So, I was stuck trying to emulate IP SLA/track behavior on ME3400 metroethernet switches. Dunno why, the ones I got don't have IP SLA + TRACK commands, they do have IP SLA, but not track. The config manual for them says they do have track, somehow, the ones we use at work don't.
So I got to work with what I have, right?
After a bit of fumbling, I finally made it work, that's the config on the ME3400 on site A:
ip sla 1
icmp-echo 2.2.2.2 source-ip 1.1.1.1
timeout 1000
threshold 1000
frequency 1
ip sla schedule 1 life forever start-time now
ip sla reaction-configuration 1 react timeout threshold-type consecutive 3 action-type trapOnly
ip sla reaction-configuration 1 react rtt threshold-value 1000 3000
ip sla enable reaction-alerts
event manager applet RTT-Down
event syslog pattern "%RTT-4-OPER_TIMEOUT: condition occurred, entry number = 1"
action 0.0 cli command "enable"
action 0.1 cli command "conf t"
action 1.0 cli command "interface Gi0/1"
action 2.0 cli command "shut"
action 3.0 syslog msg "interface-shut EEM shut down interface Gi0/1"
event manager applet RTT-Up
event syslog pattern "%RTT-4-OPER_TIMEOUT: condition cleared, entry number = 1"
action 0.0 cli command "enable"
action 0.1 cli command "conf t"
action 1.0 cli command "interface Gi0/1"
action 2.0 cli command "no shut"
action 3.0 syslog msg "interface EEM brought up interface Gi0/1"
!
There's the log on ME3400-A when the ME3400-B went down:
Jun 1 00:06:12.228: %RTT-4-OPER_TIMEOUT: condition occurred, entry number = 1
Jun 1 00:06:12.480: %E_CFM-6-ENTER_AIS_INT: Interface GigabitEthernet0/1 enters AIS defect condition for Down direction
Jun 1 00:06:12.597: %HA_EM-6-LOG: RTT-Down: interface-shut EEM shut down interface Gi0/1
Jun 1 00:06:12.606: %SYS-5-CONFIG_I: Configured from console by vty1
Jun 1 00:06:14.485: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively downJun 1 00:06:15.491: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
Notice it took a few seconds between failure and the "automatic" shutdown of the ME3400-A LAN Interface.
There's the log on ME3400-A when ME3400 came back up:
Jun 1 00:08:13.223: %RTT-4-OPER_TIMEOUT: condition cleared, entry number = 1
Jun 1 00:08:13.432: %HA_EM-6-LOG: RTT-Up: GVT IT Network - interface EEM brought up interface Gi0/1
Jun 1 00:08:13.441: %SYS-5-CONFIG_I: Configured from console by vty1
Jun 1 00:08:15.328: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
Jun 1 00:08:17.769: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to up
Jun 1 00:08:18.776: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
Jun 1 00:08:18.776: %E_CFM-6-EXIT_AIS_INT: Interface GigabitEthernet0/1 exited AIS defect condition for Down direction
On the Router where the ME3400-A is connected you can see both events, when it goes down and when it comes back up.
May 31 20:49:01.881: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
May 31 20:49:02.881: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
May 31 20:51:05.881: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
May 31 20:51:06.881: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
I know it's a simple script. I am quite happy with it, nonetheless.
domingo, 31 de maio de 2015
quarta-feira, 15 de outubro de 2014
Enterasys x Cisco IOS cheatsheet
Yeah, now that I collected them, a lot look kinda silly to list. Whatever... :)
show
neighbors
|
show
cdp neighbors
|
show
neighbors -verbose
|
show
cdp neighbors detail
|
show
running
|
show
running-config excluding L2 info
|
show
config
|
show
runnning-config
|
show
mac
|
show
mac address-table
|
show
arp
|
show ip
arp
|
show ip
ospf *
|
several
show ip ospf commands
|
show ip
route
|
show ip
route
|
show
port status
|
show
int status
|
show
port egress
|
show
int trunk
|
sh port
lacp port *.*.* status sum sort lag
|
show
etherchannel summary
|
show
lacp
|
show
etherchannel
|
show
vlan
|
show
vlan
|
show
port vlan
|
shows
access vlans
|
show
port alias
|
shows
interface descriptions
|
show ip
address
|
show
SVIs, loopbacks and L3 interfaces info
|
show ip
vrrp
|
shows
FHRP info
|
show
logging buffer
|
shows
log messages
|
| include
|
|find (no spaces between | and find)
|
If I find more interesting ones I will update this post.
quarta-feira, 8 de outubro de 2014
Native Wireshark interface on OSX! Finally!
Cool news,
The Wireshark devs released a new 1.99 dev release with native OSX UI support.
No more X11 glitches!
Go and download: https://www.wireshark.org/download.html
The Wireshark devs released a new 1.99 dev release with native OSX UI support.
No more X11 glitches!
Go and download: https://www.wireshark.org/download.html
quarta-feira, 17 de setembro de 2014
Narbik's CCIE R&S v5 Official Cert Guide, volume 1
CiscoPress released last month the updated CCIE R&S Official Cert Guide, for the v5 blueprint. After two lab attempts, I thought it would be a good idea to refresh on reading a bit and give it a cold start.
I am still reading the EIGRP chapter and boy, the book is great. The previous v4 book (not written by Narbik) was, in my opinion, a large topic list, as if the author simply decided to peruse the old blueprint and write a few paragraphs about each topic.
In this book Narbik (and co-author Peter Paluch) decided to take a different turn and give readers the inner workings of the topics. Was it exhaustively explained in other books (CCNP and so)? Yes. But not the same way and not the same depth. It sincerely feels like the authors know that for example, EIGRP's FD is very commonly misunderstood. And they go down the guts to make it clear. It is very refreshing (and I admit I misunderstood FD). The text is dense sometimes, but it is welcome.
Only the first volume has been released as of writing this post. It is a great book for any R&S professional. As I always like to say, the key to study for certifications is studying only the necessary, so if you are studying for CCNA/CCNP, just don't go that deep yet, keep it simpler while you can. But if you already work with it, the information in this book is highly useful.
I am still reading the EIGRP chapter and boy, the book is great. The previous v4 book (not written by Narbik) was, in my opinion, a large topic list, as if the author simply decided to peruse the old blueprint and write a few paragraphs about each topic.
In this book Narbik (and co-author Peter Paluch) decided to take a different turn and give readers the inner workings of the topics. Was it exhaustively explained in other books (CCNP and so)? Yes. But not the same way and not the same depth. It sincerely feels like the authors know that for example, EIGRP's FD is very commonly misunderstood. And they go down the guts to make it clear. It is very refreshing (and I admit I misunderstood FD). The text is dense sometimes, but it is welcome.
Only the first volume has been released as of writing this post. It is a great book for any R&S professional. As I always like to say, the key to study for certifications is studying only the necessary, so if you are studying for CCNA/CCNP, just don't go that deep yet, keep it simpler while you can. But if you already work with it, the information in this book is highly useful.
quarta-feira, 6 de agosto de 2014
Network Tools and Friends, or, what I have installed on my Work laptop.
These are the network tools I find useful to have installed in my Work laptop.
I always miss having a checklist when I decide to fire up a new VM/laptop, so here it is.
The tools below are my personal choice. They're not all Network Tools per se, but you cannot do any proper work without them, so I included them anyway.
Most of these have equivalent/superior GNU/Linux variants. Except for fucking diagrams where nothing is really useful. No, Dia is not good enough, until it can edit Visio XML at the very least.
Most Linux tools are available on OS X via MacPorts. I understand the old cygwin can provide a framework to install the same tools on Windows, and maybe a lot of them have directly ported text Windows versions. In my book, you only need them if all you have available is Windows. Windows is the last option for me, when all others are not available.
My current work laptop is a Mac. I run VMWare Fusion with Outlook and Visio in it. Simply because Outlook for Mac is horrible and there are many really big visio files that corrupt once converted to OmniGraffle format and I cannot get them back to Visio XML. MS you are a motherfucker.
I used to have a large Linux tools library, but it's been like 3 years since I last used GNU/Linux as a desktop, so I forgot most of them.
I do not support nor use pirated software. That's my life, if you think otherwise, save yourself time and don't bother discussing it with me. It's a dead end.
* Marked OS Neutral items aren't available for Linux, unfortunately.
OS neutral
Wireshark
SecureCRT / PuTTY / KiTTY
GNS3 / IOU
Firefox / Chrome
Dropbox
Adobe Reader
VirtualBox
Java
TeamViewer
Gimp
MS Office* (Sorry, no LibreOffice in my list)
1Password* with Dropbox sync
tor (basically to test a random incoming connection from somewhere in the Internet)
iperf / jperf
Windows
tftpd32 by Philippe JOUNIN
Notepad++
MS Visio
VMWare Workstation
Meld
cygwin (just because)
OS X
MacPorts
OmniGraffle
TextEdit/SublimeText2
iTerm2
Cyberduck
Dig interface by EmbeddedSoft.ca
VMWare Fusion
Kaleidoscope
TftpServer
WifiExplorer
Linux
GEdit / VIm
lftp
irssi
Dia (I really hate it)
screen / tmux (tmux is cool, I can log sessions way easily with it)
iftop
tshark
tcpdump
tftpd (any variant will do, whatever the distro offers)
ftpd (generally vsftpd, but same rule as above)
syslog-ng or any variant that allows incoming udp syslog messages
nc (netcat)
watch
smokeping / fping / hping / arping
ettercap
I always miss having a checklist when I decide to fire up a new VM/laptop, so here it is.
The tools below are my personal choice. They're not all Network Tools per se, but you cannot do any proper work without them, so I included them anyway.
Most of these have equivalent/superior GNU/Linux variants. Except for fucking diagrams where nothing is really useful. No, Dia is not good enough, until it can edit Visio XML at the very least.
Most Linux tools are available on OS X via MacPorts. I understand the old cygwin can provide a framework to install the same tools on Windows, and maybe a lot of them have directly ported text Windows versions. In my book, you only need them if all you have available is Windows. Windows is the last option for me, when all others are not available.
My current work laptop is a Mac. I run VMWare Fusion with Outlook and Visio in it. Simply because Outlook for Mac is horrible and there are many really big visio files that corrupt once converted to OmniGraffle format and I cannot get them back to Visio XML. MS you are a motherfucker.
I used to have a large Linux tools library, but it's been like 3 years since I last used GNU/Linux as a desktop, so I forgot most of them.
I do not support nor use pirated software. That's my life, if you think otherwise, save yourself time and don't bother discussing it with me. It's a dead end.
* Marked OS Neutral items aren't available for Linux, unfortunately.
OS neutral
Wireshark
SecureCRT / PuTTY / KiTTY
GNS3 / IOU
Filezilla
EvernoteFirefox / Chrome
Dropbox
Adobe Reader
VirtualBox
Java
TeamViewer
Gimp
MS Office* (Sorry, no LibreOffice in my list)
1Password* with Dropbox sync
tor (basically to test a random incoming connection from somewhere in the Internet)
iperf / jperf
Windows
tftpd32 by Philippe JOUNIN
Notepad++
MS Visio
VMWare Workstation
Meld
cygwin (just because)
OS X
MacPorts
OmniGraffle
TextEdit/SublimeText2
iTerm2
Cyberduck
Dig interface by EmbeddedSoft.ca
VMWare Fusion
Kaleidoscope
TftpServer
WifiExplorer
Linux
GEdit / VIm
lftp
irssi
Dia (I really hate it)
screen / tmux (tmux is cool, I can log sessions way easily with it)
iftop
tshark
tcpdump
tftpd (any variant will do, whatever the distro offers)
ftpd (generally vsftpd, but same rule as above)
syslog-ng or any variant that allows incoming udp syslog messages
nc (netcat)
watch
smokeping / fping / hping / arping
ettercap
domingo, 20 de julho de 2014
OSX Mavericks, GNS3 and IOU VM working together!
I won't get into many details, this is mostly an annotation in case I need to do it again in the future.
This setup is using OSX Mavericks, GNS3 latest stable (aye, not the prerelease, it is not relevant yet), VMWare Fusion and the iou-web CentOS VM.
(btw, this blog is no helpline. Do not try to contact me to ask me how I did it. Study my steps and search the Internet, this is more than enough help)
Part 1 - GNS3
sudo ifconfig bridge1 create
sudo ifconfig bridge1 up addm tap0 addm en0 addm vmnet3
Notice that if your GNS3 sessions is lost, you have to rebind the tap0 nic to the bridge, since GNS3 will destroy the tap0 with it.
Part 2 - IOU
Now on IOU, it was fairly easier, but the frakking software has the same verbose level as some morons I know. There were two catches.
So, rants aside. With the cloud finally starting up on IOU, it was just a matter of repeating the same steps. Put an interface in dhcp client mode, enabled it and voilá, it got an IP address via the vmnet dhcp server. Pings at will and everyone is happy, I will now shit in honour of my greatness.
Conclusion
I have no idea why the heck I took all this trouble. I mean, that was a lot of work to get a lot of buggy software to work. Yet, that is how people study when they don't want to spend money on rack rentals right? It might come in handy. I was actually trying to see if I could do it. Just to see if I could make it work or not. And yes, the brownload is ready to start.
(my mood is awesome).
This setup is using OSX Mavericks, GNS3 latest stable (aye, not the prerelease, it is not relevant yet), VMWare Fusion and the iou-web CentOS VM.
(btw, this blog is no helpline. Do not try to contact me to ask me how I did it. Study my steps and search the Internet, this is more than enough help)
Part 1 - GNS3
- OSX Mavericks - Install tuntap opensource driver.
- GNS3 - run the binary as root. No help running 'sudo /Applications/GNS3.app', you need to run the GNS3 binary inside the app.
- Create the topology inside GNS3, insert a cloud, insert a NIO TAP with full device path, ie, /dev/tap0.
- After you connect that cloud port to a GNS3 device (I suppose you will connect it to a GNS3 switch, but whatever), the GNS3 will try to spawn the /dev/tap0, hence the root privileges.
- Check via ifconfig if the port exists. If it exists, create a new bridge interface and add it and whatever interface you want to the bridge.
sudo ifconfig bridge1 create
sudo ifconfig bridge1 up addm tap0 addm en0 addm vmnet3
Notice that if your GNS3 sessions is lost, you have to rebind the tap0 nic to the bridge, since GNS3 will destroy the tap0 with it.
- Now, a good test is in order. Fire up a GNS3 device connected to the cloud, put it in DHCP client mode, let it get an IP address. Ping the VMWare hypervisor, knock yourself out. First part is done.
Part 2 - IOU
Now on IOU, it was fairly easier, but the frakking software has the same verbose level as some morons I know. There were two catches.
- 1st catch, create or use any vmnet besides the one assigned to eth0. eth0 is hardcoded, so you cannot use it. I created a vmnet3 host-only network with a dhcp server and no authorization required for promiscuous mode. I read in some reports promiscuous mode is important. In any case, I had to enable the eth1 interface manually, and since I was there anyway, I added the promiscuous mode and got a DHCP client lease for it. As a good testing point, I pinged the routers inside GNS3 and it worked. The ping from the other side worked, well, just in case.
- 2nd catch, it was damm hard to find it. Because frakking ioulive86 (sorry, your software is great but could use some more verbosity) simply spat "no mapped ioulive86 instance found" and that was it. I was about to drop it and take a shit in name of my incompetence when I decided to create a new NETMAP entry and put the cloud line below the first line. What gives, it worked. So the caveat maybe is just that it needs to be on the second line of the NETMAP. I did not write it, I dunno what could be wrong. Maybe it just needed and line feed, whatever. It works. That is why I left software dev. I hate hasty code.
So, rants aside. With the cloud finally starting up on IOU, it was just a matter of repeating the same steps. Put an interface in dhcp client mode, enabled it and voilá, it got an IP address via the vmnet dhcp server. Pings at will and everyone is happy, I will now shit in honour of my greatness.
Conclusion
I have no idea why the heck I took all this trouble. I mean, that was a lot of work to get a lot of buggy software to work. Yet, that is how people study when they don't want to spend money on rack rentals right? It might come in handy. I was actually trying to see if I could do it. Just to see if I could make it work or not. And yes, the brownload is ready to start.
(my mood is awesome).
sábado, 19 de julho de 2014
Algorhyme
Wow, I cannot believe I never published this poem before...
It is as old as STP itself, in fact, this is part of the original paper by the very impressive Madam Radia Perlman, known as the author of the protocol. If you never read, the must-read book on STP is this. Unfortunately, it is a print-only book, the only digital edition available is on Safari. As I really don't dig into the Safari format (they charge too much and you never get the full download version in one piece), I won't recommend it. Thus you are left with some badly formatted pirated copy or the physical book. It is a pity they do not review this stupid policy. We are in the decade of all-you-can-download subscriptions, it's time O'Reilly understands this. AAANYWAY, sorry about the rant.
Here follows,
Algorhyme
I think that I shall never see
A graph more lovely than a tree.
A tree whose crucial property
Is loop-free connectivity.
A tree that must be sure to span
So packets can reach every LAN.
First, the root must be selected.
By ID, it is elected.
Least-cost paths from root are traced.
In the tree, these paths are placed.
A mesh is made by folks like me,
Then bridges find a spanning tree.
—Radia Perlman
It is as old as STP itself, in fact, this is part of the original paper by the very impressive Madam Radia Perlman, known as the author of the protocol. If you never read, the must-read book on STP is this. Unfortunately, it is a print-only book, the only digital edition available is on Safari. As I really don't dig into the Safari format (they charge too much and you never get the full download version in one piece), I won't recommend it. Thus you are left with some badly formatted pirated copy or the physical book. It is a pity they do not review this stupid policy. We are in the decade of all-you-can-download subscriptions, it's time O'Reilly understands this. AAANYWAY, sorry about the rant.
Here follows,
Algorhyme
I think that I shall never see
A graph more lovely than a tree.
A tree whose crucial property
Is loop-free connectivity.
A tree that must be sure to span
So packets can reach every LAN.
First, the root must be selected.
By ID, it is elected.
Least-cost paths from root are traced.
In the tree, these paths are placed.
A mesh is made by folks like me,
Then bridges find a spanning tree.
—Radia Perlman
Assinar:
Postagens (Atom)