Description:
When you run the command in the linux shell vtysh to connect to the quagga daemons (such as bgpd, ospfd, etc) returns the following error "Exiting: failed to connect to any daemons"
Just like this:
alejandro @ miserver: ~ $ vtysh -d bgpd
Exiting: failed to connect to any daemons.
alejandro @ miserver: ~ $ vtysh
Exiting: failed to connect to any daemons.
Solution:
The solution is to add the user that is executing vtysh to the quagga group. To do this edit the /etc/group file.
After editing /etc/group should be something like:
quagga:x:1003:alejandro
You can specify multiple users doing:
quagga:x:1003:alejandro, john
This is necessary because vtysh tries to connect to the daemons using UNIX domain sockets and not all users (for security reasons) have access to these sockets.
Another solution:
Another solution might be during the compilation phase where you can specify the linux/unix group for sockets mentioned above. Example:
./configure --enable-vty-group = group
Good luck, I hope this helped,
Site dedicated mainly to internetworking. The goal is to share experiences, teach IP, IPv6. Talk about Linux, IP services, servers, promote IPv6 adoption, routing protocols, security and in some cases just some thoughts. Keywords: linux, cisco, ospf, bgp, eigrp, ip, ipv6, sla, link, routers, routings, telco, telecommunications, security, ipv4
Tuesday, February 17, 2015
Monday, January 26, 2015
The sad tale of the ISP that didn’t deploy IPv6
Once upon a time in the not so distant past, a large ISP dominated a country’s telecommunications market and felt powerful and without competition. Whenever someone needed to log on to the Internet they would use their services. Everyone envied their market penetration.
This large ISP, however, had never wanted to deploy IPv6 because they thought their stock of IP addresses was enough and saw no indicator telling them that they needed the new protocol.
During the course of those years, another smaller ISP began implementing IPv6 and slowly began to grow, as they realized that the protocol did indeed make a difference in the eyes of their clients and that it was helping them win over new users.
The small ISP’s market penetration continued to grow, as did their earnings and general respect for their services. As they grew, it became easier for them to obtain better equipment, traffic and interconnection prices. Everything was going very well. The small ISP couldn’t believe that something as simple as deploying IPv6 could be paying off so spectacularly. Their customers told them their needs included running VPNs and holding conference calls with partners in other parts of the world, and that their subsidiaries, customers and business partners in Europe and Asia had already adopted IPv6.
Despite being so powerful, the large ISP began experiencing internal problems that were neither billing nor money related. Sales staff complained that they were having trouble closing many deals because customers had started asking for IPv6 and, although their ISP was so large and important, they simply did not have IPv6 to offer. Both corporate customers and residential users were asking for IPv6; even major state tenders were requiring IPv6.
When this started happening, the Sales Manager complained to the Products, Engineering and Operations departments. The latter were left speechless and some employees were let go by the company. In the end, Sales did not care where the fault lay – they were simply unable to gain new customers. Realizing that they were losing customers, some of the salespeople accepted job offers at the small ISP who was looking to grow their staff as they could now afford the best sales force. Then the same thing happened with the larger ISP’s network manager, an expert who knew a lot about IPv6 but who had been unable to overcome the company’s bureaucracy and bring the new protocol into production. Logically, the network manager was followed by his trusted server administrator and head of security. The large ISP couldn’t believe what was happening right before their very eyes. The sales force hired by the smaller ISP (those who used to work for the large ISP) brought with them their huge customer base, all of them potential prospects.
A stampede of the large ISP’s clients was on the way. The months went by and the smaller ISP was no longer simply offering Internet access – its Data Center had grown, major companies brought in new cache servers and much more. They were now offering co-location, hosting, virtual hosting, voice and video, among many other services.
When the large provider decided to deploy IPv6, it had to do so very quickly. Things went wrong; many errors were made. In addition, certain consultants and companies took advantage of their problems and charged higher rush fees. Network downtime increased, as did the number of calls to the call center. The large ISP’s reputation started to crumble.
As expected, in the end, everyone who was part of this story – clients and providers alike – ended up deploying IPv6. Some ended up happier than others, but everyone adopted IPv6 on their networks.
This large ISP, however, had never wanted to deploy IPv6 because they thought their stock of IP addresses was enough and saw no indicator telling them that they needed the new protocol.
During the course of those years, another smaller ISP began implementing IPv6 and slowly began to grow, as they realized that the protocol did indeed make a difference in the eyes of their clients and that it was helping them win over new users.
The small ISP’s market penetration continued to grow, as did their earnings and general respect for their services. As they grew, it became easier for them to obtain better equipment, traffic and interconnection prices. Everything was going very well. The small ISP couldn’t believe that something as simple as deploying IPv6 could be paying off so spectacularly. Their customers told them their needs included running VPNs and holding conference calls with partners in other parts of the world, and that their subsidiaries, customers and business partners in Europe and Asia had already adopted IPv6.
Despite being so powerful, the large ISP began experiencing internal problems that were neither billing nor money related. Sales staff complained that they were having trouble closing many deals because customers had started asking for IPv6 and, although their ISP was so large and important, they simply did not have IPv6 to offer. Both corporate customers and residential users were asking for IPv6; even major state tenders were requiring IPv6.
When this started happening, the Sales Manager complained to the Products, Engineering and Operations departments. The latter were left speechless and some employees were let go by the company. In the end, Sales did not care where the fault lay – they were simply unable to gain new customers. Realizing that they were losing customers, some of the salespeople accepted job offers at the small ISP who was looking to grow their staff as they could now afford the best sales force. Then the same thing happened with the larger ISP’s network manager, an expert who knew a lot about IPv6 but who had been unable to overcome the company’s bureaucracy and bring the new protocol into production. Logically, the network manager was followed by his trusted server administrator and head of security. The large ISP couldn’t believe what was happening right before their very eyes. The sales force hired by the smaller ISP (those who used to work for the large ISP) brought with them their huge customer base, all of them potential prospects.
A stampede of the large ISP’s clients was on the way. The months went by and the smaller ISP was no longer simply offering Internet access – its Data Center had grown, major companies brought in new cache servers and much more. They were now offering co-location, hosting, virtual hosting, voice and video, among many other services.
When the large provider decided to deploy IPv6, it had to do so very quickly. Things went wrong; many errors were made. In addition, certain consultants and companies took advantage of their problems and charged higher rush fees. Network downtime increased, as did the number of calls to the call center. The large ISP’s reputation started to crumble.
As expected, in the end, everyone who was part of this story – clients and providers alike – ended up deploying IPv6. Some ended up happier than others, but everyone adopted IPv6 on their networks.
Monday, December 8, 2014
Python Script: Probably useless but functional IPv6 Network scanner
Below is the code of what is probably useless but a functional IPv6 host scanner written in Python using threading.
To perform a regular (brute force) network scans in an IPv6 Network is almost impossible it can take over 5.000 years to finish.
This project was purely academic and I just wanted to learn about threading in Python.
This software is not recommended for general usage.....
This script will call the OS to actually perform the ping
This software receives two parameters:
a) Prefix to scan in the format 2001:db8::/64 (subnet, not host)
b) Number of simultaneous processes it can run (MAXPINGS)
One more time it was purely academic stuff but hopefully it can make your day
Finally, AFAIK nmap does not yet support IPv6 network scan.
The code written in python3:
--- cut here ---
#!/usr/bin/python3
import threading
import sys
import ipaddress
import subprocess
import time
CURRENTPINGS=0 # Number of simultaneous ping at a time
def DOPING6(IPv6ADDRESS):
global MAXPINGS, CURRENTPINGS
CURRENTPINGS+=1
CMD="ping6 -c 3 "+str(IPv6ADDRESS) + " 2> /dev/null > /dev/null"
return_code = subprocess.call(CMD, shell=True)
if return_code == 0: #If ping was succesful
print (IPv6ADDRESS," is alive")
CURRENTPINGS-=1
def main():
global MAXPINGS, CURRENTPINGS
if len(sys.argv) != 3: #Validate how many parameters we are receiving
print(" Not enough or too many parameter")
print(" Usage: ./scanipv6.py IPv6Prefix/lenght MAXPINGS")
print(" Example: ./scanipv6.py 2001:db8::/64 20")
print(" Prefix lenght can be between 64-128")
print(" MAXPINGS corresponds to how many pings will be running at the same time")
exit()
SUBNET,MASK=sys.argv[1].split("/")
MAXPINGS=int(sys.argv[2])
for addr in ipaddress.IPv6Network(sys.argv[1]): #Let's loop for each address in the Block
ping_thread=threading.Thread(target=DOPING6,args=(addr,))
while CURRENTPINGS >= MAXPINGS: # With this while we make it possible to run max simultaneous pings
time.sleep(1) # Let's wait one second before proceeding
#print ("Interrumping...., CURRENTPINGS > MAXPINGS") #Uncomment this line just for debugging
ping_thread.start()
main()
To perform a regular (brute force) network scans in an IPv6 Network is almost impossible it can take over 5.000 years to finish.
This project was purely academic and I just wanted to learn about threading in Python.
This software is not recommended for general usage.....
This script will call the OS to actually perform the ping
This software receives two parameters:
a) Prefix to scan in the format 2001:db8::/64 (subnet, not host)
b) Number of simultaneous processes it can run (MAXPINGS)
One more time it was purely academic stuff but hopefully it can make your day
Finally, AFAIK nmap does not yet support IPv6 network scan.
The code written in python3:
--- cut here ---
#!/usr/bin/python3
import threading
import sys
import ipaddress
import subprocess
import time
CURRENTPINGS=0 # Number of simultaneous ping at a time
def DOPING6(IPv6ADDRESS):
global MAXPINGS, CURRENTPINGS
CURRENTPINGS+=1
CMD="ping6 -c 3 "+str(IPv6ADDRESS) + " 2> /dev/null > /dev/null"
return_code = subprocess.call(CMD, shell=True)
if return_code == 0: #If ping was succesful
print (IPv6ADDRESS," is alive")
CURRENTPINGS-=1
def main():
global MAXPINGS, CURRENTPINGS
if len(sys.argv) != 3: #Validate how many parameters we are receiving
print(" Not enough or too many parameter")
print(" Usage: ./scanipv6.py IPv6Prefix/lenght MAXPINGS")
print(" Example: ./scanipv6.py 2001:db8::/64 20")
print(" Prefix lenght can be between 64-128")
print(" MAXPINGS corresponds to how many pings will be running at the same time")
exit()
SUBNET,MASK=sys.argv[1].split("/")
MAXPINGS=int(sys.argv[2])
for addr in ipaddress.IPv6Network(sys.argv[1]): #Let's loop for each address in the Block
ping_thread=threading.Thread(target=DOPING6,args=(addr,))
while CURRENTPINGS >= MAXPINGS: # With this while we make it possible to run max simultaneous pings
time.sleep(1) # Let's wait one second before proceeding
#print ("Interrumping...., CURRENTPINGS > MAXPINGS") #Uncomment this line just for debugging
ping_thread.start()
main()
Monday, November 17, 2014
$GENERATE A records using BIND. Match forward and rDNS
Hi,
This post is very short but perhaps very useful. There is less documentation on the Internet than expected.
Objective:
a) Set the reverse DNS and forward DNS match for a / 24 in BIND9 using $GENERATE.
Requirements:
- A /24 network (of course, you can adapt the example to other networks)
- BIND9
- We will use A and PTR records
Example:
Network: 192.168.30.0/24
Domain: example.com
Let's make the rDNS for 192.168.30.X resolved to: X.client.example.com
Similarly, X.client.example.com to resolve to 192.168.30.X
It would be like this:
192.168.30.1 ---> 1.client.example.com
192.168.30.2 ---> 2.client.example.com
192.168.30.3 ---> 3.client.example.com
1.client.example.com ---> 192.168.30.1
2.client.example.com ---> 192.168.30.2
3.client.example.com ---> 192.168.30.3
(Etc)
Steps:
We create reverse zone in /etc/bind/named.conf.
a) The reverse zone:
zone "30.168.192.in-addr.arpa" {
type master;
file "30.168.192.in-addr.arpa.db";
allow-query {any; };
};
After that, then in file 30.168.192.in-addr.arpa.db place the following:
This post is very short but perhaps very useful. There is less documentation on the Internet than expected.
Objective:
a) Set the reverse DNS and forward DNS match for a / 24 in BIND9 using $GENERATE.
Requirements:
- A /24 network (of course, you can adapt the example to other networks)
- BIND9
- We will use A and PTR records
Example:
Network: 192.168.30.0/24
Domain: example.com
Let's make the rDNS for 192.168.30.X resolved to: X.client.example.com
Similarly, X.client.example.com to resolve to 192.168.30.X
It would be like this:
192.168.30.1 ---> 1.client.example.com
192.168.30.2 ---> 2.client.example.com
192.168.30.3 ---> 3.client.example.com
1.client.example.com ---> 192.168.30.1
2.client.example.com ---> 192.168.30.2
3.client.example.com ---> 192.168.30.3
(Etc)
Steps:
We create reverse zone in /etc/bind/named.conf.
a) The reverse zone:
zone "30.168.192.in-addr.arpa" {
type master;
file "30.168.192.in-addr.arpa.db";
allow-query {any; };
};
After that, then in file 30.168.192.in-addr.arpa.db place the following:
$TTL 86400 ; 24 hours, could have been written as 24h or 1d
@ 1D IN SOA localhost. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
; Name servers for the zone - both out-of-zone - no A RRs required
NS localhost.
$GENERATE 1-255 $ PTR $.client.example.com.
b) The forward DNS is doing the following in the client.example.com zone file:
$TTL 86400 ; 24 hours, could have been written as 24h or 1d
@ 1D IN SOA localhost. hostmaster.example.com. (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
; Name servers for the zone - both out-of-zone - no A RRs required
NS localhost.
$GENERATE 1-255.client.example.com $ A 192.168.30.$
Testing:
#dig -x 192.168.30.3 (reverse dns)
#dig 3.cliente.ejemplo.com (forward dns)
#dig -x 192.168.30.3 (reverse dns)
#dig 3.cliente.ejemplo.com (forward dns)
P.S. As usual there can be more than way of doing this kind of things.
Saturday, October 18, 2014
Is there any relationship regarding the deployment of IPv6 between entities with ASNs of 16 and 32 bits?
Hi,
Today this came to my mind and fortunately I knew the data existed and to locate the answer was more or less simple. I've been reviewing some data from APNIC (* 1) for several weeks (always focused on the area of coverage Lacnic).
APNIC stores a percentage value per ASN called called ipv6capable, basically is a number that indicates what percentage of an ASN has capacity for IPv6. They have another variable called ipv6 preferred but we will not talk about it right now.
Going back to my micro study: I took a sample for three days: 11, 12 and October 15, 2014
My results (for ipv6capable) were:
Day October 15 (Wednesday)
1.34% in ASNs of 16 bits
1.12% in ASNs of 32 bits
1.26% in all ASNs
----
Day October 11 (Saturday)
1.34% in 16-bit ASN
1.15% in 32-bit ASN
1.27% all ASN
---
Day October 12 (Sunday)
1.35% in 16-bit
1.12% in 32-bit
1.27% all ASN (ASN 3313)
----
I evaluated about 2050 ASNs of 16-bits and 1200 ASN of 32 bits. The difference between ipv6capable ASNs 16 and 32 bits is about 0.2, it is certainly a very small number but when it comes to traffic and users on the Internet these numbers represent significant volume.
My humble finding for this study is simple: It seems that there is a *very* slight preference for the deployment of IPv6 in 16-bit ASN.
Regards,
(*1) http://labs.apnic.net/ipv6-measurement/AS/
Today this came to my mind and fortunately I knew the data existed and to locate the answer was more or less simple. I've been reviewing some data from APNIC (* 1) for several weeks (always focused on the area of coverage Lacnic).
APNIC stores a percentage value per ASN called called ipv6capable, basically is a number that indicates what percentage of an ASN has capacity for IPv6. They have another variable called ipv6 preferred but we will not talk about it right now.
Going back to my micro study: I took a sample for three days: 11, 12 and October 15, 2014
My results (for ipv6capable) were:
Day October 15 (Wednesday)
1.34% in ASNs of 16 bits
1.12% in ASNs of 32 bits
1.26% in all ASNs
----
Day October 11 (Saturday)
1.34% in 16-bit ASN
1.15% in 32-bit ASN
1.27% all ASN
---
Day October 12 (Sunday)
1.35% in 16-bit
1.12% in 32-bit
1.27% all ASN (ASN 3313)
----
I evaluated about 2050 ASNs of 16-bits and 1200 ASN of 32 bits. The difference between ipv6capable ASNs 16 and 32 bits is about 0.2, it is certainly a very small number but when it comes to traffic and users on the Internet these numbers represent significant volume.
My humble finding for this study is simple: It seems that there is a *very* slight preference for the deployment of IPv6 in 16-bit ASN.
Regards,
(*1) http://labs.apnic.net/ipv6-measurement/AS/
Tuesday, June 24, 2014
Monday, August 5, 2013
IPv6 & Satellite links: The right solution for rest of the world
Abstract:
Nowadays, having Internet access is a right.
It’s like having electricity or water. Being an extremist, I would even say
it’s like oxygen in somehow.
This small draft tries to summarize a simple
combination of technologies that is supposed to be a long term solution to
remote places where Internet access if generally difficult to get.
One of the goals of mankind today should be to
offer good and reliable Internet access to everyone, in despite of their
location. Our current motivation is oriented to places where a terrestrial link
is impossible to find.
We basically want to mix two good technologies
that unfortunately we believe are not working together today: 1) satellite
links and 2) IPv6. The first one with its pros and cons -as all kind of
technology- is a proven solution. The second one has also proved to be
reliable, and is the de facto standard for the near future.
Introduction:
In the last 13 years of my life I have been
working in the satellite link area. Additionally, since 1998 I've been curious
about IPv6 but it was not until six years ago that I've really been able to
work with it. Finally, I have always been passionate about Internet, communications
and freedom of information
As a technical person I have
always preferred connections over fiber,
copper or even wireless links (microwave, Wi-Fi, WIMAX, etc.) however
these are not always possible, mostly because of site location.
One of the goals of mankind
today should be to offer good and reliable Internet access to everyone, in
ispite of their location
.
Proposal:
One of the amazing things of satellite links,
it’s their capability to reach virtually anywhere in the globe. I’ve had the
chance to participate in satellite port installations in very remote places
such as boats at sea or in remote rural or jungle sites where there isn't even
cell phone signal. In turn I have seen all kinds of solutions deployed on these
links: ATM (Automatic Teller Machines), PoS (Point of Sales), corporate private
link and of course: Internet Access.
During the last years I have been deeply
involved with IPv6. I am a firm believer in the “Internet of things” concept,
where most things need and will be connected to Internet .
Unfortunately, for various reasons, the
conventional thinking is that Internet
connections are suitable only for home
and office applications in urban sites. Even though this is partly true, we cannot forget the
great masses of people (and things) in non-urban areas, remarkably greater in
developing countries. In the end, this fact becomes very negative. Millions of
people are being left behind when the advantages of Internet access is taken
away from them. i.e.: access to e-learning, e-nursering, telemedicine,
research, cloud computing, online consultations and many other great benefits
provided.
Though fiber links, hybrid fiber-coax and very
high-speed Wireless links are growing in all countries, there are places where
these technologies will never be seen or will be missing for several decades.
The solution I see coming, one we should not miss, is the pairing of the new
Internet protocol (IPv6) and satellite communications. Of course Satellite
links exist everywhere and IPv6 is coming forward, what propose is to keep
those technologies together.
It is my point of view that
this combination is the only one that really combines a long-term feasibility.
And is currently achievable! This is the right way to connect everyone in the
globe and also support the emerging new protocol and many Internet-based
services that already exist and undoubtedly will be growing up at least during
the next few years.
Unfortunately satellite
technology providers have been among the last to offer IPv6 based solutions. At
present, if you google something like: “IPv6
satellite hubs” you won’t get an easy link to click on, and then, if you
hit on the results, you won't find major
Satellite vendors that specifically support IPv6 Hubs. As far as I know, last
year there was only one Satellite Hub manufacturer that added IPv6 support to
its solution. Saying that, we have seen a change, though small, by one supplier.
There looks to be already products (very few) on the market with native
-IPv6- implementations. My belief is that with some support from the community,
and probably from some organization and collaboration we can do this
combination a “must to have” among satellite hubs suppliers. We think that if
the satellite industry keeps growing without
IPv6, it will be worse for it in the long term. Our assumption is based upon
what IPv6 has to offer and what the lack
of it might do to remote locations: 1) missing IPv6 in satellite technology in
those locations will hurt IPv6 deployment, 2) Those places won’t enjoy some
benefits offered by IPv6.
Finally, I would like to mention that
traditional problems found in satellite links such as: 1) round trip delay and
2) costs; are being solved with new technologies. Also there are some new
initiatives that will boost even more this situation.
Conclusion:
The combination of satellite links and IPv6 is
the right way to provide Internet access in very remote places in order to
prepare for the current and the future of Internet-based services.
Subscribe to:
Posts (Atom)