can download the recording HERE
October 22, 2013
Understanding DNS Performance and Configuration
Whether you are using IPv4 or starting the migration to IPv6, DNS performance is critical! Poor DNS configuration can add many seconds of delay to response time! Some DNS servers are set up to do both IPv6 and IPv4 queries with each request. Some DNS servers are using multicast. Do you know the performance of this critical resource at your installation?
In this session, we will start by understanding how DNS works and then move on to discuss performance issues. The topics include:
September 17, 2013
IETF 87 Update
This webcast was a report of our experience at the IETF 87 meeting in Berlin. The IETF creates RFCs which are the architectural specifications for the Internet. This also affects networks run by large corporations. We also discussed the a proposal for a new Performance and Diagnostic Metrics (PDM) Destination Options Header that we presented at the v6ops and 6man working groups.
July 16, 2013
IPv6 Business Information Exchange (Shumon Huque, University of Pennsylvania)
IPv6 has been deployed in major parts of the University of Pennsylvania's campus network since 2005. Besides network infrastructure, several key application services are IPv6 enabled, including a variety of Web (HTTP) servers, DNS, NTP, XMPP, and others. This session will include a discussion of why the university deployed IPv6, what problems were encountered, what worked well, what problems remain, and what they would do differently.
You can download the recording HERE. And download the foils HERE.
March 26, 2013
TCP forms the basis of most network traffic. If you deal with networks, you need to know how it works. Our speaker, Nalini Elkins, CEO of Inside Products, will go over the basics: how network traffic is broken up into packets, how TCP packets work, and a little on how to look at packets to understand what is happening if things are not working right.
We will look at the following:
- Basic TCP packet structure
- The TCP Open sequence
- TCP Congestion Window
- Common problems at TCP Close
This is an introductory session, primarily for those who are new to the TCP world.
February 19, 2013
IPv6 Security
Hackers are already aware of the security vulnerabilities in IPv6, and there are implications across all TCP connected platforms. Forewarned is forearmed. Our speaker, Nalini Elkins, CEO of Inside Products, will identify the critical vulnerabilities and provide a technical and management overview of how the new IPV6 intrusions work, what is more secure, and what is not so secure.
To download foils, click HERE.
January 15, 2013 (John Curran, CEO of ARIN)
Ready of Not, IPv6 is Here
We have reached a critical point in the future of the Internet. IPv4 addresses have now fully depleted from the IANA free pool, and two out of five Regional Internet Registries (RIRs) have already reach their final inventories of IPv4 address space, including the Asia-Pacific and European regions. ARIN, the RIR that manages the distrubtion of IP addresses in Canada, the US, and parts of the Caribbean, could face IPv4 depletion soon as well. It is imperative that companies adopt the next generation of Internet Protocol, IPv6, before time runs out and the global Internet community is fragmented. In order to avoid potential operability issues later, organizations everywhere are encouraged begin IPv6 adoption now, as consumers will start to expect IPv6 enabled websites.
In this webinar, John Curran, President and CEO of the American Registry for Internet Numbers (ARIN), will describe the business case for adopting IPv6, the steps enterprises should already be taking to prepare for post-IPv4 depletion challenges, and how to get IPv6 address space from ARIN. He will also review regional and global IPv4 depletion and IPv6 adoption statistics, address allocation trends, and the IPv6 educational resources available to help hosting companies and other network operators prepare.
October 24, 2012
Understanding DNS Configuration and Performance
Whether you are using IPv4 or starting the migration to IPv6, DNS performance is critical! Poor DNS configuration can add many seconds of delay to response time! Some DNS servers are set up to do both IPv6 and IPv4 queries with each request. Some DNS servers are using multicast. Do you know the performance of this critical resource at your installation?
In this session, we will start by understanding how DNS works and then move on to discuss performance issues. The topics include:
August 21, 2012
Introduction to IPv6 Addressing
IPv6 adoption is the buzz across Enterprises of all sizes across the globe. The World is running out of IPv4 addresses and IPv6 implementation is becoming a major concern.
IPv6 is much more than a larger address. Yes, the IP address has changed from 32 bits to 128 bits but what is more important is that address planning, the kinds of addresses, and how DHCP and DNS are to be used and configured have all been changed. New concepts and protocols such as Stateless Address Autoconfiguration (SLAAC), Neighbor Discovery, Router Discovery, and Multicast Listener Discovery protocols must be understood. Many new ICMP messages have been introduced leading to changes in how firewalls policies are to be done.
May 30, 2012
Complications with Digital Certificates
Secure Sockets Layer (SSL) is being widely implemented to protect TCP application traffic. Part of the security relies on digital certificates. In the past, only server certificates were used. Now, more and more companies are requiring client certificates. This complicates the handshake process and poses a number of new issues in management and control.
This session discussed:
We started by understanding the cryptographic concepts that underlie digital certificates. Our new Certificate Checker product was used to illustrate how certificates appear in traces.
March 21, 2012
This webcast discussed how the power of the mainframe can be harnessed to analyze TCP packet flow. Our IP Problem Finder products have been turning packet traces into English for years. This set of products imports an IP packet trace (CTrace or WireShark), analyzes and correlates the packet flow, and then tells you in an English language report what went wrong.
We have now made much of the logic of the IP Problem Finders available on the mainframe, too. Customers were telling us that they want to read in many hundreds of thousands packets - even millions of packets! What better place to do that than the mainframe?
In this webcast, we showed how we use the power of the mainframe to quickly analyze trace flow. We will also discuss several problem situations and how IP Problem Finder can help pinpoint problems.
February 15, 2012
Selective Acknowledgments (SACK) and Bytes in Flight (BIF)
This webcast looked at some interesting topics in TCP/IP performance: Selective Acknowledgments (SACK) and Bytes in Flight (BIF). RFC2018 defines SACK as follows:
"TCP may experience poor performance when multiple packets are lost from one window of data. With the limited information available from cumulative acknowledgements, a TCP sender can only learn about a single lost packet per round trip time. An aggressive sender could choose to retransmit packets early, but such retransmitted segments may have already been successfully received.
A Selective Acknowledgment (SACK) mechanism, combined with a selective repeat retransmission policy, can help to overcome these limitations. The receiving TCP sends back SACK packets to the sender informing the sender of data that has been received. The sender can then retransmit only the missing data segments."
We first viewed traces with Selective Acknowledgments, out of order and retransmitted packets. Then we moved on to discuss:
December 15, 2011
Data Mining to Tune TCP/IP
This webcast discussed how to turn all that data in SMF or provided by TCP/IP monitors into real information. As more and more applications use TCP/IP, it is important to know how the additional usage impacts the overall system. We discussed What causes overhead? How to find problems and pinpoint traffic that may not be necessary. What can be done about them?
Some real examples of problems we have found include a printer sending an error message once a millisecond or a load balancer starting a connection once a second to four different DB2 systems.
October 13, 2011
IPv6 and the IETF
At the IPv6 Business Information Exchange meeting we discussed how enterprise customers can become more involved with the Internet Engineering Task Force (IETF). We also talked about our participation at the last IETF (IETF 82 in Quebec) and a draft RFC that members of the IPv6 BIE proposed at that meeting.
The decisions made by the IETF impact all enterprise networks. We should be there to present our viewpoints and to make our concerns known. In our discussions with them, the IETF has made it clear that they welcome our participation.
Speakers
Mike Ackermann: Blue Cross Blue Shield Michigan
Nalini Elkins: Inside Products, Inc.
September 7, 2011
Understanding DNS Configuration and Performance
Whether you are using IPv4 or starting the migration to IPv6, DNS performance is critical! Poor DNS configuration can add many seconds of delay to response time! Some DNS servers are set up to do both IPv6 and IPv4 queries with each request. Some DNS servers are using multicast. Do you know the performance of this critical resource at your installation?.
Take a look at some of these DNS analysis reports:
http://www.insidethestack.com/dns.html
In this session, we started by understanding how DNS works and then moved on to discuss performance issues. The topics included:
March 23, 2011
SSL Handshake Analysis
SSL is being widely implemented to protect TCP application traffic. How can you diagnose problems? If the connection setup and negotiation causes poor response time, can you tell? In this session, we will discuss how to:
We will demonstrate how SSL Problem Finder can automatically analyze handshake problems.
Problems may include:
February 23, 2011
Saving Money by Tuning TCP
Many problems occur on TCP/IP networks. Tuning TCP can save mainframe CPU MIPs. At one installation, we were able to drop the CPU usage of the TCP/IP stack by a third.
You may be able to delay upgrades while getting better throughput for your TCP/IP network. The mainframe is one of the most critical and expensive resources in the data center. Unnecessary overhead for the TCP stack is something that can be eliminated.
Nalini Elkins and Jim Ashton show what we have done with our Network Health Check at various companies, as well as the results of these efforts.
Copyright 2016 Inside Products, Inc. All rights reserved.