Thursday, 31 January 2008

Multi Router Looking Glass

Objective: create a web interface for viewing routing tables and other routing commands.

I have chosen John Fraizer's Multi Router Looking Glass (a working example can be seen at RIPE's Routing Information Service page). The latest version of the software can be downloaded at: http://www.op-sec.us/mrlg/source/CURRENT/ .
Basically the software consists of a cgi script to place in your apache server cgi-bin and a couple of perl & bash scripts. There is also code to make fastping, an alternative to ping. I just used plain old ping in my setup.

CPAN Perl Module: First thing we need is the Perl "Network::Telent::Cisco" module to allow the main script to communicate via telnet to our network equipment. SSH is available via the "Network::SSH::Perl" module, however I will not cover this here.

Access your CPAN shell:

$ perl -MCPAN -e shell
cpan>


Note: If this is the first time you have run this command you will have to configure CPAN.

Now install "Network::Telnet::Cisco" module.

cpan> install Net::Telnet::Cisco



With this done all we need is a little file keeping to get our program into place. From our downloaded and extracted tar.gz folder issue the following commands:

cp index.cgi /usr/local/www/apache22/cgi-bin/
chmod +x /usr/local/www/apache22/cgi-bin/index.cgi
cp fping1 ztr ztraceroute /usr/local/bin
chmod +x /usr/local/bin/fping1 /usr/local/bin/ztr /usr/local/bin/ztraceroute
cp mrlg.conf.sample /etc/mrlg.conf


Note: These are for FreeBSD, your directory structure may vary.
Now, we need to edit fping1, ztr & ztraceroute to make sure all paths within these files are correct for your system. For FreeBSD I had to edit paths to bash & traceroute, also exchange fastping for ping and its's correct path.

mrlg.conf set up:
To get anything out of your index.cgi, ie. MRLG, you need to config /etc/mrlg.conf.
First, we have to tell MRLG the host details we will be running MRLG on.

## Set the URL for the location of the looking-glass....
$::url="http://10.1.1.3/cgi-bin/index.cgi";


Secondly, we can amend a router to the details of one of our local routers.


$::Routers{'Folkestone-AS2'} = {
comment => 'Cisco 2600 Series',
server => '10.1.1.2',
use_port => '23',
login_pass => 'cisco',
full_tables => '1',
cisco => '1',
debug => "0",
};



That is all we need to get an interface into our routers as demonstrated below.



The conf file has lots of settings not discussed here but which can be very useful so I would advise this be your first point of call if you decide to install MRLG.
Phil

Tuesday, 29 January 2008

pman - generate man pages in pdf format on OSX

Generate PDF man files in OSX

Drop the following code in your profile, log out & log back in and man your favourite manpage but use 'pman' this time.

pman()
{
man -t "${1}" | open -f -a /Applications/Preview.app/
}


You'll be presented a PDF document of your man page when you can refer to anytime, complete with search, zoom and anything else you can do with a pdf.

..

comserv for OS X - Leopard


comserv for leopard
About a year ago I was using comserv on a BSD box hooked up to a Xyplex terminal access server. This gave me native access to the serial ports on the terminal server, so I could do a simple "cu -l /usr/local/comserv/dev/xport01" to connect to a router or switch or what have you.

I have been considering a MacBook, and one of the programs I would love to have would be comserv. I had a look around the pkg repositories but no luck! It was a case of rolling my own.

After a little bit of compiling and package hacking I have got a fully working OSX package: comserv.pkg

After a simple double click install, all that is needed is to:

sudo cp /usr/local/etc/comservd.conf.sample /usr/local/etc/comservd.conf

sudo vi /usr/local/etc/comservd.conf
ammend to your liking:

sudo vi /etc/hostconfig
append: COMSERVD=-YES-


and that is it, comservd starts up on reboot and gives you access to all those ports.
If you can't wait to reboot.
sudo SystemStarter start COMSERVD


comservd conf help is available under the installed man page. Even better 'pman' comservd. Also, it is complete with an uninstall.sh script.

enjoy

Saturday, 12 January 2008

md5 checksums in solaris

md5sum = digest -v -a md5

example:
# digest -v -a md5 /export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b
md5 (/export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b) = 5218cdcd46c023a0f074c6696403a722
#


alias alleviates the aggravation of transcendence:

# alias md5sum='digest -v -a md5'
# md5sum /export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b
md5 (/export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b) = 5218cdcd46c023a0f074c6696403a722
#

Monday, 7 January 2008

BGP Peer Groups on Quagga

Objective: To set up a "peer-group" on our Quagga router to limit advertisements within an Autonomous System.

Setup: Refer to previous post "Headless BSD Quagga Router" to get you started.

Under the running config on the quagga router I have formed the peer group 'localAS' for AS3 with the following command:

neighbor localAS remote-as 3


next I include the neighbors I wish to be in the peer-group:

neighbor 172.16.1.2 peer-group localAS
neighbor 192.68.1.1 peer-group localAS


It is the same as declaring a normal neighbor however I use the 'peer-group' option. The 'remote-as' option is not needed, as in the preceding command 'neighbor localAS remote-as 3' confirms which remote the peer-group is in.

Excerpt on BGP Technology from Cisco Systems:

The major benefit you achieve when you specify a BGP peer group is that a BGP peer group reduces the amount of system resources (CPU and memory) necessary in an update generation. A BGP peer group reduces the load on system resources by allowing the routing table to be checked only once, and updates to be replicated to all peer group members instead of being done individually for each peer in the peer group. Based on the number of peer group members, the number of prefixes in the table, and the number of prefixes advertised, this can significantly reduce the load.

BGP peer groups also simplifies the BGP configuration. Instead of configuring each neighbor with the same policy individually, a peer group allows you to group the policies which can be applied to individual peers thus making efficient update calculation along with simplified configuration.

..

Tuesday, 1 January 2008

grep trick

Small hint shown to me many years ago when enabling things in rc.conf.
If I want to startup ipfilter for example (trimmed to avoid wrapping).

bash-2.05b# cat /etc/defaults/rc.conf | grep ^ipfilter

Returns the following,
ipfilter_enable="NO" # Set to YES to enable ipfilter
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter,
ipfilter_flags="" # additional flags for ipfilter

If it looks like what you want then write it into your running rc.conf,

cat /etc/defaults/rc.conf | grep ^ipfilter >> /etc/rc.conf

Then you can edit to enable, add flags, etc. Cures the typos.

DAve
http://lists.freebsd.org/pipermail/freebsd-questions/2007-December/165704.html