A route aggregate is a route advertisement that has consolidated contiguous networks.
For instance;
Networks: (192.168.1.0/24, 192.168.2.0/24, …192.168.254.0/24, 192.168.255.0/24)
Aggregate: 192.168.0.0/16
Rather then processing 256 networks, a single aggregate network address that covers all the networks can be advertised. Aggregates vastly reduce the Internet Routing Table size.
The following posts are taken from the book “Internet Routing Architectures”. These examples demonstrate different methods of aggregation that are seen on the Internet. The way aggregates are formed and advertised and whether they carry with them more specific routes will influence traffic patterns and sizes of BGP routing tables. Remember that aggregation applies to routes that exist in the BGP routing table. An aggregate can be sent if at least one more-specific route of that aggregate exists in the BGP table.
Aggregate only, suppressing more specific routes:
Aggregate plus more specific routes:
Aggregate with a subset of more specific routes:
Loss of information inside aggregates:
Changing the aggregates attributes:
Forming the Aggregate Based on a subset of specific routes
Sunday, 10 February 2008
Thursday, 31 January 2008
Multi Router Looking Glass
Objective: create a web interface for viewing routing tables and other routing commands.
I have chosen John Fraizer's Multi Router Looking Glass (a working example can be seen at RIPE's Routing Information Service page). The latest version of the software can be downloaded at: http://www.op-sec.us/mrlg/source/CURRENT/ .
Basically the software consists of a cgi script to place in your apache server cgi-bin and a couple of perl & bash scripts. There is also code to make fastping, an alternative to ping. I just used plain old ping in my setup.
CPAN Perl Module: First thing we need is the Perl "Network::Telent::Cisco" module to allow the main script to communicate via telnet to our network equipment. SSH is available via the "Network::SSH::Perl" module, however I will not cover this here.
Access your CPAN shell:
Note: If this is the first time you have run this command you will have to configure CPAN.
Now install "Network::Telnet::Cisco" module.
With this done all we need is a little file keeping to get our program into place. From our downloaded and extracted tar.gz folder issue the following commands:
Note: These are for FreeBSD, your directory structure may vary.
Now, we need to edit fping1, ztr & ztraceroute to make sure all paths within these files are correct for your system. For FreeBSD I had to edit paths to bash & traceroute, also exchange fastping for ping and its's correct path.
mrlg.conf set up:
To get anything out of your index.cgi, ie. MRLG, you need to config /etc/mrlg.conf.
First, we have to tell MRLG the host details we will be running MRLG on.
Secondly, we can amend a router to the details of one of our local routers.
That is all we need to get an interface into our routers as demonstrated below.
The conf file has lots of settings not discussed here but which can be very useful so I would advise this be your first point of call if you decide to install MRLG.
Phil
I have chosen John Fraizer's Multi Router Looking Glass (a working example can be seen at RIPE's Routing Information Service page). The latest version of the software can be downloaded at: http://www.op-sec.us/mrlg/source/CURRENT/ .
Basically the software consists of a cgi script to place in your apache server cgi-bin and a couple of perl & bash scripts. There is also code to make fastping, an alternative to ping. I just used plain old ping in my setup.
CPAN Perl Module: First thing we need is the Perl "Network::Telent::Cisco" module to allow the main script to communicate via telnet to our network equipment. SSH is available via the "Network::SSH::Perl" module, however I will not cover this here.
Access your CPAN shell:
$ perl -MCPAN -e shell
cpan>
Note: If this is the first time you have run this command you will have to configure CPAN.
Now install "Network::Telnet::Cisco" module.
cpan> install Net::Telnet::Cisco
With this done all we need is a little file keeping to get our program into place. From our downloaded and extracted tar.gz folder issue the following commands:
cp index.cgi /usr/local/www/apache22/cgi-bin/
chmod +x /usr/local/www/apache22/cgi-bin/index.cgi
cp fping1 ztr ztraceroute /usr/local/bin
chmod +x /usr/local/bin/fping1 /usr/local/bin/ztr /usr/local/bin/ztraceroute
cp mrlg.conf.sample /etc/mrlg.conf
Note: These are for FreeBSD, your directory structure may vary.
Now, we need to edit fping1, ztr & ztraceroute to make sure all paths within these files are correct for your system. For FreeBSD I had to edit paths to bash & traceroute, also exchange fastping for ping and its's correct path.
mrlg.conf set up:
To get anything out of your index.cgi, ie. MRLG, you need to config /etc/mrlg.conf.
First, we have to tell MRLG the host details we will be running MRLG on.
## Set the URL for the location of the looking-glass....
$::url="http://10.1.1.3/cgi-bin/index.cgi";
Secondly, we can amend a router to the details of one of our local routers.
$::Routers{'Folkestone-AS2'} = {
comment => 'Cisco 2600 Series',
server => '10.1.1.2',
use_port => '23',
login_pass => 'cisco',
full_tables => '1',
cisco => '1',
debug => "0",
};
That is all we need to get an interface into our routers as demonstrated below.
The conf file has lots of settings not discussed here but which can be very useful so I would advise this be your first point of call if you decide to install MRLG.
Phil
Tuesday, 29 January 2008
pman - generate man pages in pdf format on OSX
Generate PDF man files in OSX
Drop the following code in your profile, log out & log back in and man your favourite manpage but use 'pman' this time.
You'll be presented a PDF document of your man page when you can refer to anytime, complete with search, zoom and anything else you can do with a pdf.
..
Drop the following code in your profile, log out & log back in and man your favourite manpage but use 'pman' this time.
pman()
{
man -t "${1}" | open -f -a /Applications/Preview.app/
}
You'll be presented a PDF document of your man page when you can refer to anytime, complete with search, zoom and anything else you can do with a pdf.
..
comserv for OS X - Leopard
comserv for leopard
About a year ago I was using comserv on a BSD box hooked up to a Xyplex terminal access server. This gave me native access to the serial ports on the terminal server, so I could do a simple "cu -l /usr/local/comserv/dev/xport01" to connect to a router or switch or what have you.
I have been considering a MacBook, and one of the programs I would love to have would be comserv. I had a look around the pkg repositories but no luck! It was a case of rolling my own.
After a little bit of compiling and package hacking I have got a fully working OSX package: comserv.pkg
After a simple double click install, all that is needed is to:
sudo cp /usr/local/etc/comservd.conf.sample /usr/local/etc/comservd.conf
sudo vi /usr/local/etc/comservd.conf
ammend to your liking:
sudo vi /etc/hostconfig
append: COMSERVD=-YES-
and that is it, comservd starts up on reboot and gives you access to all those ports.
If you can't wait to reboot.
sudo SystemStarter start COMSERVD
comservd conf help is available under the installed man page. Even better 'pman' comservd. Also, it is complete with an uninstall.sh script.
enjoy
Saturday, 12 January 2008
md5 checksums in solaris
md5sum = digest -v -a md5
example:
alias alleviates the aggravation of transcendence:
example:
# digest -v -a md5 /export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b
md5 (/export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b) = 5218cdcd46c023a0f074c6696403a722
#
alias alleviates the aggravation of transcendence:
# alias md5sum='digest -v -a md5'
# md5sum /export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b
md5 (/export/home/philip/Desktop/sol-nv-b70b-x86-dvd-iso-b) = 5218cdcd46c023a0f074c6696403a722
#
Monday, 7 January 2008
BGP Peer Groups on Quagga
Objective: To set up a "peer-group" on our Quagga router to limit advertisements within an Autonomous System.
Setup: Refer to previous post "Headless BSD Quagga Router" to get you started.
Under the running config on the quagga router I have formed the peer group 'localAS' for AS3 with the following command:
next I include the neighbors I wish to be in the peer-group:
It is the same as declaring a normal neighbor however I use the 'peer-group' option. The 'remote-as' option is not needed, as in the preceding command 'neighbor localAS remote-as 3' confirms which remote the peer-group is in.
Excerpt on BGP Technology from Cisco Systems:
The major benefit you achieve when you specify a BGP peer group is that a BGP peer group reduces the amount of system resources (CPU and memory) necessary in an update generation. A BGP peer group reduces the load on system resources by allowing the routing table to be checked only once, and updates to be replicated to all peer group members instead of being done individually for each peer in the peer group. Based on the number of peer group members, the number of prefixes in the table, and the number of prefixes advertised, this can significantly reduce the load.
BGP peer groups also simplifies the BGP configuration. Instead of configuring each neighbor with the same policy individually, a peer group allows you to group the policies which can be applied to individual peers thus making efficient update calculation along with simplified configuration.
..
Setup: Refer to previous post "Headless BSD Quagga Router" to get you started.
Under the running config on the quagga router I have formed the peer group 'localAS' for AS3 with the following command:
neighbor localAS remote-as 3
next I include the neighbors I wish to be in the peer-group:
neighbor 172.16.1.2 peer-group localAS
neighbor 192.68.1.1 peer-group localAS
It is the same as declaring a normal neighbor however I use the 'peer-group' option. The 'remote-as' option is not needed, as in the preceding command 'neighbor localAS remote-as 3' confirms which remote the peer-group is in.
Excerpt on BGP Technology from Cisco Systems:
The major benefit you achieve when you specify a BGP peer group is that a BGP peer group reduces the amount of system resources (CPU and memory) necessary in an update generation. A BGP peer group reduces the load on system resources by allowing the routing table to be checked only once, and updates to be replicated to all peer group members instead of being done individually for each peer in the peer group. Based on the number of peer group members, the number of prefixes in the table, and the number of prefixes advertised, this can significantly reduce the load.
BGP peer groups also simplifies the BGP configuration. Instead of configuring each neighbor with the same policy individually, a peer group allows you to group the policies which can be applied to individual peers thus making efficient update calculation along with simplified configuration.
..
Tuesday, 1 January 2008
grep trick
Small hint shown to me many years ago when enabling things in rc.conf.
If I want to startup ipfilter for example (trimmed to avoid wrapping).
If it looks like what you want then write it into your running rc.conf,
Then you can edit to enable, add flags, etc. Cures the typos.
DAve
http://lists.freebsd.org/pipermail/freebsd-questions/2007-December/165704.html
If I want to startup ipfilter for example (trimmed to avoid wrapping).
bash-2.05b# cat /etc/defaults/rc.conf | grep ^ipfilter
Returns the following,
ipfilter_enable="NO" # Set to YES to enable ipfilter
ipfilter_program="/sbin/ipf" # where the ipfilter program lives
ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter,
ipfilter_flags="" # additional flags for ipfilter
If it looks like what you want then write it into your running rc.conf,
cat /etc/defaults/rc.conf | grep ^ipfilter >> /etc/rc.conf
Then you can edit to enable, add flags, etc. Cures the typos.
DAve
http://lists.freebsd.org/pipermail/freebsd-questions/2007-December/165704.html
Subscribe to:
Posts (Atom)
