dcsimg

Guess what happens when you use APM to zoom in—and then zoom back out again?

Imagine sitting inside this home with the benefits of seeing what's going on with everything that you are responsible for—the apps, your end-users, potential threats to your environment, and the value you add to your organization.

For most application performance monitoring (APM) solutions, you have complete visibility of all the transactions from end-to-end.

Typically, you zoom in to an issue based on first finding out about the end-user experience (or get calls from the helpdesk) that an app is slow or down and then begin to troubleshoot.

'And is better than Or' ─ especially in Performance Monitoring

As you may know, Gartner published its new 2014 Magic Quadrant for Network Performance Monitoring and Diagnostics (NPMD) a few weeks ago, and we’re thrilled to be positioned as a leader.

Being a leader in a market segment is a HUGE achievement, but when a company is a leader in two related performance monitoring markets, that can be GAME CHANGING for you!

 

One of the key analysts covering our solutions summarized the challenge nicely, “When trying to pin down the top factors impacting application performance, the right answer is that there is no right answer ... the source of a performance problem could be almost anywhere!” says Julie Craig of Enterprise Management Associates (EMA).

Today, it’s more critical than ever for you to have a holistic understanding of performance, and an accurate representation of everything that can impact it—from poorly executing application code to an overloaded server or load balancer.

10 Years of Steelhead and More – Solving Distance and Location Challenge for Delivering Applications

This month marks the 10-year anniversary of the first shipment of Riverbed’s groundbreaking Steelhead WAN optimization appliance.

If you look back 10 years ago, the technology landscape was obviously very different compared to what it looks like today. There was no Twitter or Facebook, smartphones were in their infancy, and Google was still a private company.  Early 2004 featured a number of technology developments. The laptop was making a steady march towards overtaking the desktop as the face of the PC, video capability was just being added to the iPod, and technologies such as compression and file caching were garnering interest from enterprises looking to solve their wide area network performance issues.

In April 2004 a small San Francisco-based technology start-up by the name of Riverbed Technology introduced its groundbreaking Steelhead WAN Optimization product. Why was this groundbreaking?  

Introducing SteelFusion: branch converged infrastructure transforms branch office IT forever

steelfusion branch converged infrastructureToday is a big day for Riverbed and an even bigger day for branch offices. This morning we announced SteelFusion 3.0, branch converged infrastructure that sets and raises the bar for how you provision, protect, and recover branch IT.

Our live streamed event and announcement are not just about new product features. Riverbed has pioneered new ground in the converged infrastructure market and declares to you who struggle with the cost and inefficiency of managing servers and data in branch locations, "You can now get the best of all worlds – centralized data, local performance and instant recovery."

In the words of Mike Rinken, Dir. of Technology at Mazzetti, “Why wouldn’t I want branch converged infrastructure? All the cost savings, all the benefits it brings me – and all of this is provided through SteelFusion.”

Blog Author

How to Detect a Prior Heartbleed Exploit

It was relatively widely reported in the popular press as well as many technical sites that a Heartbleed exploitation "leaves no trace".
That of course is not true.
Packets almost always tell a detailed story of what has happened, including in the case of Heartbleed.
In this post, we will describe a technique for on-going monitoring of Heartbleed exploitations, but even more importantly, if you have a sufficiently large rolling buffer of packet data, many people will be able to use this technique to reach back in time to prior to the public disclosure of Heartbleed to check if an actual exploit seems to have occurred prior to patching vulnerable servers.
This this technique uses a BPF packet filter to automatically flag larger-than-typical TLS heartbeat responses from the server, and can be used with Wireshark and tcpdump as well as with the Riverbed AppResponse and Shark products. (AppResponse and Shark support many terabytes of stored packets, coupled with the ability to quickly analyze those packets; more Riverbed product specific hints to follow).
This is still an emerging threat, and this is a heuristic based approach that in theory can have both false positives and false negatives. However, given the urgency and severity of the threat, Riverbed is sharing this publicly in parallel to internally continuing to test and validate this.
Suggested improvements to this BPF filter are welcome.
This BPF filter currently only looks at traffic from port 443 (default HTTPS port). That section can be adjusted if HTTPS is running on other ports, as well as for other protocols (e.g., an email server running IMAP on port 143). The size threshold is 30 bytes. This can be adjusted upwards to reduce false positives, if needed.
-----------
Heartbleed BPF expression
-----------
tcp src port 443 and (tcp[((tcp[12] & 0xF0) >> 4 ) * 4] = 0x18) and (tcp[((tcp[12] & 0xF0) >> 4 ) * 4 + 1] = 0x03) and (tcp[((tcp[12] & 0xF0) >> 4 ) * 4 + 2] < 0x04) and ((ip[2:2] - 4 * (ip[0] & 0x0F)  - 4 * ((tcp[12] & 0xF0) >> 4) > 30))
NOTE: this ignores VLANs for now. (VLAN-specific update to follow).
For clarity purposes, as well as to increase the ability of people to comment and suggest improvements, I will now try to break down the various sub-expressions of this specific BPF expression, and then finally at the bottom, for similar reasons, I have included some related "Simpler" BPF expressions that parse related information.
----------------------------
Breaking Down the Heartbleed BPF expression
----------------------------
# A response from server on port 443. 
# This can be modified if server not using 443.
tcp src port 443 
# This calculates the start of payload data beyond TCP.
tcp[((tcp[12] & 0xF0) >> 4 ) * 4
# Use that start-of-payload calculation to see if first payload byte is 0x18 (SSL Heartbeat message)
(tcp[((tcp[12] & 0xF0) >> 4 ) * 4] = 0x18) 
# Use that start-of-payload calculation to see if second payload byte is 0x03 (SSL/TLS version major version 3)
(tcp[((tcp[12] & 0xF0) >> 4 ) * 4 + 1] = 0x03) 
# Use that start-of-payload calculation to see if third payload byte is less than 0x04 (SSL/TLS minor version 1-3)
(tcp[((tcp[12] & 0xF0) >> 4 ) * 4 + 2] < 0x04) 
# Determine if the TCP payload length is greater than 16. 
# NOTE: if this generates too many false positives, this number can be increased
((ip[2:2] - 4 * (ip[0] & 0x0F)  - 4 * ((tcp[12] & 0xF0) >> 4) > 30))
-----------------------------
Related "warm ups" - simpler BPF examples that demonstrate parsing the needed fields 
-----------------------------
# ip datagram len is 40 bytes
ip[2:2] = 40    
# ip header len is 5 32-bit words, or 20 bytes (5 32-bit words, length of 5×32 = 160 bits = 20 bytes, or 5x(4 bytes/word) = 20 bytes)
ip[0] & 0x0F = 5    
# tcp header len is 5 32-bit words, or 20 bytes (5 32-bit words, length of 5×32 = 160 bits = 20 bytes, 5x(4 bytes/word) = 20 bytes)
((tcp[12] & 0xF0) >> 4 ) = 5   
# now find packets with zero tcp payload len (tcp LEN pseudo field is 0)
#           datagram len   -  4 * ip header len   - 4 * tcp header len
tcp and (   ip[2:2]        -  4 * (ip[0] & 0x0F)  - 4 * ((tcp[12] & 0xF0) >> 4 )  =  0)
 
Finally, if interested, here’s a quick pointer to best code-level description I’ve seen so far of the actual bug:
  http://blog.existentialize.com/diagnosis-of-the-openssl-heartbleed-bug.html
 
And here’s an overview of heartbleed in general:
   http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
 

It is being widely reported in the popular press as well as many technical sites that a Heartbleed exploit "leaves behind no trace".

That of course is not true. 

Packets almost always tell a detailed story of what has happened, including in the case of Heartbleed. The reason it's being repeated so frequently that a Heartbleed exploit "leaves behind no trace" is because on the server, a Heartbleed-based exploit almost never leaves behind any evidence.  Stored packets, on the other hand, do tell the story of a Heartbleed exploit even after the hacker has stopped an active attack. 

In this post, I will describe a technique for on-going monitoring of Heartbleed exploits, but even more importantly, if you have a sufficiently large rolling buffer of packet data, many people will be able to use this technique to reach back in time to prior to the public disclosure of Heartbleed to check if an actual exploit seems to have occurred prior to patching vulnerable servers.

Interop 2014 Las Vegas: It's all about the end user

The Interop conference took place last week in Las Vegas and Riverbed was front and center with a large booth, customer presentations, product demonstrations, and panel participation. 
Technology themes including cloud computing, virtualization, and software-defined networking was clearly top of mind with both exhibitors and attendees. Riverbed's message of enabling location-independent computing with a robust application performance platform appeared to be resonating with attendees. 
There was another common theme that we kept hearing from attendees and that is the importance of end user experience.  Here is a fun video that shows what IT folks think about end user experience.

The Interop conference took place last week in Las Vegas and Riverbed was front and center with a large booth, customer presentations, product demonstrations, and panel participation. 

Technology themes including cloud computing, virtualization, and software-defined networking were clearly top of mind with both exhibitors and attendees. Riverbed's message of enabling location-independent computing with a robust application performance platform appeared to be resonating with attendees.

There was another common theme that we kept hearing from attendees and that is the importance of end user experience. Here is a fun video that shows what IT pros would change about their users if they could.

Launch and Recover Branch Office Services in 10 Minutes

Distributed office environments have most of their storage sitting at branch offices. With the branch converged infrastructure solution from Granite you centralize all branch data into the data center, and then virtually project the data and services back to the branches. And they all can be managed and controlled by the same Granite box, explained Ali Alikhan, Technical Marketing Engineer for Riverbed.

Granite converged branch infrastructure has multiple advantages:

  • It consolidates your remote IT
  • Provides local performance
  • Combines compute and storage, virtualization, and WAN optimization.

By centralizing data, Granite eliminates the need for painful branch backups, plus it allows for deduplication over the WAN.

Granite’s real power is in its ability to provision branch offices with data and services incredibly quickly. Once a box has been shipped to the location, you can set up a new branch in 10 minutes with all services. And because it’s using the Riverbed solution, all services and data will perform as if everything was right there in the office even though it’s all traveling over the WAN.

Riverbed Accelerates Disaster Recovery Threefold

No one likes a digital disaster. Luckily, you have a disaster recovery (DR) plan in place, right? How much is it costing your business as you wait for your DR team to return your business back to normal? At Interop 2014, Alex Lee, Sr. Technical Marketing Engineer for Riverbed showed me how Riverbed is optimizing disaster recovery by a factor of three.

The key to speeding up your DR is to overcome impediments such as packet loss, latency, and congestion, while maintaining quality of service (QoS) rules to protect that traffic and insure bandwidth for that traffic, said Lee.

With the Riverbed solution you can transfer 65 GB of data across a 155 megabit circuit with 15 milliseconds of latency in just 30 minutes, said Lee. Without the Riverbed solution it could take as long as an hour and a half.  

Interop Flashback: 2001 Keynote

This week marks the 11th Interop I am participating in as a Riverbed employee. Interop, along with the networking industry as a whole, has obviously evolved over the years. As I sat through one of the keynote addresses this week in Las Vegas, I could not help but to reflect on the personal experience I had at the Interop that took place in 2001.

I worked for a small Silicon Valley start-up and we were chosen by Intel to have our HD Over IP streaming media platform spotlighted as one of the technology innovations that was pushing the limits of network infrastructures. 

Elastic Application Delivery with Stingray Services Controller

Traffic goes up. Traffic goes down. Not only do you want bandwidth to handle that, you want your entire networking ecosystem to flex as well. At Interop 2014 in Las Vegas, Brian Gautreau, Senior Technical Marketing Engineer for Riverbed, gave me a demo of the Stingray Services Controller, a utility for the deployment, licensing, management, and entire lifestyle of Stingray Traffic Manager.


$mainImageBigHTML ×

Riverbed. WAN optimization for your network: Application acceleration, WAN bandwidth optimization, and IT consolidation. Riverbed is the IT performance company. WAN optimization solutions from Riverbed liberate businesses from common IT constraints by increasing application performance, enabling consolidation, and providing enterprise-wide network and application visibility – all while eliminating the need to increase bandwidth, storage or servers. Thousands of companies trust Riverbed to deliver greater productivity and cost savings by making their IT infrastructure faster, less expensive and more responsive. Riverbed solutions are also available as managed services through select providers.

We need your email to add to briefcase!

×

Update your Profile!

×
×
×