On a router, redistribute protocol A in to protocol B
Following routes will be distributed into protocol B:
1. all interfaces which running protocol A (exclude ISIS/ODR)
2. all routes learned from protocol A
In case of mutual redistribution at multiple redistribution points, be careful when distribute from a preferred (AD) protocol into a less preferred protocol (e.g from OSPF into RIP)
Because link state protocols do not advertise routes from their routing table as do distance vector protocols, there are no updates to filter. Because of this behavior, route filters are mostly used at redistribution points into link state domains, such as an OSPF ASBR, where they can regulate which routes enter or leave the domain. Within the link state domain, route filters have limited utility.
From Routing TCP.IP
Saturday, December 31, 2011
Friday, December 30, 2011
Broadcast 255.255.255.255
Why Broadcast?
Broadcasts are useful when a host needs to find information without
knowing exactly what other host can supply it, or when a host wants
to provide information to a large set of hosts in a timely manner.
How router treat 255.255.255.255?
The address 255.255.255.255 denotes a broadcast on a local hardware network, which must not be forwarded. This address may be used, for example, by hosts that do not know their network number and are asking some server for it.
Ref: http://tools.ietf.org/html/rfc919
http://ciscodreamer.blogspot.com/search/label/ICMP
Tuesday, December 27, 2011
Distance vector vs. Link state
A distance vector protocol shares everything it knows but only with
directly connected neighbors.
Link state protocols announce information only about their directly
connected links, but they share the information with all routers in their routing domain or area.
From book Routing TCP.IP
Bellman–Ford algorithm is used in distance-vector routing protocols
directly connected neighbors.
Link state protocols announce information only about their directly
connected links, but they share the information with all routers in their routing domain or area.
From book Routing TCP.IP
Bellman–Ford algorithm is used in distance-vector routing protocols
- Each node calculates the distances between itself and all other nodes within the AS and stores this information as a table.
- Each node sends its table to all neighboring nodes.
- When a node receives distance tables from its neighbors, it calculates the shortest routes to all other nodes and updates its own table to reflect any changes.
Monday, December 26, 2011
Routing Information Protocol (RIP)
RIPv1 is defined in RFC 1058, and operates on UDP port 520.
RIP uses only hop count as its metric, with a maximum of 15 (a metric of 16 indicates unreachability).
Upon initialization, RIP routers issue requests for routes from neighbors. Neighbors issue responses
containing their full routing tables.
Routers broadcast their entire table to the link-local broadcast address of 255.255.255.255 every 30 seconds (on average; a small jitter is included to prevent simultaneous flooding).
RIP Timers
Update (30 seconds) - How often routes are advertised (+/- a small random delay)
Invalid (180 seconds) - How long a received route will stay in the routing table without being
received again, before being marked as invalid.
Flush (240 seconds) - 60 seconds longer than the invalid timer; invalid routes will be flushed
from the table when this timer is reached.
Holddown (180 seconds) - Routes will be kept in the table for this time before being replaced
by an advertisement with a higher metric.
An offset list can be implemented to artificially increase the metric for certain routes:
offset-list <ACL> {in | out} <offset> <interface>
Use distribute-list to filter routes update:
distribute-list <ACL> {in | out} <interface>
When debugging RIP:
*Mar 1 00:15:42.943: RIP: sending v1 update to 255.255.255.255 via Loopback0 (2.2.2.2)
*Mar 1 00:15:42.943: RIP: build update entries
*Mar 1 00:15:42.943: network 1.0.0.0 metric 2
*Mar 1 00:15:42.947: network 10.0.0.0 metric 1 <<< this means the network is directly connected (by using network command under rip process)
*Mar 1 00:18:21.435: RIP: sending v2 update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Mar 1 00:18:21.439: RIP: build update entries
*Mar 1 00:18:21.439: 1.1.1.1/32 via 0.0.0.0, metric 2, tag 0
*Mar 1 00:18:21.443: 10.0.12.0/24 via 0.0.0.0, metric 1, tag 0 <<< this means the network is directly connected (by using network command under rip process)
Ref: http://media.packetlife.net/media/library/29/Routing_TCP-IP_Vol_1_Notes.pdf
RIP uses only hop count as its metric, with a maximum of 15 (a metric of 16 indicates unreachability).
Upon initialization, RIP routers issue requests for routes from neighbors. Neighbors issue responses
containing their full routing tables.
Routers broadcast their entire table to the link-local broadcast address of 255.255.255.255 every 30 seconds (on average; a small jitter is included to prevent simultaneous flooding).
RIP Timers
Update (30 seconds) - How often routes are advertised (+/- a small random delay)
Invalid (180 seconds) - How long a received route will stay in the routing table without being
received again, before being marked as invalid.
Flush (240 seconds) - 60 seconds longer than the invalid timer; invalid routes will be flushed
from the table when this timer is reached.
Holddown (180 seconds) - Routes will be kept in the table for this time before being replaced
by an advertisement with a higher metric.
An offset list can be implemented to artificially increase the metric for certain routes:
offset-list <ACL> {in | out} <offset> <interface>
Use distribute-list to filter routes update:
distribute-list <ACL> {in | out} <interface>
When debugging RIP:
*Mar 1 00:15:42.943: RIP: sending v1 update to 255.255.255.255 via Loopback0 (2.2.2.2)
*Mar 1 00:15:42.943: RIP: build update entries
*Mar 1 00:15:42.943: network 1.0.0.0 metric 2
*Mar 1 00:15:42.947: network 10.0.0.0 metric 1 <<< this means the network is directly connected (by using network command under rip process)
*Mar 1 00:18:21.435: RIP: sending v2 update to 224.0.0.9 via Loopback0 (2.2.2.2)
*Mar 1 00:18:21.439: RIP: build update entries
*Mar 1 00:18:21.439: 1.1.1.1/32 via 0.0.0.0, metric 2, tag 0
*Mar 1 00:18:21.443: 10.0.12.0/24 via 0.0.0.0, metric 1, tag 0 <<< this means the network is directly connected (by using network command under rip process)
Ref: http://media.packetlife.net/media/library/29/Routing_TCP-IP_Vol_1_Notes.pdf
Sunday, December 25, 2011
Saturday, December 24, 2011
PBR set ip next-hop recursive
access-list 100 permit ip host 1.1.1.1 host 4.4.4.4
!
route-map PBR permit 10
match ip address 100
set ip next-hop recursive 3.3.3.3
##################################################################################
set ip next-hop recursive [3.3.3.3] - The router will forward matching traffic to the interface of "show ip route 3.3.3.3", if can not find any it forward using normal routing table.
##################################################################################
Successful PBR
*Mar 1 00:19:31.507: IP: tableid=0, s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), routed via RIB
*Mar 1 00:19:31.507: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4, len 100, policy match
*Mar 1 00:19:31.511: ICMP type=8, code=0
*Mar 1 00:19:31.511: IP: route map PBR, item 10, permit
*Mar 1 00:19:31.511: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet0/3), len 100, policy routed
*Mar 1 00:19:31.511: ICMP type=8, code=0
*Mar 1 00:19:31.511: IP: Ethernet0/0 to Ethernet0/3 10.2.23.3
*Mar 1 00:19:31.515: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet0/3), g=10.2.23.3, len 100, forward
*Mar 1 00:19:31.515: ICMP type=8, code=0
Unsuccessful PBR
*Mar 1 00:15:53.939: IP: tableid=0, s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), routed via RIB
*Mar 1 00:15:53.939: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4, len 100, policy match
*Mar 1 00:15:53.943: ICMP type=8, code=0
*Mar 1 00:15:53.943: IP: route map PBR, item 10, permit
*Mar 1 00:15:53.943: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), len 100, policy rejected -- normal forwarding
*Mar 1 00:15:53.943: ICMP type=8, code=0
*Mar 1 00:15:53.943: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), g=10.0.24.4, len 100, forward
*Mar 1 00:15:53.947: ICMP type=8, code=0
Ref: http://cisconinja.wordpress.com/category/pbr/
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_pbr.html
!
route-map PBR permit 10
match ip address 100
set ip next-hop recursive 3.3.3.3
##################################################################################
set ip next-hop recursive [3.3.3.3] - The router will forward matching traffic to the interface of "show ip route 3.3.3.3", if can not find any it forward using normal routing table.
##################################################################################
Successful PBR
*Mar 1 00:19:31.507: IP: tableid=0, s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), routed via RIB
*Mar 1 00:19:31.507: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4, len 100, policy match
*Mar 1 00:19:31.511: ICMP type=8, code=0
*Mar 1 00:19:31.511: IP: route map PBR, item 10, permit
*Mar 1 00:19:31.511: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet0/3), len 100, policy routed
*Mar 1 00:19:31.511: ICMP type=8, code=0
*Mar 1 00:19:31.511: IP: Ethernet0/0 to Ethernet0/3 10.2.23.3
*Mar 1 00:19:31.515: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet0/3), g=10.2.23.3, len 100, forward
*Mar 1 00:19:31.515: ICMP type=8, code=0
Unsuccessful PBR
*Mar 1 00:15:53.939: IP: tableid=0, s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), routed via RIB
*Mar 1 00:15:53.939: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4, len 100, policy match
*Mar 1 00:15:53.943: ICMP type=8, code=0
*Mar 1 00:15:53.943: IP: route map PBR, item 10, permit
*Mar 1 00:15:53.943: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), len 100, policy rejected -- normal forwarding
*Mar 1 00:15:53.943: ICMP type=8, code=0
*Mar 1 00:15:53.943: IP: s=1.1.1.1 (Ethernet0/0), d=4.4.4.4 (Ethernet1/3), g=10.0.24.4, len 100, forward
*Mar 1 00:15:53.947: ICMP type=8, code=0
Ref: http://cisconinja.wordpress.com/category/pbr/
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/12s_pbr.html
Thursday, December 22, 2011
Unicast RPF Examples
Unicast RPF is an input function and is applied on the interface of a router only in the ingress direction.
Strict Mode RPF
If the source address is in the FIB and reachable only through the interface on which the packet was received, the packet is passed. The syntax for this method is ip verify unicast source reachable-via rx.
http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html
Bash script to check validate IP address
#!/bin/bash
# Test an IP address for validity:
# Usage:
# is_ip IP_ADDRESS
# if is_ip IP_ADDRESS; then return 1; else return 0; fi
#
is_ip(){
input=$1
octet1=$(echo $input | cut -d "." -f1)
octet2=$(echo $input | cut -d "." -f2)
octet3=$(echo $input | cut -d "." -f3)
octet4=$(echo $input | cut -d "." -f4)
stat=0
if [[ $input =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && [ $octet1 -le 255 ] && [ $octet2 -le 255 ] && [ $octet3 -le 255 ] && [ $octet4 -le 255 ];
then
stat=1
fi
echo "IP $input is $stat."
return $stat
}
if [ -z $1 ];
then
echo "Usage: sh is_ip.sh IP_ADDRESS"
exit 0
else
is_ip $1
fi
Ref: http://www.linuxjournal.com/content/validating-ip-address-bash-script
# Test an IP address for validity:
# Usage:
# is_ip IP_ADDRESS
# if is_ip IP_ADDRESS; then return 1; else return 0; fi
#
is_ip(){
input=$1
octet1=$(echo $input | cut -d "." -f1)
octet2=$(echo $input | cut -d "." -f2)
octet3=$(echo $input | cut -d "." -f3)
octet4=$(echo $input | cut -d "." -f4)
stat=0
if [[ $input =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]] && [ $octet1 -le 255 ] && [ $octet2 -le 255 ] && [ $octet3 -le 255 ] && [ $octet4 -le 255 ];
then
stat=1
fi
echo "IP $input is $stat."
return $stat
}
if [ -z $1 ];
then
echo "Usage: sh is_ip.sh IP_ADDRESS"
exit 0
else
is_ip $1
fi
Ref: http://www.linuxjournal.com/content/validating-ip-address-bash-script
Tuesday, December 20, 2011
Bash error [: =: unary operator expected
Use - if [ "$number" = "1" ]; then
NOT - if [ $number = "1" ]; then
http://linuxcommand.org/wss0100.php
Monday, December 19, 2011
Auto ssh command
$ ssh -q -o BatchMode=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -l remote_login remote_host "command opts args..."
Ref: http://www.unix.com/shell-programming-scripting/75930-how-do-i-handle-ssh-response-expect.html
Auto ssh command
In expect script, below one is working:
spawn ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $vIP
Saturday, December 17, 2011
Expect with different passwords
proc login {user pass} { expect "login:" send "$user\r" expect "password:" send "$pass\r" } set username spongebob set passwords {squarepants rhombuspants} set index 0 spawn telnet 192.168.40.100 login $username [lindex $passwords $index] expect { "login incorrect" { send_user "failed with $username:[lindex $passwords $index]\n" incr index if {$index == [llength $passwords]} { error "ran out of possible passwords" } login $username [lindex $passwords $index] exp_continue } "prompt>" } send_user "success!\n" # ...
http://stackoverflow.com/questions/1538444/using-conditional-statements-inside-expect
Thursday, December 15, 2011
Tuesday, December 13, 2011
Traffic Shaping and Policing
A key difference between shaping and policing is the rate at which tokens are replenished. This section reviews the difference.
Shaping increments the token bucket at timed intervals using a bits per second (bps) value. A shaper uses the following formula:
When the excess burst (Be) is configured to a value different than 0, the shaper allows tokens to be stored in the bucket, up to Bc + Be. The largest value that the token bucket can ever reach is Bc + Be, and overflow tokens are dropped. The only way to have more than Bc tokens in the bucket is to not use all Bc tokens during one or more Tc. Since the token bucket is replenished every Tc with Bc tokens, you can accumulate unused tokens for later use up to Bc + Be.
In contrast, class-based policing and rate-limiting adds tokens continuously to the bucket. Specifically, the token arrival rate is calculated as follows:
Shaping implicitly uses the averaging interval Tc=Bc/CIR to meter the average traffic rate. Larger Bc values allow for better accommodation of bursty traffic flows with oscillating traffic rates. Smaller Bc is good for stable flows, in situations where you don’t tolerate even a small violation of the instant traffic rate.
Ref:
The Meaning of Bc with Traffic Policing
Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting
Shaping and policing on Cisco
Shaping increments the token bucket at timed intervals using a bits per second (bps) value. A shaper uses the following formula:
In this equation, Bc represents the committed burst, and CIR stands for committed information rate. (See Configuring Frame Relay Traffic Shaping for more information.) The value of Tc defines the time interval during which you send the Bc bits in order to maintain the average rate of the CIR in seconds.Tc = Bc/CIR (in seconds)
When the excess burst (Be) is configured to a value different than 0, the shaper allows tokens to be stored in the bucket, up to Bc + Be. The largest value that the token bucket can ever reach is Bc + Be, and overflow tokens are dropped. The only way to have more than Bc tokens in the bucket is to not use all Bc tokens during one or more Tc. Since the token bucket is replenished every Tc with Bc tokens, you can accumulate unused tokens for later use up to Bc + Be.
In contrast, class-based policing and rate-limiting adds tokens continuously to the bucket. Specifically, the token arrival rate is calculated as follows:
In other words, if the previous arrival of the packet was at t1 and the current time is t, the bucket is updated with t-t1 worth of bytes based on the token arrival rate. Note that a traffic policer uses burst values specified in bytes, and the above formula converts from bits to bytes.(time between packets<which is equal to t-t1>* policer rate)/8 bits per byte
Shaping implicitly uses the averaging interval Tc=Bc/CIR to meter the average traffic rate. Larger Bc values allow for better accommodation of bursty traffic flows with oscillating traffic rates. Smaller Bc is good for stable flows, in situations where you don’t tolerate even a small violation of the instant traffic rate.
Ref:
The Meaning of Bc with Traffic Policing
Comparing Traffic Policing and Traffic Shaping for Bandwidth Limiting
Shaping and policing on Cisco
Monday, December 12, 2011
Traffic shaping
AR=Access Rate = Serialization Rate (Ethernet 10Mbps)
It will take 1.2 ms to transmit a 1500Bytes PDU on Ethernet. [1500 * 8 bytes * 1000 ms / 10M]
CIR=Committed Information Rate
Bc=Committed Burst Size
Be=Excessive Burst Size
Tc=Time Interval
Bc/Tc=CIR/SEC
if
CIR=8bps
Tc=125ms
then
Bc=1bit
|125ms_|_|_|_|_|_|_|
<- 1000ms ->
Reduce Bc for smaller Tc to improve VoIP traffic performance (which will wait shorter per time interval)
Be/Tc=(AR-CIR)/SEC
Be allow customer to bank "credit" from early time intervals and send it later on within a second, the overall traffic will not exceed the CIR.
It will take 1.2 ms to transmit a 1500Bytes PDU on Ethernet. [1500 * 8 bytes * 1000 ms / 10M]
CIR=Committed Information Rate
Bc=Committed Burst Size
Be=Excessive Burst Size
Tc=Time Interval
Bc/Tc=CIR/SEC
if
CIR=8bps
Tc=125ms
then
Bc=1bit
|125ms_|_|_|_|_|_|_|
<- 1000ms ->
Reduce Bc for smaller Tc to improve VoIP traffic performance (which will wait shorter per time interval)
Be/Tc=(AR-CIR)/SEC
Be allow customer to bank "credit" from early time intervals and send it later on within a second, the overall traffic will not exceed the CIR.
Understanding Single-Rate and Dual-Rate Traffic Policing
Control Plane Policing Implementation (CPP) Best Practices
Network Core Infrastructure Best Practices
http://www.nanog.org/meetings/nanog42/presentations/Bhaiji_Network_Core.pdf
Control Plane Policing Implementation Best Practices
http://www.cisco.com/web/about/security/intelligence/coppwp_gs.html
Configuring Denial of Service Protection
http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SR/configuration/guide/dos.html
Protecting the Cisco Catalyst 6500 Series Switches Against Denial-Of-Service Attacks
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_paper0900aecd802ca5d6.html
Deploying Control Plane Policing
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd804fa16a.html
Control Plane Policing
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html
ICMP/PING drops when pinging from Nexus 7000
https://supportforums.cisco.com/docs/DOC-15510
Cisco Control Plane Policing
http://security-planet.de/2005/07/26/cisco-control-plane-policing/
Wednesday, December 7, 2011
Filtering BGP Routes
Using Distribute Lists to Filter Network Prefixes
Using Prefix Lists to Filter BGP Routes
Using Route Maps to Filter BGP Routes
Ref:
http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=102
Tuesday, December 6, 2011
ICMP PING
ICMP segment structure
The ICMP header starts after the IPv4 header. All ICMP packets will have an 8-byte header and variable-sized data section.
Windows "ping.exe" adds, by default, 32 bytes of padding
The Linux "ping" utility adds, by default, 56 bytes of padding
#########################################################
C:\Documents and Settings\wentao.yang>ping 121.59.0.1
Pinging 121.59.0.1 with 32 bytes of data:
Reply from 121.59.0.1: bytes=32 time=1ms TTL=247
#########################################################
yang@test.nmlon:~$ ping 192.168.231.0
PING 192.168.231.0 (192.168.231.0) 56(84) bytes of data.
64 bytes from 192.168.231.0: icmp_seq=1 ttl=251 time=1.06 ms
Ref: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
http://ss64.com/bash/ping.html
The ICMP header starts after the IPv4 header. All ICMP packets will have an 8-byte header and variable-sized data section.
Windows "ping.exe" adds, by default, 32 bytes of padding
The Linux "ping" utility adds, by default, 56 bytes of padding
#########################################################
C:\Documents and Settings\wentao.yang>ping 121.59.0.1
Pinging 121.59.0.1 with 32 bytes of data:
Reply from 121.59.0.1: bytes=32 time=1ms TTL=247
#########################################################
yang@test.nmlon:~$ ping 192.168.231.0
PING 192.168.231.0 (192.168.231.0) 56(84) bytes of data.
64 bytes from 192.168.231.0: icmp_seq=1 ttl=251 time=1.06 ms
Ref: http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol
http://ss64.com/bash/ping.html
Monday, December 5, 2011
Steps for sending a packet out
THIS is from https://learningnetwork.cisco.com/thread/15223
Steps for sending a packet out -
Step 1 - (IPv4 Routing Lookup) --> Goal is to decide on the following entities first.
- Longest match / Lowest AD / Lowest Metric / Overlapping Routes(Multiple routes to the same destination in the routing table) / Policy Routing (Will override all the above steps)
- Outgoing interface
- Next-hop
Step 2 - (IPv4 Switching Method) --> Goal is to move packets between interfaces. Load Balancing occurs at this stage. Even though we have multiple routes in the routing table, the load balancing will not occur if the switching method is not configured to do so. If the switching method is not configured for load balancing, the packets will follow the same path even though multiple paths exists in the routing table. Can be verified by "show ip cef exact-route <source ip> <destination ip>". The above command based on the inputs of source and destination, will tell us the next hop IP and outgoing interface the packet is taking.
Decide on the following entities in the second step.
- Process
- Fast
- CEF
- Etc.
[Note -
1.) Once CEF is enabled, it will form the FIB and adjacency table with the help of Routing table and at the same moment and it will not check the routing table from then on unless there is change in the routing table and will forward all the packets based on CEF table only. CEF is ON by default on the routers.
2.) If on a local LAN, some users are saying that they are able to surf web without any issues and some are saying that they are having problems in surfing even though they all are on the sam LAN, then it's most probably issue with the underlying switching method. You can verify it using the command ip cef exact-route <source ip> <destination ip>, by giving the different Users source IP address and the same destination IP address. You can see different next-hop IP address, in the output if two route exists in the routing table for the same destination IP address.
3.) "show ip route" command simply checks whether our routing lookup is working or not. If you can see an valid output by show ip route command, it means our Routing Lookup worked fine. Now we can move on to check the Switching method. ]
Step 3 - (Layer 2 Encapsulation) --> Goal is to build Layer 2 frame header based on the next-hop value.
- Multipoint interfaces require layer 3 to layer 2 resolutions (For ethernet it depends on ARP / Proxy-ARP / Reverse ARP. For Frame-Relay it depends on Inverser-ARP / Static Mappings. Note that Ethernet is mapping remote layer 3 to remote layer 2 whereas Frame-Relay is mapping the remote layer 3 to local layer 2.)
- Point-to-Point interfaces do not require layer 3 to layer 2 mapping.
· Debug ip-packet walkthrough
1.) First and foremost it will only show the process-switched packets.
2.) Secondly, all the packets locally generated or destined to any local interface will only be process switched no matter what. All transit traffic will be fast switched or CEF switched depending on what we have configured on the router.
3.) When you do "debug ip packet", follow the following messages
*Mar 2 02:33:38.559: IP: tableid=0, s=163.1.12.1 (local),d=163.1.12.2(Serial0/0), routed via RIB
*Mar 2 02:33:38.559: IP: s=163.1.12.1 (local), d=163.1.12.2 (Serial0/0),len 100, sending
*Mar 2 02:33:38.559: ICMP type=8, code=0.
*Mar 2 02:33:41.559: IP: s=163.1.12.1 (local), d=163.1.12.2 (Serial0/0),len 100, encapsulation failed
*Mar 2 02:33:41.559: ICMP type=8, code=0
STEP 1 - "routed via FIB / RIB" simply means that routing process was successful. Routed via RIB / FIB doesn't mean that the end-to-end connectivity is through.
STEP 2 - "sending" simply means that the packet is being sent to the switching process. The interface mentioned here is the outgoing interface where the switching process put the packet for transfer.
STEP 3 - If the third line in the output shows that "encapsulation failed" message, it means that our STEP 3 of packet forwarding failed. If you do "debug arp" along with "debug ip packet" you can see exactly after step 2, an ARP will be sent for any network not reachable.
[NOTE -
1.) If one of the above step is broken then it does't imply that the other step is broken. For example, if encapsulation is broken, then it doesn't imply that the routing is broken.
2.) If some router is sitting in the middle of the path and it doesn't have a route to the destination, it will generate ICMP unreachable message back to the source. You can verify it via "debug ip icmp". This is useful in determining end to end rechability. ]
Thanks to Brian McGahan for giving a clear picture of the above concept.
Regards,
Somit Maloo....
Thursday, December 1, 2011
Troubleshooting Memory Problems
Memory fragmentation
Your router is facing an IO memory leak. Don't focus on the fragmentation, it's only a side effect of the leak. The main issue is that you're running out of IO memory and that's why you see MALLOCFAIL in Pool:I/O.
- show buffer pool Large dump
- show mem debug leak
Copy from: https://supportforums.cisco.com/thread/2053474
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6f3a.shtml
IPsec Anti-Replay Window
%CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed
Cisco IPsec authentication provides anti-replay protection against an attacker duplicating encrypted packets by assigning a unique sequence number to each encrypted packet. (Security association [SA] anti-replay is a security service in which the receiver can reject old or duplicate packets to protect itself against replay attacks.) The decryptor checks off the sequence numbers that it has seen before. The encryptor assigns sequence numbers in an increasing order. The decryptor remembers the value X of the highest sequence number that it has already seen. N is the window size, and the decryptor also remembers whether it has seen packets having sequence numbers from X-N+1 through X. Any packet with the sequence number X-N is discarded. Currently, N is set at 64, so only 64 packets can be tracked by the decryptor.
At times, however, the 64-packet window size is not sufficient. For example, Cisco quality of service (QoS) gives priority to high-priority packets, which could cause some low-priority packets to be discarded even though they could be one of the last 64 packets received by the decryptor. The IPsec Anti-Replay Window: Expanding and Disabling feature allows you to expand the window size, allowing the decryptor to keep track of more than 64 packets.
Increasing the anti-replay window size has no impact on throughput and security. The impact on memory is insignificant because only an extra 128 bytes per incoming IPsec SA is needed to store the sequence number on the decryptor. It is recommended that you use the full 1024 window size to eliminate any future anti-replay problems.
Ref: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_iarwe.html#wp1027188
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml
https://supportforums.cisco.com/thread/2046718
Wednesday, November 30, 2011
Shell Scripting: Convert Uppercase to Lowercase
vName=$(echo $1 | tr "[:upper:]" "[:lower:]" | sed 's/\.$//')
echo $vName
wtyang@jump0.nmbeijing:~$ ./test.scr AABBCCDDEE.
aabbccddee
Ref: http://www.cyberciti.biz/faq/linux-unix-shell-programming-converting-lowercase-uppercase/
http://ss64.com/bash/tr.html
echo $vName
wtyang@jump0.nmbeijing:~$ ./test.scr AABBCCDDEE.
aabbccddee
Ref: http://www.cyberciti.biz/faq/linux-unix-shell-programming-converting-lowercase-uppercase/
http://ss64.com/bash/tr.html
Test download speed from a Cisco router
Customer_router(config)#ip route 87.51.34.132 255.255.255.255 150.200.1.253
Customer_router(config)#ip host ftp.freebsd.org 87.51.34.132
Customer_router(config)#ip ftp source-interface vlan 1
Customer_router#copy ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/9.0-RC2/doc.txz flash:
Destination filename [doc.txz]?
Accessing ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/9.0-RC2/doc.txz...
Loading pub/FreeBSD/releases/i386/i386/9.0-RC2/doc.txz !!!!!!
[OK - 1443296/4096 bytes]
1443296 bytes copied in 29.136 secs (49537 bytes/sec)
Customer_router00_ITASS#
Customer_router(config)#ip host ftp.freebsd.org 87.51.34.132
Customer_router(config)#ip ftp source-interface vlan 1
Customer_router#copy ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/9.0-RC2/doc.txz flash:
Destination filename [doc.txz]?
Accessing ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/i386/9.0-RC2/doc.txz...
Loading pub/FreeBSD/releases/i386/i386/9.0-RC2/doc.txz !!!!!!
[OK - 1443296/4096 bytes]
1443296 bytes copied in 29.136 secs (49537 bytes/sec)
Customer_router00_ITASS#
ip flow-top-talkers
ADSL firmware upgrade on 887/877/857 router
I cannot find instructions on how to use the latest 4.0.18 ADSL firmware on an 887 router.
I've downloaded adsl_alc_20190_4.0.018.bin from the website and copied it to flash, but cannot find any instructions on applying the firmware. Tried rebooting but made no difference.
What commands, etc, am I meant to use to make use of this ADSL firmware release ?
Thank you in advance.
Roger.
Correct Answer by kmccourt on May 18, 2010 11:40 AM
Assuming the 887 behaves like the 877/857, the file has to be renamed to:
adsl_alc_20190.bin
and then you reboot.
Ref: https://supportforums.cisco.com/thread/2017655
Ref: https://supportforums.cisco.com/thread/2017655
Tuesday, November 29, 2011
Problem with ICMP filtering and PMTU-D
Say the customer PC sends a 1500-byte packet, with DF set (which is the default for everything these days). It’s fine on the switch, it’s fine on our router. Somewhere between us and the server, it finds a link that only has an MTU of 1400. The router attached to that link can’t fragment (DF is set), so it sends an ICMP error message back explaining that the packet is too big, and that the originating host must send smaller packets. That ICMP packet is not part of the data flow, so the firewall will drop it unless configure to pass it. If the PC never sees the error message, all it knows is that it never got a reply, so it keeps re-transmitting the 1500-byte packet until it eventually times out.
Now, to the problem with ICMP filtering and PMTU-D
In this case, if the ICMP can't fragment errors can not get back to the source host due to a filter, the host will never know that the packets it is sending are too large. This means it will keep trying to send the same large packet, and it will keep being dropped--silently dropped from the view of any system on the other side of the filter. While a small handful of systems that implement PMTU-D also implement a way to detect such situations, most don't and even for those that do it has a negative impact on performance and the network.If this is happening, typical symptoms include the ability for small packets (eg. request a very small web page) to get through, but larger ones (eg. a large web page) will simply hang. This situation can be confusing to the novice administrator because they obviously have some connectivity to the host, but it just stops working for no obvious reason on certain transfers.
There is one solution, and several workarounds, for this problem. They include:
http://www.znep.com/~marcs/mtu/
Resolve IP Fragmentation, MTU, MSS, and PMTUD Issues with GRE and IPSEC
Friday, November 25, 2011
VPN VRF import map /export map
import map /export map are usually used for selectively import or export prefixes [by adding / filtering the RT values] , which makes inter-vrf communications more flexible.
Whereas route-target export / route-target import will unconditionally import or export
Whereas route-target export / route-target import will unconditionally import or export
Thursday, November 24, 2011
BGP Community Lists
There are two types of community list. One is standard community list and another is expanded community list. Standard community list defines communities attribute. Expanded community list defines communities attribute string with regular expression. Standard community list is compiled into binary format when user define it. Standard community list will be directly compared to BGP communities attribute in BGP updates. Therefore the comparison is faster than expanded community list.
http://www.quagga.net/docs/docs-multi/BGP-Community-Lists.html
http://www.quagga.net/docs/docs-multi/BGP-Extended-Community-Lists.html
http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_s1gt.html
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtnextcl.html#wp1050903
http://www.quagga.net/docs/docs-multi/BGP-Community-Lists.html
http://www.quagga.net/docs/docs-multi/BGP-Extended-Community-Lists.html
http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_s1gt.html
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t11/feature/guide/gtnextcl.html#wp1050903
Wednesday, November 23, 2011
Queueing
Hardware queue, software queue
https://learningnetwork.cisco.com/thread/4326
Hardware queue
http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094791.shtml
http://wiki.nil.com/Queuing_Principles_in_Cisco_IOS/FIFO
Cisco switching options
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a7306.shtml
https://learningnetwork.cisco.com/thread/4326
Hardware queue
http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080094791.shtml
http://wiki.nil.com/Queuing_Principles_in_Cisco_IOS/FIFO
Cisco switching options
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a7306.shtml
BGP only send out prefixes which have been already in the routing table.
BGP only send out prefixes which have been already in the routing table.
Monday, November 21, 2011
MTU of ipsec GRE
MTU from http://www.faqs.org/rfcs/rfc1122.html
MTU explaination copy from http://packetlife.net/blog/2008/nov/5/mtu-manipulation/
GRE over IPSec with tunnel mode introduces ~75 bytes overhead, GRE over IPSec with transport mode introduces ~55 bytes overhead
http://ieoc.com/forums/t/10365.aspx
http://packetlife.net/blog/2008/nov/5/mtu-manipulation/
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Solutions for the ipsec over GRE:
1. tunnel path-mtu-discovery on the tunnel interface
2. Use the ip tcp adjust-mss command on the tunnel interfaces
3. Use policy routing on the ingress interface of the router and configure a route map to clear the DF bit in the data IP header before it gets to the GRE tunnel interface.
route-map CLEAR-DF permit 10
set ip df 0
!
interface <LAN>
ip policy route-map CLEAR-DF
!
4. Increase the "ip mtu" on the GRE tunnel interface to be equal to the outbound interface MTU. This will allow the data IP packet to be GRE encapsulated without fragmenting it first. The GRE packet will then be IPsec encrypted and then fragmented to go out the physical outbound interface. In this case you would not configure tunnel path-mtu-discovery command on the GRE tunnel interface. This can dramatically reduce the throughput because IP packet reassembly on the IPsec peer is done in process-switching mode.
The maximum transmission unit, i.e., the size of the largest packet that can be transmitted. The terms frame, packet, datagram, message, and segment are illustrated by the following schematic diagrams: A. Transmission on connected network: _______________________________________________ | LL hdr | IP hdr | (data) | |________|________|_____________________________| <---------- Frame -----------------------------> <----------Packet --------------------> B. Before IP fragmentation or after IP reassembly: ______________________________________ | IP hdr | transport| Application Data | |________|____hdr___|__________________| <-------- Datagram ------------------> <-------- Message -----------> or, for TCP: ______________________________________ | IP hdr | TCP hdr | Application Data | |________|__________|__________________| <-------- Datagram ------------------> <-------- Segment ----------->
MTU explaination copy from http://packetlife.net/blog/2008/nov/5/mtu-manipulation/
Overhead calculation of GRE over IPSec (assume ESP-DES & ESP-MD5-HMAC):
ESP overhead (with authentication) : 31 ~ 38 bytes
GRE header: 24 bytes
IP header: 20 byes
http://ieoc.com/forums/t/10365.aspx
http://packetlife.net/blog/2008/nov/5/mtu-manipulation/
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_white_paper09186a00800d6979.shtml
Solutions for the ipsec over GRE:
1. tunnel path-mtu-discovery on the tunnel interface
2. Use the ip tcp adjust-mss command on the tunnel interfaces
3. Use policy routing on the ingress interface of the router and configure a route map to clear the DF bit in the data IP header before it gets to the GRE tunnel interface.
route-map CLEAR-DF permit 10
set ip df 0
!
interface <LAN>
ip policy route-map CLEAR-DF
!
4. Increase the "ip mtu" on the GRE tunnel interface to be equal to the outbound interface MTU. This will allow the data IP packet to be GRE encapsulated without fragmenting it first. The GRE packet will then be IPsec encrypted and then fragmented to go out the physical outbound interface. In this case you would not configure tunnel path-mtu-discovery command on the GRE tunnel interface. This can dramatically reduce the throughput because IP packet reassembly on the IPsec peer is done in process-switching mode.
Friday, November 18, 2011
Troubleshooting BGP peer flapping issue
Enable “bgp log-neighbor-changes” so you get a log message when a peer flaps
%BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down BGP Notification sent
%BGP-3-NOTIFICATION: sent to neighbor 1.1.1.1 4/0 (hold time expired) 0 bytes
R2#show ip bgp neighbor 1.1.1.1 | include Last reset
Last reset 00:01:02, due to BGP Notification sent, hold time expired
• We are not receiving keepalives from the other side!
Let’s take a look at our peer!
• Hellos are stuck in OutQ behind update packets!
• Notice that the MsgSent counter has not moved
Possible causes
Remote router is not healthy (OutQ)
Lower layer problems (IP)
Things to check
MTU values
Traffic shaping
Rate-limiting parameters
• Looks like a Layer 2 problem
• At this point we have verified that BGP is not at fault
• Next step is to troubleshoot layer 2…
Ref: http://meetings.ripe.net/ripe-44/presentations/ripe44-eof-bgp.pdf
http://docstore.mik.ua/cisco/pdf/routing/Cisco%20Networkers%20-%20Troubleshooting%20Bgp%20In%20Large%20Ip%20Networks.pdf
%BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down BGP Notification sent
%BGP-3-NOTIFICATION: sent to neighbor 1.1.1.1 4/0 (hold time expired) 0 bytes
R2#show ip bgp neighbor 1.1.1.1 | include Last reset
Last reset 00:01:02, due to BGP Notification sent, hold time expired
• We are not receiving keepalives from the other side!
Let’s take a look at our peer!
• Hellos are stuck in OutQ behind update packets!
• Notice that the MsgSent counter has not moved
Possible causes
Remote router is not healthy (OutQ)
Lower layer problems (IP)
Things to check
MTU values
Traffic shaping
Rate-limiting parameters
• Looks like a Layer 2 problem
• At this point we have verified that BGP is not at fault
• Next step is to troubleshoot layer 2…
Ref: http://meetings.ripe.net/ripe-44/presentations/ripe44-eof-bgp.pdf
http://docstore.mik.ua/cisco/pdf/routing/Cisco%20Networkers%20-%20Troubleshooting%20Bgp%20In%20Large%20Ip%20Networks.pdf
Tuesday, November 15, 2011
Match VoIP ports
ip access-list extended REAL-TIME-CLASSIFY
remark VOIP (H323/SIP/IAX/IAX2)
permit udp any any eq 4569
permit udp any eq 4569 any
permit udp any any eq 5036
permit udp any eq 5036 any
permit udp any any eq 5060
permit tcp any any eq 5060
permit udp any eq 5060 any
permit tcp any eq 5060 any
permit udp any any eq 1719
permit udp any eq 1719 any
remark VOIP (RTP) traffic
permit udp any any range 16384 32767
permit udp any range 16384 32767 any
Ref: http://www.voip-info.org/wiki/view/QoS+Cisco
remark VOIP (H323/SIP/IAX/IAX2)
permit udp any any eq 4569
permit udp any eq 4569 any
permit udp any any eq 5036
permit udp any eq 5036 any
permit udp any any eq 5060
permit tcp any any eq 5060
permit udp any eq 5060 any
permit tcp any eq 5060 any
permit udp any any eq 1719
permit udp any eq 1719 any
remark VOIP (RTP) traffic
permit udp any any range 16384 32767
permit udp any range 16384 32767 any
Ref: http://www.voip-info.org/wiki/view/QoS+Cisco
Friday, November 11, 2011
VoIP packet size
Very good notes from learningnetwork.cisco.com
The best explanation is in chapter 5 of the Authorized Self-Study Guide for Cisco Voice over IP (CVoice) Second Edition by Kevin Wallace. Basically, the formula is Bytes_per_sample = Sample_Size * CODEC_Bandwidth / 8 plus overhead.
So, if your sample size is 20 ms (.02 seconds) and you are using the G.711 CODEC, then your basic voice information requires
.02 * 64000 / 8 = 160 bytes per sample. To that, you must add the overhead, which would be 20 bytes for the IP header,
8 bytes for the UDP header, and 12 bytes for the RTP header (to make sure your packets are in the correct order at the receiving end).
So, each voice packet will require 200 bytes. Then, you need to add your Layer 2 overhead (at least 18 bytes for Ethernet).
So, each frame will require at least 218 bytes. And you may also have trunk or tunneling overhead to consider.
Yes, voice packets are small, but you need a lot of them to carry voice. That's why we use compression techniques.
cRTP compresses the IP/UDP/RTP header to either 2 or 4 bytes (4 if you implement check sum). This significantly reduces the overhead.
In addition, you can use a CODEC that requires lower bandwidth. The G.729 CODEC only requires 8000 bits per second, so if you used
G.729 and RTP header compression you would get
.02 * 8000 / 8 = 20 bytes of voice information plus 4 bytes for IP/UDP/RTP for an IP packet size of 24 bytes. Then, you can add your
Layer 2 overhead, whatever it is.
Chapter 1 of the CCNP ONT Official Exam Certification Guide by Amir Ranjbar also contains a lot of good information.
http://www.cisco.com/en/US/tech/tk652/tk698/technologies_tech_note09186a0080094ae2.shtml
https://learningnetwork.cisco.com/thread/11162
The best explanation is in chapter 5 of the Authorized Self-Study Guide for Cisco Voice over IP (CVoice) Second Edition by Kevin Wallace. Basically, the formula is Bytes_per_sample = Sample_Size * CODEC_Bandwidth / 8 plus overhead.
So, if your sample size is 20 ms (.02 seconds) and you are using the G.711 CODEC, then your basic voice information requires
.02 * 64000 / 8 = 160 bytes per sample. To that, you must add the overhead, which would be 20 bytes for the IP header,
8 bytes for the UDP header, and 12 bytes for the RTP header (to make sure your packets are in the correct order at the receiving end).
So, each voice packet will require 200 bytes. Then, you need to add your Layer 2 overhead (at least 18 bytes for Ethernet).
So, each frame will require at least 218 bytes. And you may also have trunk or tunneling overhead to consider.
cRTP compresses the IP/UDP/RTP header to either 2 or 4 bytes (4 if you implement check sum). This significantly reduces the overhead.
G.729 and RTP header compression you would get
.02 * 8000 / 8 = 20 bytes of voice information plus 4 bytes for IP/UDP/RTP for an IP packet size of 24 bytes. Then, you can add your
Layer 2 overhead, whatever it is.
http://www.cisco.com/en/US/tech/tk652/tk698/technologies_tech_note09186a0080094ae2.shtml
https://learningnetwork.cisco.com/thread/11162
Friday, November 4, 2011
Next Hop Resolution Protocol (NHRP)
References:
http://en.wikipedia.org/wiki/Next_Hop_Resolution_Protocol
http://www.cisco.com/en/US/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#wp1054887
http://www.netcraftsmen.net/resources/archived-articles/433.html
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml
http://en.wikipedia.org/wiki/Next_Hop_Resolution_Protocol
http://www.cisco.com/en/US/docs/ios/12_4/ip_addr/configuration/guide/hadnhrp.html#wp1054887
http://www.netcraftsmen.net/resources/archived-articles/433.html
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml
Thursday, November 3, 2011
show derived-config
Usage Guidelines
Configuration commands can be applied to an interface from sources such as static templates, dynamic templates bound by resource pooling, dialer interfaces, AAA per-user attributes and the configuration of the physical interface. The show derived-config command displays all the commands that apply to an interface.
The output for the show derived-config command is nearly identical to that of the show running-config command. It differs when the configuration for an interface is derived from a template, a dialer interface, or some per-user configuration. In those cases, the commands derived from the template, dialer interface, and so on, will be displayed for the affected interface.
If the same command is configured differently in two different sources that apply to the same interface, the command coming from the source that has the highest precedence will appear in the display.
Examples
The following examples show sample output for the show running-config and show derived-config commands for serial interface 0:23 and dialer interface 0. The output of the show running-config and show derived-config commands is the same for dialer interface 0 because none of the commands that apply to that interface are derived from any sources other than the configuration of the dialer interface. The output for the show running-config and show derived-config commands for serial interface 0:23 differs because some of the commands that apply to serial interface 0:23 come from dialer interface 0.
Router# show running-config interface Serial0:23
Ref: http://www.cisco.com/en/US/docs/ios/12_1/configfun/command/reference/frd2002.html#wp1019868
Thursday, October 27, 2011
Standard streams shift command
Bash script
"$#" will expand to the number of arguments passed to the script.
Ref: http://www.ibm.com/developerworks/linux/library/l-bash2/index.html
http://www.ibm.com/developerworks/linux/library/l-bash/index.html
and you executed the shift command the resulting positional parameters would be as follows:
$1 = foo $2 = bar
Ref: http://www.freeos.com/guides/lsst/ch04sec14.html
When writing your own little scripts, it's a good idea to print your error messages to stderr. The usual way to print in a bash script is to use the
This is a normal echo (which goes to stdout), however the
Ref: http://www.kindle-maps.com/blog/how-to-echo-to-stderr.html
http://en.wikipedia.org/wiki/Standard_streams
http://en.wikipedia.org/wiki/Pipeline_%28Unix%29
http://en.wikipedia.org/wiki/File_descriptor
http://www.unix.com/shell-programming-scripting/113138-what-does-code-mean.html
"$#" will expand to the number of arguments passed to the script.
Ref: http://www.ibm.com/developerworks/linux/library/l-bash2/index.html
http://www.ibm.com/developerworks/linux/library/l-bash/index.html
The shift Command
The shift command moves the current values stored in the positional parameters (command line args) to the left one position. For example, if the values of the current positional parameters are:$1 = -f $2 = foo $3 = barand you executed the shift command the resulting positional parameters would be as follows:
$1 = foo $2 = bar
Ref: http://www.freeos.com/guides/lsst/ch04sec14.html
What does those mean?
2>&1
>&2On the unix command line, each command can print to stdout (standard output) or stderr (standard error). By convention, error messages go to stderr, and normal messages go to stdout. You usually connect stdout to the stdin (standard input) of another process. Having a long pipe of commands and this stderr/stdout convention means that the error messages from one command don't go polluting the input to the next command. It also means that you can see the error messages of the commands, since stderr is shown on your terminal (if they were printed to stdout, then you would not see the error messages, since they would be sent to the input of another command).
When writing your own little scripts, it's a good idea to print your error messages to stderr. The usual way to print in a bash script is to use the
echo
shell builtin command. You can "echo" to stderr like this:echo "Your error message here" >&2
>&2
(which is shorthand for 1>&2
), means 'mix the stdout to the stderr'. 1
is stdout, and 2
is stderr here.Ref: http://www.kindle-maps.com/blog/how-to-echo-to-stderr.html
http://en.wikipedia.org/wiki/Standard_streams
http://en.wikipedia.org/wiki/Pipeline_%28Unix%29
http://en.wikipedia.org/wiki/File_descriptor
http://www.unix.com/shell-programming-scripting/113138-what-does-code-mean.html
Linux cut sed examples
Linux cut and sed examples:
cut -d" " -f3
example:
echo this is cut example |cut -d" " -f3
sed 's/\.$//' # cut the last . from the line
example:
echo this is sed example. | sed 's/\.$//'
this is sed example
Mix: |cut -d" " -f3 |sed 's/\.$//'
echo this is mixexample. | cut -d" " -f3 |sed 's/\.$//'
mixexample
Ref: http://www.ibm.com/developerworks/linux/library/l-sed3/index.html
http://www.grymoire.com/Unix/Sed.html
cut -d" " -f3
example:
echo this is cut example |cut -d" " -f3
cut
sed 's/\.$//' # cut the last . from the line
example:
echo this is sed example. | sed 's/\.$//'
this is sed example
Mix: |cut -d" " -f3 |sed 's/\.$//'
echo this is mixexample. | cut -d" " -f3 |sed 's/\.$//'
mixexample
Ref: http://www.ibm.com/developerworks/linux/library/l-sed3/index.html
http://www.grymoire.com/Unix/Sed.html
Tuesday, October 25, 2011
CEF
Check CEF
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_tech_note09186a00801e1e46.shtml
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_tech_note09186a00801e1e46.shtml
Some basic Linux scripts
Sample Shell Script
Here is what you need to put in a shell script:#!/bin/bash # script to send simple email # email subject SUBJECT="SET-EMAIL-SUBJECT" # Email To ? EMAIL="admin@somewhere.com" # Email text/message EMAILMESSAGE="/tmp/emailmessage.txt" echo "This is an email message test"> $EMAILMESSAGE echo "This is email text" >>$EMAILMESSAGE # send an email using /bin/mail /bin/mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE
Ref: http://theos.in/shell-scripting/send-mail-bash-script/
Change sender's email address
Use the following: mail -s "subject" mail1@server.com -- -r "from@fromserver.com" -f </path/to/file>
Ref: http://www.linuxquestions.org/questions/linux-newbie-8/option-to-specify-senders-address-in-mail-command-374223/
Change the lines
this command: echo “first line \nsecond line” will result in the below line:first line \nsecond line (as you can see there is no new line)
but this one: echo -e “first line \nsecond line” (with the -e) will result in what you want:
echo -e “first line \nsecond line”
first line
second line
http://techteam.wordpress.com/2008/09/25/n-not-creating-new-line-in-bash-script/
String contain test
string='My string';
if [[ $string =~ .*My.* ]]
then
echo "It's there!"
fi
Ref: http://stackoverflow.com/questions/229551/string-contains-in-bash
Sunday, October 23, 2011
Online PDF info
http://www.yuzhigang.com/blog/share/page/2
Subscribe to:
Posts (Atom)