Site dedicated mainly to internetworking. The goal is to share experiences, teach IP, IPv6. Talk about Linux, IP services, servers, promote IPv6 adoption, routing protocols, security and in some cases just some thoughts. Keywords: linux, cisco, ospf, bgp, eigrp, ip, ipv6, sla, link, routers, routings, telco, telecommunications, security, ipv4
Wednesday, March 30, 2016
Monday, February 29, 2016
Read a BGP live stream from CAIDA
Objective
Read a BGP live stream from CAIDA and insert them into a BGP session
What do we need
bgpreader from the bgpstream core package provided by Caida
bgp_simple.pl obtained in github
Overview
We will read the BGP live stream feed using bgpreader, then the standard output of it will be redirected to a pipe file (mkfifo) where a perl script called bgpsimple will be reading this file. This very same script will established the BGP session against a BGP speaker and announce the prefixes received in the stream.
LAB Topology
The configuration was already tested in Cisco & Quagga
The BGP Speaker (Cisco/Quagga) has the IPv4 address 192.168.1.1
The BGP Simple Linux box has the IP 192.168.1.2
How does it works?
bgpreader has the ability to write his output in the -m format used by libbgpdump (by RIPENCC), this is the very same format bgpsimple uses as stdin. That's why myroutes is a PIPE file (created with mkfifo).
Steps:
INSTALL BGP READER - UBUNTU 15.04
First install general some packages:
apt-get install apt-file libsqlite3-dev libsqlite3 libmysqlclient-dev libmysqlclient
apt-get install libcurl-dev libcurl autoconf git libssl-dev
apt-get install build-essential zlib1g-dev libbz2-dev
apt-get install libtool git
apt-get install zlib1g-dev
Also intall wandio
wandio-1.0.3
git clone https://github.com/alistairking/wandio
./configure
cd wandio
./bootstrap.sh
./configure && ./make && ./make install
wandiocat http://www.apple.com/library/test/success.html
to test wandio:
wandiocat http://www.apple.com/library/test/success.html
Download bgp reader tarball from:
https://bgpstream.caida.org/download
#ldconfig (before testing)
#mkfifo myroutes
to test bgpreader:
./bgpreader -p caida-bmp -w 1453912260 -m
(wait some seconds and then you will see something)
# git clone https://github.com/xdel/bgpsimple
Finally run everything
In two separate terminals (or any other way you would like to do it):
./bgpreader -p caida-bmp -w 1453912260 -m > /usr/src/bgpsimple/myroutes
./bgp_simple.pl -myas 65000 -myip 192.168.1.2 -peerip 192.168.1.1 -peeras 65000 -p myroutes
One more time, what will happen behind this?
bgpreader will read an online feed from a project called caida-bmp with starting timestamp 1453912260 (Jan 27 2016, 16:31) in "-m" format, It means a libbgpdump format (see references). The stardard output of all this will be send to the file /usr/src/bgpsimple/myroutes which is a "pipe file". At the same time, bgp_simple.pl will create an iBGP session againts peer 192.168.1.1/AS65000 (a bgp speaker such as Quagga or Cisco). bgp_simple.pl will read myroutes files and send what it seems in this file thru the iBGP Session.
Important information
- The BGP Session won't be established until there is something in the file myroutes
- eBGP multi-hop session are allowed
- You have to wait short time (few seconds) until bgpreaders start to actually see something and bgp_simple.pl starts to announce to the BGP peer
References / More information:
-Part of the work was based on:
http://evilrouters.net/2009/08/21/getting-bgp-routes-into-dynamips-with-video/
- Caida BGP Stream:
https://bgpstream.caida.org/
- bgpreader info:
https://bgpstream.caida.org/docs/tools/bgpreader
- RIPE NCC libbgpdump:
http://www.ris.ripe.net/source/bgpdump/
- Introduction of "Named Pipes" (pipe files in Linux):
http://www.linuxjournal.com/article/2156
Read a BGP live stream from CAIDA and insert them into a BGP session
What do we need
bgpreader from the bgpstream core package provided by Caida
bgp_simple.pl obtained in github
Overview
We will read the BGP live stream feed using bgpreader, then the standard output of it will be redirected to a pipe file (mkfifo) where a perl script called bgpsimple will be reading this file. This very same script will established the BGP session against a BGP speaker and announce the prefixes received in the stream.
LAB Topology
The configuration was already tested in Cisco & Quagga
The BGP Speaker (Cisco/Quagga) has the IPv4 address 192.168.1.1
The BGP Simple Linux box has the IP 192.168.1.2
How does it works?
bgpreader has the ability to write his output in the -m format used by libbgpdump (by RIPENCC), this is the very same format bgpsimple uses as stdin. That's why myroutes is a PIPE file (created with mkfifo).
Steps:
INSTALL BGP READER - UBUNTU 15.04
First install general some packages:
apt-get install apt-file libsqlite3-dev libsqlite3 libmysqlclient-dev libmysqlclient
apt-get install libcurl-dev libcurl autoconf git libssl-dev
apt-get install build-essential zlib1g-dev libbz2-dev
apt-get install libtool git
apt-get install zlib1g-dev
Also intall wandio
wandio-1.0.3
git clone https://github.com/alistairking/wandio
./configure
cd wandio
./bootstrap.sh
./configure && ./make && ./make install
wandiocat http://www.apple.com/library/test/success.html
to test wandio:
wandiocat http://www.apple.com/library/test/success.html
Download bgp reader tarball from:
https://bgpstream.caida.org/download
#ldconfig (before testing)
#mkfifo myroutes
to test bgpreader:
./bgpreader -p caida-bmp -w 1453912260 -m
(wait some seconds and then you will see something)
# git clone https://github.com/xdel/bgpsimple
Finally run everything
In two separate terminals (or any other way you would like to do it):
./bgpreader -p caida-bmp -w 1453912260 -m > /usr/src/bgpsimple/myroutes
./bgp_simple.pl -myas 65000 -myip 192.168.1.2 -peerip 192.168.1.1 -peeras 65000 -p myroutes
One more time, what will happen behind this?
bgpreader will read an online feed from a project called caida-bmp with starting timestamp 1453912260 (Jan 27 2016, 16:31) in "-m" format, It means a libbgpdump format (see references). The stardard output of all this will be send to the file /usr/src/bgpsimple/myroutes which is a "pipe file". At the same time, bgp_simple.pl will create an iBGP session againts peer 192.168.1.1/AS65000 (a bgp speaker such as Quagga or Cisco). bgp_simple.pl will read myroutes files and send what it seems in this file thru the iBGP Session.
Important information
- The BGP Session won't be established until there is something in the file myroutes
- eBGP multi-hop session are allowed
- You have to wait short time (few seconds) until bgpreaders start to actually see something and bgp_simple.pl starts to announce to the BGP peer
References / More information:
-Part of the work was based on:
http://evilrouters.net/2009/08/21/getting-bgp-routes-into-dynamips-with-video/
- Caida BGP Stream:
https://bgpstream.caida.org/
- bgpreader info:
https://bgpstream.caida.org/docs/tools/bgpreader
- RIPE NCC libbgpdump:
http://www.ris.ripe.net/source/bgpdump/
- Introduction of "Named Pipes" (pipe files in Linux):
http://www.linuxjournal.com/article/2156
Wednesday, February 17, 2016
Animation: The sad tale of the ISP that did not deploy IPv6
Hello,
The following animation is based on the story called: "The sad tale of the ISP that didn't deploy IPv6" [1]. Hope you enjoy it:
[1] http://portalipv6.lacnic.net/en/the-sad-tale-of-the-isp-that-didnt-deploy-ipv6/
Friday, January 1, 2016
Virtualbox in Windows. Bridge adapter + IPv6 not working
Introduction:
When trying to use IPv6 in Virtualbox inside a guest where the adapter is bridge to the wireless interface of the host, the VM does SLAAC correctly but HTTP or ping6 does not work.
Solution:
To solve this issue just reinstall/repair your current Virtualbox instalattion (version 5) adding the following parameters to the installer: "-Win.exe -msiparams NETWORKTYPE=NDIS5"
The result would be something like:
G:\>VirtualBox-5.0.12-104815-Win.exe -msiparams NETWORKTYPE=NDIS5
So, you cannot double click on the installer, you need to do it from command line with admin privileges.
Workaround:
The problem is only with the bridging to the wireless adapter, you, if possible, you could bridge to a non-wireless interface and IPv6 should work perfectly.
References:
https://www.virtualbox.org/ticket/14457
Good luck,
When trying to use IPv6 in Virtualbox inside a guest where the adapter is bridge to the wireless interface of the host, the VM does SLAAC correctly but HTTP or ping6 does not work.
Solution:
To solve this issue just reinstall/repair your current Virtualbox instalattion (version 5) adding the following parameters to the installer: "-Win.exe -msiparams NETWORKTYPE=NDIS5"
The result would be something like:
G:\>VirtualBox-5.0.12-104815-Win.exe -msiparams NETWORKTYPE=NDIS5
So, you cannot double click on the installer, you need to do it from command line with admin privileges.
Workaround:
The problem is only with the bridging to the wireless adapter, you, if possible, you could bridge to a non-wireless interface and IPv6 should work perfectly.
References:
https://www.virtualbox.org/ticket/14457
Good luck,
Tuesday, May 26, 2015
IPv6 Song presented during Lacnic23 (Lima, Peru) - IPv6 Latin American Forum
(note that you can turn on captioning if you wish)
Michael Schulze: Co-producer
Eidan Molina: Co-producer. Composer.
Music and Lyrics by Eidan Molina
Agrupacion de produccion: Fifth Floor Studios
Idea: Alejandro Acosta
Tuesday, February 17, 2015
Solution to quagga vtysh "Exiting: failed to connect to any daemons."
Description:
When you run the command in the linux shell vtysh to connect to the quagga daemons (such as bgpd, ospfd, etc) returns the following error "Exiting: failed to connect to any daemons"
Just like this:
alejandro @ miserver: ~ $ vtysh -d bgpd
Exiting: failed to connect to any daemons.
alejandro @ miserver: ~ $ vtysh
Exiting: failed to connect to any daemons.
Solution:
The solution is to add the user that is executing vtysh to the quagga group. To do this edit the /etc/group file.
After editing /etc/group should be something like:
quagga:x:1003:alejandro
You can specify multiple users doing:
quagga:x:1003:alejandro, john
This is necessary because vtysh tries to connect to the daemons using UNIX domain sockets and not all users (for security reasons) have access to these sockets.
Another solution:
Another solution might be during the compilation phase where you can specify the linux/unix group for sockets mentioned above. Example:
./configure --enable-vty-group = group
Good luck, I hope this helped,
When you run the command in the linux shell vtysh to connect to the quagga daemons (such as bgpd, ospfd, etc) returns the following error "Exiting: failed to connect to any daemons"
Just like this:
alejandro @ miserver: ~ $ vtysh -d bgpd
Exiting: failed to connect to any daemons.
alejandro @ miserver: ~ $ vtysh
Exiting: failed to connect to any daemons.
Solution:
The solution is to add the user that is executing vtysh to the quagga group. To do this edit the /etc/group file.
After editing /etc/group should be something like:
quagga:x:1003:alejandro
You can specify multiple users doing:
quagga:x:1003:alejandro, john
This is necessary because vtysh tries to connect to the daemons using UNIX domain sockets and not all users (for security reasons) have access to these sockets.
Another solution:
Another solution might be during the compilation phase where you can specify the linux/unix group for sockets mentioned above. Example:
./configure --enable-vty-group = group
Good luck, I hope this helped,
Monday, January 26, 2015
The sad tale of the ISP that didn’t deploy IPv6
Once upon a time in the not so distant past, a large ISP dominated a country’s telecommunications market and felt powerful and without competition. Whenever someone needed to log on to the Internet they would use their services. Everyone envied their market penetration.
This large ISP, however, had never wanted to deploy IPv6 because they thought their stock of IP addresses was enough and saw no indicator telling them that they needed the new protocol.
During the course of those years, another smaller ISP began implementing IPv6 and slowly began to grow, as they realized that the protocol did indeed make a difference in the eyes of their clients and that it was helping them win over new users.
The small ISP’s market penetration continued to grow, as did their earnings and general respect for their services. As they grew, it became easier for them to obtain better equipment, traffic and interconnection prices. Everything was going very well. The small ISP couldn’t believe that something as simple as deploying IPv6 could be paying off so spectacularly. Their customers told them their needs included running VPNs and holding conference calls with partners in other parts of the world, and that their subsidiaries, customers and business partners in Europe and Asia had already adopted IPv6.
Despite being so powerful, the large ISP began experiencing internal problems that were neither billing nor money related. Sales staff complained that they were having trouble closing many deals because customers had started asking for IPv6 and, although their ISP was so large and important, they simply did not have IPv6 to offer. Both corporate customers and residential users were asking for IPv6; even major state tenders were requiring IPv6.
When this started happening, the Sales Manager complained to the Products, Engineering and Operations departments. The latter were left speechless and some employees were let go by the company. In the end, Sales did not care where the fault lay – they were simply unable to gain new customers. Realizing that they were losing customers, some of the salespeople accepted job offers at the small ISP who was looking to grow their staff as they could now afford the best sales force. Then the same thing happened with the larger ISP’s network manager, an expert who knew a lot about IPv6 but who had been unable to overcome the company’s bureaucracy and bring the new protocol into production. Logically, the network manager was followed by his trusted server administrator and head of security. The large ISP couldn’t believe what was happening right before their very eyes. The sales force hired by the smaller ISP (those who used to work for the large ISP) brought with them their huge customer base, all of them potential prospects.
A stampede of the large ISP’s clients was on the way. The months went by and the smaller ISP was no longer simply offering Internet access – its Data Center had grown, major companies brought in new cache servers and much more. They were now offering co-location, hosting, virtual hosting, voice and video, among many other services.
When the large provider decided to deploy IPv6, it had to do so very quickly. Things went wrong; many errors were made. In addition, certain consultants and companies took advantage of their problems and charged higher rush fees. Network downtime increased, as did the number of calls to the call center. The large ISP’s reputation started to crumble.
As expected, in the end, everyone who was part of this story – clients and providers alike – ended up deploying IPv6. Some ended up happier than others, but everyone adopted IPv6 on their networks.
This large ISP, however, had never wanted to deploy IPv6 because they thought their stock of IP addresses was enough and saw no indicator telling them that they needed the new protocol.
During the course of those years, another smaller ISP began implementing IPv6 and slowly began to grow, as they realized that the protocol did indeed make a difference in the eyes of their clients and that it was helping them win over new users.
The small ISP’s market penetration continued to grow, as did their earnings and general respect for their services. As they grew, it became easier for them to obtain better equipment, traffic and interconnection prices. Everything was going very well. The small ISP couldn’t believe that something as simple as deploying IPv6 could be paying off so spectacularly. Their customers told them their needs included running VPNs and holding conference calls with partners in other parts of the world, and that their subsidiaries, customers and business partners in Europe and Asia had already adopted IPv6.
Despite being so powerful, the large ISP began experiencing internal problems that were neither billing nor money related. Sales staff complained that they were having trouble closing many deals because customers had started asking for IPv6 and, although their ISP was so large and important, they simply did not have IPv6 to offer. Both corporate customers and residential users were asking for IPv6; even major state tenders were requiring IPv6.
When this started happening, the Sales Manager complained to the Products, Engineering and Operations departments. The latter were left speechless and some employees were let go by the company. In the end, Sales did not care where the fault lay – they were simply unable to gain new customers. Realizing that they were losing customers, some of the salespeople accepted job offers at the small ISP who was looking to grow their staff as they could now afford the best sales force. Then the same thing happened with the larger ISP’s network manager, an expert who knew a lot about IPv6 but who had been unable to overcome the company’s bureaucracy and bring the new protocol into production. Logically, the network manager was followed by his trusted server administrator and head of security. The large ISP couldn’t believe what was happening right before their very eyes. The sales force hired by the smaller ISP (those who used to work for the large ISP) brought with them their huge customer base, all of them potential prospects.
A stampede of the large ISP’s clients was on the way. The months went by and the smaller ISP was no longer simply offering Internet access – its Data Center had grown, major companies brought in new cache servers and much more. They were now offering co-location, hosting, virtual hosting, voice and video, among many other services.
When the large provider decided to deploy IPv6, it had to do so very quickly. Things went wrong; many errors were made. In addition, certain consultants and companies took advantage of their problems and charged higher rush fees. Network downtime increased, as did the number of calls to the call center. The large ISP’s reputation started to crumble.
As expected, in the end, everyone who was part of this story – clients and providers alike – ended up deploying IPv6. Some ended up happier than others, but everyone adopted IPv6 on their networks.
Subscribe to:
Posts (Atom)