Category Archives: Brocade

Brocade Network Advisor FREE Training

A Brocade está a oferecer o Brocade Network Advisor Implementation, Migration, and Configuration (BNA 150-WBT até 26 de Outubro 2014 sem custos.

Este curso é recomendado para quem pretende instalar,fazer upgrade, gerir e configurar o Brocade Network Advisor e para aqueles que pretendem obter a certificação Brocade Accredited Network Advisor Specialist (BANAS)

Para mais detalhes ver o data sheet  BNA 150 course data sheet ou Enroll Now (requer MyBrocade login)

Referências:

Special Offer Brocade Network Advisor FREE Training

 

Share

Notas Estudo BCVRE 170-010 parte 4

Chapter 9 Logging

Logging Basics

As Log messages são guardadas /var/log/messages, quando o ficheiro atinge 500kb
renomeia-o para messages.0 e abre um novo ficheiro.

O vRouter mantém os logs separados para bootup messages, PPP connection setup, IPsec connection setup, e outras features

[email protected]:~$ show log | match ERROR | more
May 16 13:30:50 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 16 13:31:20 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#995: sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument
May 18 00:10:55 training pluto[5686]: ERROR: “peer-76.74.103.7-tunnel-1”
#1043:sendto on pppoe1 to 76.74.103.7:500 failed in ISAKMP notify. Errno 22:
Invalid argument

show log all
!Mostra as ultimas 10 entradas
show log tail

Feature-Specific Logging

Actvar o debugging

[email protected]:~$ monitor protocol ospf enable ?
Possible completions:
database-timer
Enable OSPF database-timer debugging
events        Enable OSPF event packet debugging
ifsm          Enable OSPF ifsm debugging
lsa           Enable OSPF lsa debugging
nfsm          Enable OSPF nfsm debugging
nsm           Enable OSPF nsm debugging
packet        Enable OSPF packet debugging
route         Enable OSPF route debugging

[email protected]:~$ monitor protocol ospf enable events ?
Possible completions:
<Enter>       Execute the current command
abr           Enable OSPF abr event debugging
asbr          Enable OSPF asbr event debugging
lsa           Enable OSPF lsa event debugging
nssa          Enable OSPF nssa event debugging
os            Enable OSPF os event debugging
router        Enable OSPF router event debugging
vlink         Enable OSPF vlink event debugging

Para realizar logs de tráfego em transito (NAT,Firewall,etc) é preciso activar o log nas respectivas rules

[email protected]# set nat source rule 10 log enable

As entradas sao guardadas em /var/log/messages

Monitor Real-Time

Monitorizar em real-time

monitor protocol ospf
monitor nat source

Crtl-C para sair da captura

Sample Log Output

OSPF Hello packets:

[email protected]:~$ monitor protocol ospf enable packet hello
[email protected]:~$ monitor protocol ospf
Apr  5 20:30:51 vRouter ospfd[1949]: Hello received from [172.24.42.53] v
[eth2:192.168.13.1]
Apr  5 20:30:51 vRouter ospfd[1949]:  src [192.168.13.3],
Apr  5 20:30:51 vRouter ospfd[1949]:  dst [224.0.0.5]
Apr  5 20:30:51 vRouter ospfd[1949]: Packet 172.24.42.53 [Hello:RECV]:
Options *|-|-|-|-|-|E|*
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth1:192.168.12.1
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth2:192.168.13.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth1:192.168.12.1].
Apr  5 20:30:51 vRouter ospfd[1949]: make_hello: options: 2, int:
eth3:192.168.101.1
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth2:192.168.13.1].
Apr  5 20:30:51 vRouter ospfd[1949]: Hello sent to [224.0.0.5] via
[eth3:192.168.101.1].

NAT packets:

[email protected]# set nat source rule 30 log enable

[email protected]# run show log nat
Apr  5 18:17:01 vRouter kernel: [595980.330716] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=52504 PROTO=UDP SPT=7172 DPT=64544 LEN=36
Apr  5 18:17:01 vRouter kernel: [595980.341042] [NAT-SRC-30-MASQ] IN=
OUT=pppoe1
SRC=192.168.2.104 DST=173.12.167.194 LEN=56 TOS=0x00 PREC=0x00 TTL=62
ID=16918 PROTO=UDP SPT=7172 DPT=64545 LEN=36
Output omitted

Chapter 10 OSPF Single-Area

Configuring OSPF

[email protected]# show protocols ospf
area 0 {
network 10.1.1.0/24
network 10.10.1.0/24
network 10.10.2.0/24
}

[email protected]# show protocols
ospf {
area 0 {
network 10.0.0.0/8
}
default-information {
originate {
}
}
passive-interface eth1
passive-interface eth2
}

Verifying OSPF Operations

[email protected]:~$ show ip route
Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter
area
> – selected route, * – FIB route, p – stale info
Gateway of last resort is not set
O       10.1.1.0/24 [110/1] is directly connected, eth1, 00:02:57
C    *> 10.1.1.0/24 is directly connected, eth1
O    *> 10.2.1.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.2.2.0/24 [110/2] via 10.10.1.2, eth2, 00:01:30
O    *> 10.3.1.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O    *> 10.3.2.0/24 [110/2] via 10.10.2.2, eth3, 00:00:41
O       10.10.1.0/24 [110/1] is directly connected, eth2, 00:02:57
Output omitted

[email protected]:~$ show ip ospf neighbors
OSPF Process 0:
Neighbor ID     Pri State           Dead Time Address         Interface
172.24.42.52      1 Full/DR           31.721s 10.10.1.2       eth1
172.24.42.53      1 Full/DR           35.533s 10.10.2.2       eth2

[email protected]:~$ show ip ospf database
OSPF Router with ID (172.24.42.51) (Process ID 0)
Router Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum  Link count
172.24.42.51    172.24.42.51     869 0x80000005 0x1d44 3
172.24.42.52    172.24.42.52     884 0x80000005 0x84f7 3
172.24.42.53    172.24.42.53     836 0x80000005 0xe555 4
Net Link States (Area 0.0.0.0)
Link ID         ADV Router      Age  Seq#       CkSum
10.10.1.1       172.24.42.51     918 0x80000001 0x04a5
10.10.2.1       172.24.42.51     869 0x80000001 0x07a0
AS External Link States
Link ID         ADV Router      Age  Seq#       CkSum  Route              Tag
0.0.0.0         192.168.200.1     10 0x80000002 0xa3f1 E2 0.0.0.0/0       254

[email protected]:~$ show ip ospf database router 172.24.42.51
OSPF Router with ID (192.168.200.1) (Process ID 0)
Router Link States (Area 0.0.0.0)
LS age: 1587
Options: 0x2 (-|-|-|-|-|-|E|-)
Flags: 0x0
LS Type: router-LSA
Link State ID: 192.168.200.1
Advertising Router: 192.168.200.1
LS Seq Number: 80000005
Checksum: 0x1d44
Length: 60
Number of Links: 3
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.1.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.1.1
(Link Data) Router Interface address: 10.10.1.1
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 10.10.2.1
(Link Data) Router Interface address: 10.10.2.1
Number of TOS metrics: 0
TOS 0 Metric: 1

Referências:

Notas Estudo BCVRE 170-010 parte 1

Notas Estudo BCVRE 170-010 parte 2

Notas Estudo BCVRE 170-010 parte 3

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information

Share

Notas Estudo BCVRE 170-010 parte 3

Chapter 7 NAT

3 tipos de NAT:
Source NAT
Destination NAT
Bidirectional NAT – combina a source e destination NAT para translation em ambas as direções

NAT Rulebases

O NAT usa rulebases diferentes para cada tipo de NAT, as rulebases são ordenadas numericamente e quando e feito um match o vRouter termina a execução da respectiva rulebase sem analisar outras rulebases.

Cada rulebase inclui 3 parâmetros:

Filtros, identificando o tráfego a ser Nated. Caso não seja definido nenhum filtro, todo e qualquer tráfego faz match.
Post-translation address, define o IP a ser substituído quando e feito o NAT. A opção masquerade usa o address da interface outbound
A interface onde a rule e aplicada e a direção.Deve ser especificada uma interface.

Caso seja especificado um port number no filtro ou post-translation address, deve ser especificado o Layer 4 protocol (TCP,UDP,ambos)

!NAT do tráfego com origem no source address usando o endereço da interface
[email protected]# show nat source
rule 10 {
source {
address 192.168.0.0/16
}
outbound-interface eth1
translation {
address masquerade
}
}

!Fazer o translate de vários port numbers de um IP Publico para um IP privado
[email protected]# show nat destination
rule 10 {
destination {
address 1.3.5.7
port 80
}
inbound-interface eth1
translation {
address 10.2.3.4
}
protocol tcp
}
rule 20 {
destination {
address 1.3.5.7
port 25
}
inbound-interface eth1
translation {
address 10.5.6.7
}
protocol tcp
}
rule 30 {
destination {
address 1.3.5.7
port 53
}
inbound-interface eth1
translation {
address 10.8.9.1
}
protocol udp
}

[email protected]:~$ show nat source rule
Disabled rules are not shown
Codes: X – exclude rule, M – masquerade rule
rule    intf              translation
—-    —-              ———–
M10     eth1             saddr 192.168.100.0/24 to 216.134.166.19
proto-all        sport ANY

[email protected]:~$ show nat destination rules
Disabled rules are not shown
Codes: X – exclude rule
rule    intf              translation
—-    —-              ———–
10      eth1             daddr 1.3.5.7 to 10.2.3.4
proto-tcp        dport 80
20      eth1             daddr 1.3.5.7 to 10.5.6.7
proto-tcp        dport 25
30      eth1             daddr 1.3.5.7 to 10.8.9.1
proto-udp        dport 53

[email protected]:~$ show nat source statistics
rule   pkts    bytes   interface
—-   —-    —–   ———10     528     38349   eth1
20     0       0       eth1
30     1359K   96M     eth1

!Ver as NAT translations activas
[email protected]:~$ show nat source trans
Pre-NAT              Post-NAT             Prot  Timeout
192.168.2.102        216.134.166.19       tcp   47
192.168.2.104        216.134.166.19       udp   0
192.168.2.102        216.134.166.19       udp   49
192.168.2.104        216.134.166.19       tcp   431740
192.168.2.104        216.134.166.19       tcp   431522
192.168.2.102        216.134.166.19       udp   179
192.168.2.104        216.134.166.19       tcp   431739
192.168.2.104        216.134.166.19       tcp   431988
192.168.2.104        216.134.166.19       tcp   431928
192.168.2.104        216.134.166.19       tcp   431810
192.168.2.106        216.134.166.19       tcp   326344
192.168.2.102        216.134.166.19       udp   28
192.168.2.102        216.134.166.19       udp   54
192.168.2.102        216.134.166.19       udp   179
192.168.2.104        216.134.166.19       udp   6
192.168.2.102        216.134.166.19       tcp   431848

Exclusion Filters

Permite excluir que sejam efetuados determinados NATs, por exemplo quando existem túneis VPN

Estes filters podem ser criados usando um ! ou “bang” como NOT Operator

[email protected]# show nat destination
rule 10 {
destination {
address 10.10.10.0/24
}
exclude
outbound-interface eth0
}
rule 40 {
outbound-interface eth0
translation {
address masquerade
}
}

Chapter 8 Licensing and Upgrades

Nota:Apartir de 1 Novembro 2013 o entitlement e processo de upgrade descrito neste documento já não se encontra disponível

Para registar o softawre e necessario configurar os seguintes parametros:
• Repository username
• Repository password
• Entitlement key

!Verificar se o vRouter foi registado com o Vyatta entitlement server
show entitlement

Upgrading the vRouter

Para efetuar upgrade usar o comando upgrade system image, este automaticamente
ira efectuar download da nova versão. É necessário ter pre-configurado os username/password de acesso ao repositório, senão serão solicitados os dados durante o upgrade

A imagem do vRouter tem 2 componentes: o próprio software vRouter e os respectivos controladores do Linux (drivers,system,..)
Caso o system template tenha sofrido alterações, e necessário efetuar um upgrade manual senão o processo de upgrade continua normalmente.

O processo manual e similar ao criar uma nova VM com alguns passos adicionais:

1. Download the new template just as you did for your initial installation.
2. Copy the configuration file from your existing virtual machine. You can use SCP or FTP to copy it to an
external server, or use simple copy-paste from a console window.
3. Edit the configuration file to remove the hardware-specific settings. We’ll show you the details of what to
remove on the next screen.
4. Install a new virtual machine using the new template.
5. When your new VM has booted up, copy your edited configuration file to /config/config.boot on the new
system. This is the default configuration file for the vRouter device.
6. Reboot your new VM. When it boots, it will read the hardware values from the hypervisor software, and
pull the rest of the configuration data from the configuration file you just copied over.
7. Once your new VM is fully operational, you can cut over operations from the old VM. This cut over
represents the only downtime your network will experience during the upgrade process, and should be
almost non-disruptive depending on your hypervisor software.
You can verify the success of your device upgrade with the commands  show version and show system image

Referências:

Notas Estudo BCVRE 170-010 parte 1

Notas Estudo BCVRE 170-010 parte 2

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information

Share

Notas Estudo BCVRE 170-010 parte 2

Chapter 4 DHCP and DNS

vy[email protected]:~$ set interfaces ethernet eth1 address dhcp

[email protected]:~$ show dhcp client leases
interface  : eth1
ip address : 192.168.196.135    [Active]
subnet mask: 255.255.255.0
domain name: localdomain        [overridden by domain-name set using CLI]
router     : 192.168.196.2
name server: 192.168.196.2
dhcp server: 192.168.196.254
lease time : 1800
last update: Tue Jul 15 10:38:43 GMT 2014
expiry     : Tue Jul 15 11:08:43 GMT 2014
reason     : RENEW

A default route recebida via DHCP tem a AD = 210

[email protected]# run sh ip route
Codes: K – kernel route, C – connected, S – static, R – RIP, O – OSPF,
I – ISIS, B – BGP, > – selected route, * – FIB route

S>*   0.0.0.0/0 [210/0] via 192.168.196.2, eth1

[set | edit] service dhcp-server
[set | edit] shared-network-name name
[set | edit] subnet address/mask
set default-router address
set dns-server address
set start address [stop address]
set exclude address

Comandos DHCP Relay
set service dhcp-relay interface interface-name
set service dhcp-relay server ip-address

[email protected]:~$ show dhcp server leases
IP address       Hardware Address   Lease expiration     Pool      Client Name
———-       —————-   —————-     —-      ———–
192.168.42.10    00:0c:29:f5:40:6e  2009/11/04 23:52:07  DHCP-Eth0 JansPC
192.168.42.11    00:0c:29:a5:02:c7  2009/11/04 23:52:11  DHCP-Eth0 Desktop
192.168.42.22    00:15:c5:b3:2e:64  2009/11/04 17:55:01  DHCP-Eth0
192.168.42.23    00:04:f2:02:84:49  2009/11/04 17:24:59  DHCP-Eth0 FredsPC

System DNS – para uso interno do vRouter
Dynamic DNS
DNS forwarding

set system name-server name
[set | edit] service dns dynamic interface interface-name service service-provider
set login name
set password password
set server [ip-address | fqdn]
set host-name name

[set | edit] service dns forwarding
set listen-on interface-name
set system
set dhcp interface-name
set name-server ip-address
set system static-host-mapping host-name name inet ip-address

Antes de configurar o DNS forwading, é necessário especificar qual o DNS server a ser usado para as queries. By default o vRouter tenta o System DNS. Caso os do System DNS não respondam o vRouter tenta os aprendidos via DHCP. É possivel fazer override destes defaults selecionando apenas os system servers, DHCP-learned ou explicity-configured apenas para o DNS forwarding

[email protected]:~$ show dns forwarding statistics
—————-
Cache statistics
—————-
Cache size: 150
Queries forwarded: 5
Queries answered locally: 2
Total DNS entries inserted into cache: 23
DNS entries removed from cache before expiry: 0
———————
Nameserver statistics
———————
Server: 10.0.0.30
Queries sent: 5
Queries retried or failed: 0

As estaticistas mostram apenas os servers contactados, ou seja, o vRouter nunca enviou nenhuma querie para o server 10.0.0.31

Chapter 5 Routing

Routing Tables

[email protected]:~$ show ip route
Codes: K – kernel, C – connected, S – static, R – RIP, B – BGP
O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, L1 – IS-IS level-1, L2 – IS-IS level-2, ia – IS-IS inter
area
> – selected route, * – FIB route, p – stale info
Gateway of last resort is not set
C>* 10.1.1.0/30 is directly connected, eth1
C>* 10.2.2.0/30 is directly connected, eth2
C>* 127.0.0.0/8 is directly connected, lo
S>* 172.16.0.0/16 [1/0] via 10.1.1.1, eth1
O   172.16.0.0/16 [110/20] via 10.1.1.1, eth1, 00:00:35
C>* 192.168.0.0/24 is directly connected, eth0

Rotas marcadas com * são marcadas como activas

Static Routes

[email protected]# set protocol static route 172.16.1.0/24 next-hop 10.1.2.1

[email protected]# set protocol static route 0.0.0.0/0 next-hop 192.168.1.1

Floating Static Routes

Protocol——Distance
Connected–0
Static———1
EBGP——–20
OSPF——–110
RIP————120
IBGP———-200

[email protected]# set protocol static route 192.168.1.0/24 next-hop 10.1.1.2 distance 150

Chapter 6 Firewalls

vRouter_packet_processing_vyatta

Firewall Rulebase

Baseado no Match e Action

Match : Faz match do Layer 3 e Layer 4, caso não seja especificado faz match all

Action : Accept, Reject (envia ICMP unreachable message), Drop. A default action é DROP

set firewall name PublicServers rule 10 action accept
set firewall name PublicServers rule 10 state established enable
set firewall name PublicServers rule 10 state related enable

set firewall name PublicServers rule 20 action accept
set firewall name PublicServers rule 20 destination address 10.6.7.0/24
set firewall name PublicServers rule 20 source address 10.2.3.0/24

set firewall name PublicServers rule 30 action accept
set firewall name PublicServers rule 30 destination address 10.6.7.0/24
set firewall name PublicServers rule 30 destination port smtp
set firewall name PublicServers rule 30 protocol tcp
set firewall name PublicServers rule 30 source address 10.4.5.0/24

set firewall name PublicServers rule 40 action reject
set firewall name PublicServers rule 40 destination address 10.6.7.0/24
set firewall name PublicServers rule 40 source address 10.4.5.0/24

set firewall name PublicServers rule 50 action accept
set firewall name PublicServers rule 50 destination address 10.6.7.0/24
set firewall name PublicServers rule 50 destination port http,ftp,smtp
set firewall name PublicServers rule 50 protocol tcp

[email protected]# set interfaces ethernet eth0 firewall out name PublicServers

[email protected]# run show firewall name

—————————–
Rulesets Information
—————————–
——————————————————————————–
IPv4 Firewall “PublicServers”:

Active on (eth0,OUT)

rule  action   proto     packets  bytes
—-  ——   —–     ——-  —–
10    accept   all       0        0
condition – saddr 0.0.0.0/0 daddr 0.0.0.0/0 state RELATED,ESTABLISHED

20    accept   all       0        0
condition – saddr 10.2.3.0/24 daddr 10.6.7.0/24

30    accept   tcp       0        0
condition – saddr 10.4.5.0/24 daddr 10.6.7.0/24 tcp dpt:25

40    reject   all       0        0
condition – saddr 10.4.5.0/24 daddr 10.6.7.0/24 reject-with icmp-port-unreacha
ble

50    accept   tcp       0        0
condition – saddr 0.0.0.0/0 daddr 10.6.7.0/24  dports 80,21,25

10000 drop     all       0        0
condition – saddr 0.0.0.0/0 daddr 0.0.0.0/0

[email protected]:~$ show firewall name PublicServers statistics
IPv4 Firewall “PublicServers”:
Active on (eth0,OUT)
rule  packets   bytes     action  source              destination
—-  ——-   —–     ——  ——              ———–
10    5.62M     6.52G     ACCEPT  0.0.0.0/0           0.0.0.0/0
20    51        13036     ACCEPT  10.2.3.0/24         10.6.7.0/24
30    0         0         ACCEPT  10.4.5.0/24         10.6.7.0/24
40    0         0         REJECT  10.4.5.0/24         10.6.7.0/24
50    0         0         ACCEPT  0.0.0.0/0           10.6.7.0/24
1025  2042      923057    DROP    0.0.0.0/0           0.0.0.0/0

Um dos estados é o trafego “related”, isto permite ativar o ALG em protocolos como o FTP e SIP

Applying Rulebases

 Individual interfaces – cada interface pode ter uma rulebase em cada direção (IN + OUT), e a mesma rulebase pode ser aplicada a várias interfaces
Zones – Zone é um grupo de interfaces. Agrupando as interfaces em zones fica implicitamente associado todos os enderecos dentro da zona. Épossivel aplicar uma rulebase a zones possibilitando ter security policies mais genéricas.Quando aplicada a rulebase é especificado a source/destination zone

Referências:

Notas Estudo BCVRE 170-010 parte 1

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information

Share

Notas Estudo BCVRE 170-010 parte 1

Chapter 1 Brocade Vyatta vRouter System Operations

Para fazer uncommit a todas as configurações da config em buffer usar o comnando discard

[email protected]# discard

Changes have been discarded

[email protected]:~$ show system login users
Username   Type     Tty   From         Last login
operator   vyatta   hvc0               Mon Jun 17 18:34:25 2013
vyatta     vyatta   pts/0 10.224.7.101 Wed Jun 19 20:47:39 2013

[email protected]:~$ show system storage
Filesystem            Size  Used Avail Use% Mounted on
unionfs               1.9G  1.6G  194M  90% /
tmpfs                 248M     0  248M   0% /lib/init/rw
udev                  241M  156K  241M   1% /dev
tmpfs                 248M  4.0K  248M   1% /dev/shm
/dev/sda1             1.9G  1.6G  194M  90% /live/image
/dev/sda1             1.9G  1.6G  194M  90% /live/cow
tmpfs                 248M     0  248M   0% /live
tmpfs                 248M   12K  248M   1% /tmp
/dev/sda1             1.9G  1.6G  194M  90% /opt/vyatta/etc/config
tmpfs                 248M  120K  248M   1% /var/run
none                  248M  384K  248M   1% /opt/vyatta/config

[email protected]:~$ show system memory
total       used       free     shared    buffers     cached
Mem:        514484     252428     262056          0      89084     109528
Swap:            0          0          0
Total:      514484     252428     262056
[email protected]:~$

Bare metal:

[email protected]:~$ show version
Version:      VSE6.5R3
Description:  Vyatta Subscription Edition 6.5 R3
Copyright:    2006-2013 Vyatta, Inc.
Built by:     autobuild@vyatta.com
Built on:     Thu Jan 24 21:34:57 UTC 2013
Build ID:     1301242135-3e8ca0b
System type:  Intel 32bit
Boot via:     image
HW UUID:      Not Present
Uptime:       00:34:26 up 2 days, 23:39,  1 user,  load average: 0.00, 0.03,
0.05

[email protected]:~$ show version
Version:      VSE6.6R1
Description:  Brocade Vyatta 5410 vRouter 6.6 R1
Copyright:    2006-2013 Vyatta, Inc.
Built by:     autobuild@vyatta.com
Built on:     Wed Jul 24 16:19:58 UTC 2013
Build ID:     1307241637-7e824ac
System type:  Intel 32bit Virtual
Boot via:     image
Hypervisor:   VMware
HW model:     VMware Virtual Platform
HW S/N:       VMware-56 4d 4c 44 b2 e4 14 cd-6c 7f e1 ae d7 bf 5c 1b
HW UUID:      564D4C44-B2E4-14CD-6C7F-E1AED7BF5C1B
Uptime:       00:08:39 up 78 days,  5:07,  2 users,  load average: 0.00, 0.01,
0.05

Operacional e Configuration mode

Commit and Save Process

After commit as alterações passam a ter efeito, mas para serem persistentes é necessário efectuar o comando save

By default a config e guardada em /config/config.boot, sendo mantido em histórico os últimos 20 commits

[email protected]:~$ show system commit
0   2013-10-21 17:39:35 by vyatta via cli
1   2013-10-21 17:39:22 by vyatta via cli
2   2013-10-21 17:06:17 by vyatta via cli
3   2013-10-18 19:30:18 by vyatta via cli
4   2013-10-17 19:28:42 by vyatta via cli
5   2013-10-11 18:44:04 by vyatta via cli
6   2013-10-08 22:21:35 by vyatta via cli
7   2013-10-08 22:21:06 by vyatta via cli
8   2013-10-08 22:17:48 by vyatta via cli
9   2013-10-07 19:03:04 by vyatta via cli
10  2013-10-07 19:02:13 by vyatta via cli
11  2013-09-25 17:13:32 by vyatta via cli
12  2013-09-25 17:00:48 by vyatta via cli
13  2013-09-25 16:58:49 by vyatta via cli
14  2013-09-25 16:57:28 by root via boot-config-loader
15  2013-09-25 16:54:27 by vyatta via cli
16  2013-09-25 16:49:38 by vyatta via cli
17  2013-09-23 21:49:55 by vyatta via cli
18  2013-09-11 22:08:16 by vyatta via cli
19  2013-09-11 22:08:10 by vyatta via cli

É possível usar o comando load para usar a config.boot sem ter que fazer reboot á box, as alterações passam a ter efeito após commit

Também é possível usar o comando merge para juntar config á já existente, as alterações passam a ter efeito após commit

Chapter 2 Ethernet

[set | edit] interface ethernet ethn
set speed [auto | 10 | 100 | 1000]
set duplex [auto | half | full]
set mac mac-address
set address address/mask

[email protected]:~$ show interfaces
Codes: S – State, L – Link, u – Up, D – Down, A – Admin Down
Interface        IP Address                        S/L  Description
———        ———-                        —  ———–
eth0             10.10.1.1/24                      u/u
eth1             192.168.12.1/24                   d/d

[email protected]:~$ show interfaces ethernet eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
link/ether 36:0a:27:2b:50:06 brd ff:ff:ff:ff:ff:ff
inet 172.24.42.51/24 brd 172.24.42.255 scope global eth0
inet6 fe80::340a:27ff:fe2b:5006/64 scope link
valid_lft forever preferred_lft forever
RX:  bytes    packets     errors    dropped    overrun      mcast
3656114      49450          0          0          0          0
TX:  bytes    packets     errors    dropped    carrier collisions
42829027     729851          0          0          0          0
[email protected]:~$

VLAN operations and settings

Existem 2 formas de referir a VLAN interface

!No setup da VLAN
interface ethernet eth0 vif 10

Referenciando a VLAN no NAT, OSPF por exemplo e usado o formato eth0.10

Sao aceites ambos os formatos no CLI, show interface eth0.10 ou eth0 vif 10

[email protected]:~$ show interfaces ethernet eth0.10
[email protected]: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP
link/ether 36:0a:27:2b:50:06 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.10.10.255 scope global eth0.10
inet6 fe80::340a:27ff:fe2b:5006/64 scope link
valid_lft forever preferred_lft forever
RX:  bytes    packets     errors    dropped    overrun      mcast
0          0          0          0          0          0
TX:  bytes    packets     errors    dropped    carrier collisions
368          4          0          0          0          0

Link Aggregation

Link Aggregation 802.1AX standard

[email protected]:~$
set interfaces bonding bond99 hash-policy ‘layer2’
set interfaces bonding bond99 mode ‘802.3ad’
set interfaces ethernet eth0 bond-group ‘bond99’

[email protected]:~$ show interfaces bonding
Codes: S – State, L – Link, u – Up, D – Down, A – Admin Down
Interface        IP Address                        S/L  Description
———        ———-                        —  ———–
bond99           –                                 u/D

[email protected]:~$ show interfaces bonding bond99 slaves
Interface        RX: bytes  packets     TX: bytes  packets
bond99           0          0           0          0
eth0         0          0           0          0

Chapter 3 TCP/IP

Basic Stuff (Network Foundations)

Referências:

Vyatta vRouter 5400 Online Documentation

Brocade Certified vRouter Engineer 2013 (BCVRE) Exam

Voucher gratuito Brocade Certified vRouter Engineer (BCVRE) 170-010 Exam

Network Functions Virtualization

Certification Brocade Community

Certification Exam Information

Share