• Links:
BGP Basics
BGP Attributes
Route Reflector
IGMP Multipath Load Shating
Cisco Q&A
• BGP route selection algorithm
•Weight - Cisco Specific - Not advertised to neighbor routers - Two links to one router both advertising the same network - Higher weight is applied to one and installed into the IP routing table
•Local preference - Two routers receiving updates from a neighbor for the same network - the higher local preference value wins
•Multi-exit discriminator - (MED) suggestion to an external AS for the preferred route - Lower value metric wins - MED's are advertised throughout the local AS
•Origin - How did BGP learn about the route - Three Possible ways -
1.IGP Interior to the originating AS (IGP) Value set when the command was used to inject the route into BGP
2. EGP The route was learned via an Exterior Border Gateway Protocol (EGBP)
3. Incomplete The origin of the route is unknown or learned in some other way. Redistributed into BGP
•AS_path - Shorter AS path wins - updates with the router's own AS are rejected
•Next hop - The IP address that is used to reach the advertising router. For EBGP peers the IP is the connection between the peers - in IBGP the EBGP next hop address is preserved in the local AS.
•Community - Route maps are used to group destinations into a community - Predefined communities are:
no-export - do not advertise this route to EBGP peers
no-advertise - do not advertise this route to any peer
internet - advertise this route to the internet all routers in the network belong to is
• BGP Valid AS Numbers
1 to 64,511
64,512 to 65,535 are reserved fr private use
• In order for two BGP peers to form a BGP session they must first have an active TCP session and be able to reach one another over TCP port 179.
• Alias Commands:
alias exec cib clear ip bgp *
alias sb show ip bgp summary
• Show Commands:
show proc cpu | include BGP
show ip bgp (*> noting best reachable route)
show ip bgp | exclude [AS#]
show run | begin router bgp
show ip bgp neighbors
Saturday, April 21, 2007
Thursday, April 12, 2007
File Permissions
To add write permission for the group on a file called "file1":
type: chmod g+w file1
To remove read and write permission for the group and others on "file1":
type: chmod go-rw file1
To make "file1" and "file2" executable for yourself:
type: chmod u+x file1 file2
To deny the group and others cd permission to the directory "direct1":
type: chmod go-x direct1
To do several steps at once:
Remove read and write permission on file1 for others, add write permission for the group:
type: chmod g+w,o-rw file1
type: chmod g+w file1
To remove read and write permission for the group and others on "file1":
type: chmod go-rw file1
To make "file1" and "file2" executable for yourself:
type: chmod u+x file1 file2
To deny the group and others cd permission to the directory "direct1":
type: chmod go-x direct1
To do several steps at once:
Remove read and write permission on file1 for others, add write permission for the group:
type: chmod g+w,o-rw file1
Sunday, April 8, 2007
UNIX Tips and Tricks
First off I want to say that these commands are specific to the mac and should be used to get things like system information and move/open files.
• Secure Copy
From source to Destination
scp /directory/localfile user@hostname.domain.com:filename
- or -
scp local_file user@hostip:/directory/directory/filename
________________________
• Copy via ftp
Say you want to copy an IOS image from a server to a router and tftp keeps timing out. You can use ftp to perform the task with no issue. You will need to turn on your ftp service and then put the file in your Public directory for the router to access it. Here is the command:
________________________
• Make a copy of a directory in a new location with ditto:
- Existing directory named bgp, full of files. You want an exact copy of that directory and all the files in it just with a new name:
sudo ditto bgp rip
________________________
• Listing the ports you have configured in your System Preferences/Network
- Enter
networksetup -listallnetworkservices
Built-in Ethernet
PCI Ethernet Slot 3, Port 1
PCI Ethernet Slot 3, Port 2
PCI Ethernet Slot 3, Port 3
PCI Ethernet Slot 3, Port 4
Built-in FireWire
VPN (L2TP)
________________________
• Specific Interface information:
- Enter
networksetup -getinfo "Built-in Ethernet"
- or -
networksetup -getinfo "Airport"
Manual Configuration
IP address: X.X.X.X
Subnet mask: 255.255.252.0
Router: X.X.X.X
IPv6: Automatic
IPv6 Link Local Address: fe80::XXXx:XXXX:XXXX:XXX
Ethernet Address: 00:30:XX:XX:XX:XX
________________________
• Setting up and interface
- Enter
sudo networksetup -setmanual "Built-in Ethernet" 192.168.100.100 255.255.255.0 192.168.100.1
________________________
• Tar
tar -cvzf images.tar "File Name"
-- unpack --
tar -xzf ~/filename.tar/
________________________
• DHCP Netinfo - Network info
ipconfig getpacket en1
________________________
• Logging elimination of specified text
tail -f /var/log/router.log| sed -e '/routername/d' -e '/other_router/d'
/d is a sed option to delete the whole line if it matches what's inside the two /'s
tail -f /logs/cisco-routers | egrep -v list
________________________
• Grep through directory in search of specific text
grep -e 'aaa' -f *confg
________________________
• sftp
sftp://username@host.domain.com:22/
________________________
• Alias Address Ethernet Interface
sudo ifconfig en0 inet X.X.X.X netmask 255.255.252.0 alias
** Remove
sudo ifconfig en0 X.X.X.X netmask 0xfffffc00 broadcast X.X.X.X -alias
________________________
• DNS Digging
495 dig axfr domain.com @disthost.domin.com | grep hostname
496 dig axfr domain.com @disthost.domin.com | sed -e '/^hostname/p'
497 dig axfr domain.com @disthost.domin.com | grep ^hostname
498 dig axfr domain.com @disthost.domin.com | grep ^hostname | sed -e '/MX/d'
**
dig axfr domain.com @disthost.domin.com | grep ^hostname | sed -e '/MX/d'
________________________
• Piping output to file
sudo tcpdump -i en1 > ~/Desktop/output
________________________
• Grep -
grep "Nov 22" /var/log/system.log | grep -v "words to omit"|grep -v "more words|grep -v "even more words"
-or -
tail -f /var/log/router.log | egrep -v "line 103|line 104"
________________________
• Netinfo
Determining what Netinfo Server a client has bound to:
sudo lsof -i | grep lookupd
________________________
Man pages stored in /usr/share/man/man8/
____+_________+_______
Revision control:
/usr/local/tftp/configs - Location of the files
rcsdiff rotuername.domain.com-confg - gets you the revision number
rcsdiff -r1.2 router.domain.com-confg - once you have that revision number you can compare the changes
co -p1.11 router.domain.com-confg - Complete revision of a config
________________________
• SSH to Router with Secure ID Auth
ssh -l user X.X.X.X
________________________
• Searching with Grep
grep gnutella *.acl
________________________
• Clearing the contents of a file
cat /dev/null >/var/log/filename.log
________________________
• Active Connections on a box:
netstat -a -f inet -p TCP | grep -i established
________________________
• Port Check
nc -z -v hostname.domain.com 443
________________________
• Tar Files
tar -cvvf home.tar home/
In the above example command the system would create a tar file named home.tar
in the directory you currently are in of the home directory.
________________________
• Extracting the files from a tar file:
tar -xvvf myfile.tar
In the above example command the system would uncompress (untar) the myfile.tar file in the current directory.
ssh preshared key generation -
http://developer.apple.com/documentation/developertools/Conceptual/XcodeUserGuide/Contents/Resources/en.lproj/13_SSHEnvironment/chapter_953_section_1.html
________________________
• Making a cool .bash_profile:
alias servername="ssh yourname@servername.com"
alias ls="ls -lGitur"
alias q="exit"
alias tftp="cd /private/tftpboot"
alias open="cd /Applications"
alias tunnel="ssh username@servername.com -D 2222"
________________________
• Listing open connections you haveon your system:
lsof -i
________________________
• Updating your path (bash) with:
% echo 'PATH=$PATH:/usr/local/bin' >> ~/.bash_profile
% source .bash_profile
________________________
• MD5 Hash
openssl passwd -1 -table -salt "73u3" "cisco"
________________________
• Show system Version (Mac OS X)
sw_vers
• Secure Copy
From source to Destination
scp /directory/localfile user@hostname.domain.com:filename
- or -
scp local_file user@hostip:/directory/directory/filename
________________________
• Copy via ftp
Say you want to copy an IOS image from a server to a router and tftp keeps timing out. You can use ftp to perform the task with no issue. You will need to turn on your ftp service and then put the file in your Public directory for the router to access it. Here is the command:
copy ftp://un:pw@hostname/Public/biglong_imagename(withlots of numbers).bin disk1:
________________________
• Make a copy of a directory in a new location with ditto:
- Existing directory named bgp, full of files. You want an exact copy of that directory and all the files in it just with a new name:
sudo ditto bgp rip
________________________
• Listing the ports you have configured in your System Preferences/Network
- Enter
networksetup -listallnetworkservices
Built-in Ethernet
PCI Ethernet Slot 3, Port 1
PCI Ethernet Slot 3, Port 2
PCI Ethernet Slot 3, Port 3
PCI Ethernet Slot 3, Port 4
Built-in FireWire
VPN (L2TP)
________________________
• Specific Interface information:
- Enter
networksetup -getinfo "Built-in Ethernet"
- or -
networksetup -getinfo "Airport"
Manual Configuration
IP address: X.X.X.X
Subnet mask: 255.255.252.0
Router: X.X.X.X
IPv6: Automatic
IPv6 Link Local Address: fe80::XXXx:XXXX:XXXX:XXX
Ethernet Address: 00:30:XX:XX:XX:XX
________________________
• Setting up and interface
- Enter
sudo networksetup -setmanual "Built-in Ethernet" 192.168.100.100 255.255.255.0 192.168.100.1
________________________
• Tar
tar -cvzf images.tar "File Name"
-- unpack --
tar -xzf ~/filename.tar/
________________________
• DHCP Netinfo - Network info
ipconfig getpacket en1
________________________
• Logging elimination of specified text
tail -f /var/log/router.log| sed -e '/routername/d' -e '/other_router/d'
/d is a sed option to delete the whole line if it matches what's inside the two /'s
tail -f /logs/cisco-routers | egrep -v list
________________________
• Grep through directory in search of specific text
grep -e 'aaa' -f *confg
________________________
• sftp
sftp://username@host.domain.com:22/
________________________
• Alias Address Ethernet Interface
sudo ifconfig en0 inet X.X.X.X netmask 255.255.252.0 alias
** Remove
sudo ifconfig en0 X.X.X.X netmask 0xfffffc00 broadcast X.X.X.X -alias
________________________
• DNS Digging
495 dig axfr domain.com @disthost.domin.com | grep hostname
496 dig axfr domain.com @disthost.domin.com | sed -e '/^hostname/p'
497 dig axfr domain.com @disthost.domin.com | grep ^hostname
498 dig axfr domain.com @disthost.domin.com | grep ^hostname | sed -e '/MX/d'
**
dig axfr domain.com @disthost.domin.com | grep ^hostname | sed -e '/MX/d'
________________________
• Piping output to file
sudo tcpdump -i en1 > ~/Desktop/output
________________________
• Grep -
grep "Nov 22" /var/log/system.log | grep -v "words to omit"|grep -v "more words|grep -v "even more words"
-or -
tail -f /var/log/router.log | egrep -v "line 103|line 104"
________________________
• Netinfo
Determining what Netinfo Server a client has bound to:
sudo lsof -i | grep lookupd
________________________
Man pages stored in /usr/share/man/man8/
____+_________+_______
Revision control:
/usr/local/tftp/configs - Location of the files
rcsdiff rotuername.domain.com-confg - gets you the revision number
rcsdiff -r1.2 router.domain.com-confg - once you have that revision number you can compare the changes
co -p1.11 router.domain.com-confg - Complete revision of a config
________________________
• SSH to Router with Secure ID Auth
ssh -l user X.X.X.X
________________________
• Searching with Grep
grep gnutella *.acl
________________________
• Clearing the contents of a file
cat /dev/null >/var/log/filename.log
________________________
• Active Connections on a box:
netstat -a -f inet -p TCP | grep -i established
________________________
• Port Check
nc -z -v hostname.domain.com 443
________________________
• Tar Files
tar -cvvf home.tar home/
In the above example command the system would create a tar file named home.tar
in the directory you currently are in of the home directory.
________________________
• Extracting the files from a tar file:
tar -xvvf myfile.tar
In the above example command the system would uncompress (untar) the myfile.tar file in the current directory.
ssh preshared key generation -
http://developer.apple.com/documentation/developertools/Conceptual/XcodeUserGuide/Contents/Resources/en.lproj/13_SSHEnvironment/chapter_953_section_1.html
________________________
• Making a cool .bash_profile:
alias servername="ssh yourname@servername.com"
alias ls="ls -lGitur"
alias q="exit"
alias tftp="cd /private/tftpboot"
alias open="cd /Applications"
alias tunnel="ssh username@servername.com -D 2222"
________________________
• Listing open connections you haveon your system:
lsof -i
________________________
• Updating your path (bash) with:
% echo 'PATH=$PATH:/usr/local/bin' >> ~/.bash_profile
% source .bash_profile
________________________
• MD5 Hash
openssl passwd -1 -table -salt "73u3" "cisco"
________________________
• Show system Version (Mac OS X)
sw_vers
Subscribe to:
Posts (Atom)
