When I built the EVPN VxLAN simulation environment in GNS3, I found that the learned overlay routing entries and underlay routing entries are as follows for SW-1:
Test TOPO
SW-1# show ip route
Codes: K - kernel route, C - connected, S - static, B - BGP, O - OSPF
> - selected route, * - FIB route, q - queued route, r - rejected route, # - not installed in hardware
Destination Gateway Dist/Metric Uptime
-------------------------------------------------------------------------------------------------------------------
C>* 1.1.1.1/32 Direct Loopback0 0/0 00:10:24
B>* 2.2.2.2/32 via 10.1.0.5 Ethernet8 200/0 00:10:01
C>* 10.1.0.4/31 Direct Ethernet8 0/0 00:10:14
SW-1#
SW-1# show ip route vrf Vrf01
Codes: K - kernel route, C - connected, S - static, B - BGP, O - OSPF
> - selected route, * - FIB route, q - queued route, r - rejected route, # - not installed in hardware
Destination Gateway Dist/Metric Uptime
-------------------------------------------------------------------------------------------------------------------
C>* 192.168.1.0/24 Direct Vlan10 0/0 00:10:05
B>* 192.168.2.0/24 via 2.2.2.2 Vlan30 200/0 00:10:01
So can routes between different VRFs be shared?(192.168.2.0/24 -> 2.2.2.2/32)But what I know is that the routing entries for VRF are independent and can not be shared between different VRFs.
Is recursive routing lookup across VRFs legal in this case and how to explain it?
No, VRFs, by definition, are independent, so recursive look ups between them should not possible.
Related
I am trying to create TAP's programatically, to which i am attaching a VLAN and an IPV4 address.
(using C, linux 5.4.56, on an embedded device)
TAP is created correctly with the regular ioctl's (TUNSETIFF, etc ...)
Then, i am using another set of ioctl's to set the VLAN, IPADDR, NETMASK, FLAGS, etc ... (SIOCGIFFLAGS, SIOCSIFADDR, etc ...).
For example
init_sockaddr_in_str((struct sockaddr_in *) &ifr.ifr_addr, ipv4_addr_str);
if (ioctl(sd, SIOCSIFADDR, &ifr) < 0) {
LOG("ioctl(SIOCGSIFADDR) error: (%s)\n",strerror(errno));
}
for setting the IPaddress, sd being a socket created to access this interface file descriptor.
Let supposet I created tap256 at first, the a VLAN tag 256, and an IPaddress a.b.c.d
The problem i have is that, at linux cli, i can correctly see all these interfaces with
"ip -d a"
but
Only the TAP256 is UP with the address set to IT ... an no VLAN
Another interface has been created (TAP256.256) which is DOWN with the VLAN defined
Of course, i can fix this manually (removing the IP addr from one interface, setting it to the other, etc ... but this is not the preferred option, i really liked it to be done programatically.
Is there something i am doing not right ? or a specific sequence of actions which will lead to my TAP256.256 UP and the correct IP address attached to it ?
Thanks,
Jacques
I'm looking for discovering the IP cameras that are connected to my network. I found a tool in the following link
https://github.com/andreikop/python-ws-discovery
when I'm using it with the following commands I can not find one of my cameras which is in my network
from wsdiscovery.discovery import ThreadedWSDiscovery as WSDiscovery
from wsdiscovery.publishing import ThreadedWSPublishing as WSPublishing
from wsdiscovery import QName, Scope
# Define type, scope & address of service
ttype1 = QName("http://www.onvif.org/ver10/device/wsdl", "Device")
scope1 = Scope("onvif://www.onvif.org/Model")
xAddr1 = "localhost:8080/abc"
# Publish the service
wsp = WSPublishing()
wsp.start()
wsp.publishService(types=[ttype1], scopes=[scope1], xAddrs=[xAddr1])
# Discover it (along with any other service out there)
wsd = WSDiscovery()
wsd.start()
services = wsd.searchServices()
for service in services:
print(service.getEPR() + ":" + service.getXAddrs()[0])
wsd.stop()
the result of this commands are:
urn:uuid:9b8cd29b-4bd4-5d1c-2f0c-edf3ff9a7eb3:http://#.#.42.244:80/onvif/device_service
urn:uuid:c65e3f71-99e5-4c5d-9615-325bcab19840:http://#.#.42.128/onvif/device_service
urn:uuid:317435e5-a21c-467b-96b8-a213e455bcb4:http://#.#.42.60:5357/317435e5-a21c-467b-96b8-a213e455bcb4/
my own IP is #.#.42.53
and two IP cameras with IPs:
#.#.42.244 and #.#.42.128 are discovered
but I have another camera which IP is #.#.5.179 and it isn't discoverd.
it's because that it has various IP range from my computer? (the camera range is 5 and my computer range is 42)
In that case how I can solve this problem and expand my discovery range?
I have a playbook that grabs ip address as below.
---
- hosts: all
tasks:
- debug: var=hostvars[inventory_hostname]['ansible_default_ipv4']['address']
Output:
TASK [debug] *************************************************************************************************************************************************
ok: [mwiwas01] => {
"hostvars[inventory_hostname]['ansible_default_ipv4']['address']": "10.0.12.15"
}
However, I wish to get the last two segments of an ip address i.e only 12.15.
Note: the ip addresses would change on each host hence I m looking for a standard solution that is compatible to work for any given IP version 4.
How can I grab the same from the IP address.
Make use of split function .
- debug: var=hostvars[inventory_hostname]['ansible_default_ipv4']['address'].split(".")[3]+hostvars[inventory_hostname]['ansible_default_ipv4']['address'].split(".")[4]
I currently have the following DNS Query Alert rule set up in Suricata (for test purposes):
alert dns any any -> any any (msg:”Test dns_query option”; dns_query; content:”google”; nocase; sid:1;)
Which is triggered when it captures DNS events which contain the word "google", such as in this packet:
{"timestamp":"2017-06-08T15:58:59.907085+0000","flow_id":1798294020028434,"in_iface":"ens33","event_type":"dns","src_ip":"172.16.10.132","src_port":53,"dest_ip":"192.168.160.140","dest_port":52385,"proto":"UDP","dns":{"type":"answer","id":57334,"rcode":"NOERROR","rrname":"www.google.com","rrtype":"A","ttl":300,"rdata":"172.217.12.164"}}
However, instead of searching for resource record names that contain "google", I want to use this same kind of alert to trigger on IP addresses that resolve to loopback, as is the case with the following packet (Notice the rdata field):
{"timestamp":"2017-06-08T15:59:37.120927+0000","flow_id":36683121284050,"in_iface":"ens33","event_type":"dns","src_ip":"172.16.10.132","src_port":53,"dest_ip":"192.168.160.140","dest_port":62260,"proto":"UDP","dns":{"type":"answer","id":53553,"rcode":"NOERROR","rrname":"outlook1.us","rrtype":"A","ttl":120,"rdata":"127.0.0.1"}}
As I have noticed, the contentsection of a Suricata rule searches only for a string.
My current rule triggers on a text match with the rrname/domain, how would I make it so that the rule triggers on rdata/IP address?
p.s.
Just out of curiosity I tried replacing the "google" in the content section of my alert with "127.0.0.1" and that didn't work either, as expected.
The ip address is just a 32 bit number. In the rule the IP should be represented as a hex value and not a string, for purposes of efficiency and saving bandwidth (a string will be 8+ bytes as opposed to 4 bytes).
Here is my final Suricata rule to alert whenever somebody gets sent to loopback on my network:
alert dns any any -> any any (msg:"BLACKLISTED DOMAIN"; content:"|7F 00 00 01|"; sid:1;)
I am new to snmp and after some readings I have 2 questions:-
1) Does net-snmp AUTOMATICALLY sends trap when we configure agent's snmpd.conf file with directives like trapsink, monitor, etc. for inbuilt OIDs like cpu and disk??
I am asking because I am trying to send a trap when cpu goes beyond 90%.
My agent and master are on the same linux box.
My snmptrad.conf file:-
authCommunity log aaa
authCommunity log public
My snmpd.conf file (removing extra comment lines):-
master agentx com2sec notConfigUser default public
group notConfigGroup v1 notConfigUser group
notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1 view systemview
included .1.3.6.1.2.1.25.1.1 view all included .1 view mib2
included .iso.org.dod.internet.mgmt.mib-2 fc
access notConfigGroup "" any noauth exact systemview
none none
createUser internalMonitoringName SHA mysecretpassword AES rouser
internalMonitoringName iquerySecName internalMonitoringName
com2sec local localhost aaa
com2sec net-27 10.0.0.0/8 aaa
com2sec net-46 10.9.46.0/24 aaa
com2sec net-60 10.9.60.0/24 aaa
com2sec net-10 10.20.0.0/16 aaa
group MyRWGroup any local
group MyROGroup any net-27
group MyROGroup any net-46
group MyROGroup any net-60
group MyROGroup any net-10
access MyROGroup "" any noauth 0 all none none
access MyRWGroup "" any noauth 0 all mib2 mib2
syslocation "Somewhere in testlab"
syscontact Root root#localhost
dontLogTCPWrappersConnects yes
trap2sink localhost aaa
monitor -r 30 machineTooBusy hrProcessorLoad > 90
When I run some process to increase cpu load, the cpu load goes beyond 90% (I can see that in top command) but I can't see the trap message in /var/log/messages.
What I am doing wrong here?
2) Also, my next question is, if I have a custom MIB file for which I have wrtten an agent, Can I add the variable/OID from that custom MIB with "monitor" directive in snmpd.conf file to send trap AUTOMATICALLY? OR I must send trap from within my agent???
Please help on my confusion...
No, it doesn't send anything automatically. You have two steps to follow:
1) define where you want to send traps or informs. That's what the trapsink and similar lines do.
2) then define what you want sent. That's what the monitor and similar directives do. The monitor directive can be used to monitor just about anything, including your own custom MIB variables.
When you include both of these, then it'll send out traps automatically (by doing internal monitoring, and then sending a trap to each configured trapsink or other destination).