Category Archives: Misc

Google BBR Algorithm

Google’s BBR algorithm for handling TCP traffic congestion could announce a new Era on the trasnport Control Protocol (TCP). Google announced integration with Google Cloud, a cloud hosting platform offered by Google to thousands of companies and which serves millions of websites on a daily basis.

BBR stands for “Bottleneck Bandwidth and RTT (Round-Trip Time),” and is an algorithm for optimizing how network packets travel through servers in order to avoid jamming certain routes.

If you want test this on your linux box, you can follow this guide here https://patchwork.ozlabs.org/patch/671069/

An draft IETF proposal as been made, you check see it here https://tools.ietf.org/html/draft-cheng-iccrg-delivery-rate-estimation-00

Share

TAP vs TUN Interfaces

What is the TUN ?
The TUN is Virtual Point-to-Point network device.
TUN driver was designed as low level kernel support for
IP tunneling.

What is the TAP ?
The TAP is a Virtual Ethernet network device.
TAP driver was designed as low level kernel support for
Ethernet tunneling.

What is the difference between TUN driver and TAP driver?
TUN works with IP frames. TAP works with Ethernet frames.

These kind of interfaces are supported in Linux

Share

Upgrade Cisco Blade Switch

Applying a major upgrade between 12.x and 15.x code, backup your config first before go ahead!

Checking the actual version

 

SW01#sh ver | i IOS
Cisco IOS Software, CBS30X0 Software (CBS30X0-LANBASEK9-M), Version 12.2(35)SE, RELEASE SOFTWARE (fc2)SW01#show boot
BOOT path-list      : flash:cbs30x0-lanbase-mz.122-35.SE/cbs30x0-lanbase-mz.122-35.SE.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :

Downloading and extracting the TAR file from your TFTP

SW01#download-sw tftp:10.1.0.103/cbs30x0-ipbase-tar.150-2.SE6.tar
Loading cbs30x0-ipbase-tar.150-2.SE6.tar from 10.1.0.103 (via FastEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(omitted for brevity)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK – 15073280 bytes]

Loading cbs30x0-ipbase-tar.150-2.SE6.tar from 10.1.0.103 (via FastEthernet0): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(omitted for brevity)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
examining image…
extracting info (107 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/info (372 bytes)
extracting info (107 bytes)

Stacking Version Number: 1.49

System Type:             0x00000000
Ios Image File Size:   0x00BEF200
Total Image File Size: 0x00E60200
Minimum Dram required: 0x08000000
Image Suffix:          ipbase-150-2.SE6
Image Directory:       cbs30x0-ipbase-mz.150-2.SE6
Image Name:            cbs30x0-ipbase-mz.150-2.SE6.bin
Image Feature:         IP|LAYER_3|MIN_DRAM_MEG=128

Old image for switch 1: unknown

Extracting images from archive into flash…
cbs30x0-ipbase-mz.150-2.SE6/ (directory)
extracting cbs30x0-ipbase-mz.150-2.SE6/info (372 bytes)
cbs30x0-ipbase-mz.150-2.SE6/html/ (directory)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/frmwrkResource.htm (950 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/menu.shtml (8324 bytes)
extracting cbs30x0-ipbase-mz.150-2.SE6/html/portstats.js (8142 bytes)
(omitted for brevity)
extracting cbs30x0-ipbase-mz.150-2.SE6/cbs30x0-ipbase-mz.150-2.SE6.bin (12505683 bytes)
extracting info (107 bytes)

Installing (renaming): `flash:update/cbs30x0-ipbase-mz.150-2.SE6′ ->
`flash:cbs30x0-ipbase-mz.150-2.SE6′
New software image installed in flash:cbs30x0-ipbase-mz.150-2.SE6

All software images installed.

Boot updated with the new image & Reboot

SW01#show boot
BOOT path-list      : flash:cbs30x0-ipbase-mz.150-2.SE6/cbs30x0-ipbase-mz.150-2.SE6.bin
Config file         : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break        : no
Manual Boot         : no
HELPER path-list    :
Auto upgrade        : yes
Auto upgrade path   :SW01#reload
Proceed with reload? [confirm]

New code is Live!

SW01#sh ver | i IOS
Cisco IOS Software, CBS30X0 Software (CBS30X0-IPBASE-M), Version 15.0(2)SE6, RELEASE SOFTWARE (fc2)

Compare the running config with the Backup one we did previously zero differences, so another successful upgrade!

Share

How to extend SLR in PAN for more than 7 days

By default the report is only generated for the last 7 days, using the GUI. I will show you next how to extend the time for the report.

You have to identify the start and end date and the export method, TFTP in this case.

[email protected]> tftp export stats-dump start-time equal 2016/10/[email protected]:00:00 end-time equal 2016/10/[email protected]:00:00 to 192.168.169.147

show system info…
Generating Application Report…
Generating HTTP Application Report…
Generating Category Report…
Generating Risk Report…
Generating Threat Report…
Generating Source Country Report…
Generating Destination Country Report…
Generating URL Category Report…
Generating Subcategory Report…
Generating Technology Report…
Generating Data Report…
Generating V2 Application Report…
Generating V2 Threat Report…
Generating V2 Wildfire Report…
Generating V2 Data Report…
Generating V2 URL Category Report…
Generating V2 Application Non-standard port Report…
Generating V2 HTTP Application Report…
show_system_info.txt
reports/
reports/ThreatReport.xml
reports/TechnologyReport.xml
reports/SourceCountryReport.xml
reports/SubcategoryReport.xml
reports/URLCategoryReport.xml
reports/error.log
reports/RiskReport.xml
reports/ApplicationReport.xml
reports/DestinationCountryReport.xml
reports/DataReport.xml
reports/CategoryReport.xml
reports/HTTPApplicationReport.xml
statsv2/reports/
statsv2/reports/ThreatReport.xml
statsv2/reports/WildfireReport.xml
statsv2/reports/URLCategoryReport.xml
statsv2/reports/error.log
statsv2/reports/ApplicationNonStandardPortReport.xml
statsv2/reports/ApplicationReport.xml
statsv2/reports/DataReport.xml
statsv2/reports/HTTPApplicationReport.xmlFinished generating reports. Please press enter to continue…
mode set to octet
Connected to 10.10.10.24 (10.10.10.24), port 69
putting logdbcsv_20161119_2009.tar.gz to 10.10.10.24:logdbcsv_20161119_2009.tar.gz [octet]
Sent 16506 bytes in 0.3 seconds [478106 bit/s]

[email protected]>

Once the report is exported, the Security Lifecycle Review (SLR) can be used for analysis.

Share

Export/Import Putty settings

This method is using registry, so before proceed do a backup of it.

Open command line and type the following command:

regedit /e “%userprofile%\desktop\putty-registry.reg” HKEY_CURRENT_USER\Software\Simontatham

Copy the file generated to the new Windows installation and run it, a prompt window will pop up and click “Yes”. This will merge with config you have for Putty.

export_putty_settings

The following window should appear saying it was imported successfully.

export_putty_settings2

 

Share

Cisco nV Technology

Cisco nV allows you to simplify operations and deployment of new services across different boundaries in a Service Provider network. But what is exactly this technology? It’s a single logical switch/router built by interconnecting an ASR9K and one or more smaller satellite switches. This switches act as a remote line cards, they are provisioned in ASR9K (called Host).

Architecture

cisco_nv

nV Edge Overview

cisco_nv7

 

nV System Overview

cisco_nv4

  • Control plane extension: Active RSP and standby RSP are on the different chassis,
    they sync up via external EOBC links “AS IF” they are in the same physical chassis
  • Data plane extension: bundle regular data links into special “nV fabric link” to simulate
    switch fabric function between two physical chassis to data packet across
  • No dedicated fabric chassis -> flexible co-located or different location deployment (No distance limitation)

nV Satellite

cisco_nv5

  • All Satellite Configuration is done on the Host (zero touch)
  • nV Satellite can greatly simplify access and aggregation networks
  • Support flexible access and agg network topologies
  • Satellite is a remote line card: Access ports have feature parity with ASR9K local ports
  • nV Satellite interface naming follows the same local interface naming convention:sat-ID / sat-slot / sat-bay / sat-port

Control Plane

Discovery Phase

  • CDP like protocol to discover Satellites
  • Heartbeat sent every second to detect failures

Control Phase

  • Inter-process Communication Channel (TCP socket)

Dataplane

On Satellite

  • Add nV-Tag to frames before forward to Edge

On the Host

  • Receive Frames with nV-Tag identifies Satellite Virtual Interface

Satellite Deployment Models

Mode 1: Static pinning (Any access ports could be mapped to any single fabric port.)

Mode 2:Fabric bundle (access ports are mapped to a fabric bundle)

Satellite Types: asr9000v, asr901, asr903

cisco_nv2

nV Satellite L2fabric, Ring Topologies

Since XR 5.1.1

  • Extending satellite connection across a Layer 2 network
  • A native 802.1Q tag is added to the Satellite-Host control and data plane protocol
  • Expanding to support ring, & cascaded topologies
  • Maintains the same plug & play operationalsimplicity
  • CFM/CCM used for fast failure detection*

* CFM/CCM for simple ring and cascading will be in future releases

cisco_nv6

References:

BRKARC-2024 – Cisco ASR 9000 nV Technology and Deployment (2014 San Francisco)

Share

Cisco IOS-XR Basics

IOS-XR code is really new for me, so i will write a few posts about it. So i will start with the basics. You can see this Operating System on CRS generations, ASR 9000 and NCS Box’s.

Configure Username and Group

The root-system means priviledge 15 in normal IOS

RP/0/0/CPU0:XR-4(config)#username cocheno
RP/0/0/CPU0:XR-4(config-un)# group root-system
RP/0/0/CPU0:XR-4(config-un)# password cocheno

The predefined groups are as follows:

  • cisco-support: This group is used by the Cisco support team.
  • netadmin: Has the ability to control and monitor all system and network parameters.
  • operator: A demonstration group with basic privileges.
  • root-lr: Has the ability to control and monitor the specific secure domain router.
  • root-system: Has the ability to control and monitor the entire system.
  • sysadmin: Has the ability to control and monitor all system parameters but cannot configure network protocols.
  • serviceadmin: Service administration tasks, for example, Session Border Controller (SBC).

Configure Hostname

RP/0/0/CPU0:XR(config)#hostname XR-4
RP/0/0/CPU0:XR(config)#commit

Assigning IP Addresses

IOS-XR has some alias configured, it will interpret correctly if you not use ipv4 in this case

RP/0/0/CPU0:XR-4(config)#int gigabitEthernet 0/0/0/0.201
RP/0/0/CPU0:XR-4(config-subif)#encapsulation dot1q 201
RP/0/0/CPU0:XR-4(config-subif)#ip?
ipv4 ipv6
RP/0/0/CPU0:XR-4(config-subif)#ip add 10.202.201.40 255.255.255.0

Check where your are in config hierarchy

RP/0/0/CPU0:XR-4(config-subif)#pwdSun Mar 6 17:37:05.948 UTC
interface GigabitEthernet0/0/0/0.201
RP/0/0/CPU0:XR-5(config-subif)#

Save Config

Saving the Config is a 2 step, you work on a candidate config instead of running-config protecting you from misconfig.

Showing config before commit it in running-config

RP/0/0/CPU0:XR-4(config)#show configuration
Sun Mar 6 16:03:23.913 UTC
Building configuration…
!! IOS XR Configuration 5.2.2
interface GigabitEthernet0/0/0/0.201
ipv4 address 10.202.201.40 255.255.255.0
encapsulation dot1q 201
!
endRP/0/0/CPU0:XR-4(config)#commit
Sun Mar 6 16:05:19.315 UTC

we can also assign a label to the commit, and rollback based on it as well

RP/0/0/CPU0:XR-4(config)#commit label IPV4_v201

Rolling back change we did previously

RP/0/0/CPU0:XR-4#rollback configuration last 1
Sun Mar 6 16:10:35.003 UTC
Loading Rollback Changes.
Loaded Rollback Changes in 1 sec
Committing.
4 items committed in 1 sec (3)items/sec
Updating.
Updated Commit database in 1 sec
Configuration successfully rolled back 1 commits.

You can use a time based commit, you need to accept the commit in 120 seconds, or it will rollback the changes

RP/0/0/CPU0:XR-4(config)#commit confirmed 120

Check the last system commits

RP/0/0/CPU0:XR-4(config)#show config commit list detail
Sun Mar 6 16:21:30.499 UTC1) CommitId: 1000000004 Label: IPV4_v201
UserId: cisco Line: con0_0_CPU0
Client: CLI Time: Sun Mar 6 16:21:28 2016
Comment: NONE2) CommitId: 1000000003 Label: NONE
UserId: cisco Line: con0_0_CPU0
Client: Rollback Time: Sun Mar 6 16:10:36 2016
Comment: NONE

 

RP/0/0/CPU0:XR-4#show configuration rollback changes last 1
Sun Mar 6 16:24:50.435 UTC
Building configuration…
!! IOS XR Configuration 5.2.2
no interface GigabitEthernet0/0/0/0.201
end

Configure Telnet/SSH

RP/0/0/CPU0:XR-4(config)#telnet vrf default ipv4 server max-servers 5
RP/0/0/CPU0:XR-4#crypto key generate dsa
Sun Mar 6 17:52:29.135 UTC
The name for the keys will be: the_default
Choose the size of your DSA key modulus. Modulus size can be 512, 768, or 1024 bits. Choosing a key modulus
How many bits in the modulus [1024]:
Generating DSA keys …
Done w/ crypto generate keypair
[OK]RP/0/0/CPU0:XR-4#conf t
Sun Mar 6 17:52:44.114 UTC
RP/0/0/CPU0:XR-4(config)#domain name cocheno.com
RP/0/0/CPU0:XR-4(config)#ssh server v2
RP/0/0/CPU0:XR-4(config)#commit

Check SSH Sessions

RP/0/0/CPU0:XR-5#show ssh
Sun Mar 6 17:55:15.633 UTC
SSH version : Cisco-2.0id pty location state userid host ver authentication
—————————————————————————————————————
Incoming sessions
0 vty0 0/0/CPU0 SESSION_OPEN cisco 10.202.201.150 v2 password

Check commit failures

RP/0/0/CPU0:XR-4(config)#show configuration failed

After you change candidate config, you can abort without commit it

RP/0/0/CPU0:XR-4(config)#abort

Replace the entire config by the candidate, if your candidate is empty will you have factory default

RP/0/0/CPU0:XR-4(config)#commit replace
Sun Mar 6 16:47:46.101 UTCThis commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]:

Share