Juniper SRX add custom BGP route - bgp

I have BGP configured between AzureStack (win2k16) and SRX210. On the Juniper I see all routes advertised but the Juniper is only advertising its physical interface networks..
I want the Juniper to also include all static routes that are configured towards the 2k16 machine..
Config NOW (on juniper)
policy-statement send-direct {
term 1 {
from protocol direct;
then accept;
}
group AzureStack {
type internal;
multihop {
ttl 50;
}
export send-direct;
neighbor 172.16.7.14 {
local-address 172.16.7.1;
peer-as 65050;
local-as 65050;
}
}
Received on 2k16
DestinationNetwork NextHop
172.16.4.0/29 172.16.7.1 Juniper
172.16.5.0/24 172.16.7.1 Juniper
172.16.6.0/24 172.16.7.1 Juniper
But my Juniper for example has a static route to 172.16.8.0/22 which I want to include in the bgp advertisement..

You would want to modify your policy to advertise static-routes. Maybe create another term in your policy.
set policy-options policy-statement send-direct term2 from protocol static
set policy-options policy-statement send-direct term2 then accept

Related

Cloud Run Service not picking up client correct IP address

I have a service hosted on Google Cloud Run. The service uses socket io whenever the service is up and running.
When a socket client connects to the service I have the following function that gets the ip address of the connected client from the socket as shown below and then I am hitting this GeoPlugin Link with the retrieved IP
async getSocketIP(socket) {
let { headers, address } = socket.handshake;
let { origin } = headers;
let ip = headers['x-forwarded-for'];
let userAgent = headers['user-agent'];
try {
let locationPointUrl = `http://www.geoplugin.net/json.gp?ip=${ip}`;
let { data: location } = await axios.get(locationPointUrl);
} catch (e) {
console.log(`Error get client online IP on Socket IO`);
}
}
Unfortunately, irrespective of the User's Location the IP always resolves to US.
I have a custom domain mapped to the cloud run service via Domain Mapping.
What could be the reason the IP of the Client is always US IP?
Please note that this same service when hosted on Heroku gets the correct IP address of the connected client.
So, I'm very certain that it has something to do with Cloud Run.
All my services on Cloud Run are on US-CENTRAL1
For anyone who may experience something like this in the future.
We had Cloudflare sitting in front of Cloud Run.
So, to get the correct Client's IP address all we had to do was retrieve it from cf-connecting-ip header instead of x-forwarded-for.
So, the modified and working code now becomes:
async getSocketIP(socket) {
let { headers, address } = socket.handshake;
let { origin } = headers;
let ip = headers['cf-connecting-ip'] ?? headers['x-forwarded-for']; //Notice the difference
let userAgent = headers['user-agent'];
try {
let locationPointUrl = `http://www.geoplugin.net/json.gp?ip=${ip}`;
let { data: location } = await axios.get(locationPointUrl);
} catch (e) {
console.log(`Error get client online IP on Socket IO`);
}
}

how to get hostname information on TCP via TLS

Below is the code from server file. Trying to get the remoteAdress as host name. but it is giving Remote Address received: :ffff :10.197.0.145 instead of hostname.
async function serverImpl(stream) {
const ctx = {
id: crypto.createHash("sha256").update(stream.getSession())
.digest("hex"), // deriving a unique client id from the tls session identifier
remoteAddress: stream.remoteAddress,
remotePort: stream.remotePort,
servername: stream.servername
}
}
We are using TLS handshake for the Security. Expecting hostname from TCP or using TLS mandatorily. Help us on this

Correct usage of AddressResolver interface

I was wondering if there is an example usage of the AddressResolver interface in apache ignite.
I was trying to 'bind' my local IP addresses (e.g. 192.168.10.101) to my external IP address using the AddressResolver interface, but without luck.
When I do that the Ignite server just hangs (no output from the debug either)
My code for starting the server is:
TcpDiscoverySpi spi = new TcpDiscoverySpi();
TcpDiscoveryVmIpFinder ipFinder = new TcpDiscoveryVmIpFinder();
ipFinder.setAddresses(ipaddresses);
spi.setIpFinder(ipFinder);
spi.setAddressResolver(new IotAddressResolver());
IgniteConfiguration cfg = new IgniteConfiguration();
// Override default discovery SPI.
cfg.setDiscoverySpi(spi);
System.setProperty("IGNITE_QUIET", "false");
// Start Ignite node.
ignite = Ignition.start(cfg);
My implementation for AddressResolver is:
public class IotAddressResolver implements AddressResolver {
#Override
public Collection<InetSocketAddress> getExternalAddresses(
InetSocketAddress internalAddresses) throws IgniteCheckedException {
String host = "XX.XX.XX.XX";
Collection<InetSocketAddress> result = new ArrayList<InetSocketAddress>();
result.add(new InetSocketAddress(host, internalAddresses.getPort()));
return result;
}
}
The last line of the ignite debug log is:
WARNING: Timed out waiting for message to be read (most probably, the reason is in long GC pauses on remote node) [curTimeout=9989]
I will appreciate any help. Thank you
Can you provide more details about your deployment and what you're trying to achieve with the help of address resolver? How many physical hosts and Ignite nodes do you have? Are they located in different networks with the router between them?
I dont know if this is the best way to handle this but I managed to start igntie as local server. I am setting my local ip and port like this:
System.setProperty("IGNITE_QUIET", "false");
TcpDiscoverySpi spi = new TcpDiscoverySpi();
TcpDiscoveryVmIpFinder ipFinder = new TcpDiscoveryVmIpFinder();
TcpCommunicationSpi commSpi = new TcpCommunicationSpi();
// Set initial IP addresses.
ipFinder.setAddresses(ipaddresses);
spi.setIpFinder(ipFinder);
// Override local port.
commSpi.setLocalPort(47501);
commSpi.setLocalAddress("XX.XX.XX.XX");
commSpi.setLocalPortRange(50);
IgniteConfiguration cfg = new IgniteConfiguration();
// Override default communication SPI.
cfg.setCommunicationSpi(commSpi);
cfg.setDiscoverySpi(spi);
cfg.setAddressResolver(new IotAddressResolver());
cfg.setClientMode(true);
// Start Ignite node
ignite = Ignition.start(cfg);
Where XX.XX.XX.XX is my local IP address

Does sendmsg system call validate IPv6 source-address added into ancillary data?

I see following behavior with sendmsg in case of IPv4:
Suppose that 10.1.2.3 is the client IP.
And 10.1.2.10 is configured on one of the interfaces of client.
In an UDP message, following control information is added into the packet:
It is just the source-address or interface address that server should use in replying back to the client:
cmsg->cmsg_len = sizeof(struct cmsghdr) + sizeof(sa->sin_addr);
cmsg->cmsg_level = IPPROTO_IP;
cmsg->cmsg_type = IP_SENDSRCADDR_WITH_ERROR;
* (struct in_addr *)CMSG_DATA(cmsg) = sa->sin_addr;
cmsg = (struct cmsghdr *)((caddr_t) cmsg + ALIGN(cmsg->cmsg_len));
And message is sent as:
sendmsg(fd, send_msg, 0);
If I configure 10.1.2.10 as source-ip and once it is added into cmsg, things work fine.
server replies back to 10.1.2.10.
But, if I configure some un-reachable IP address or IP that is not configured on any interface on the client, sendmsg fails with below error:
sendmsg to 10.1.2.3(10.1.2.3).1813 failed: Can't assign
requested address
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
But I do not see the same behavior with IPv6:
Suppose that 2001::1 is the client IP.
And 2001::2001 is configured on one of the interfaces of client.
IPv6 source address is added into control message as below:
cmsg->cmsg_level = IPPROTO_IPV6;
cmsg->cmsg_type = IPV6_PKTINFO;
cmsg->cmsg_len = CMSG_LEN(sizeof(struct in6_pktinfo));
memcpy((struct in6_addr *)CMSG_DATA(cmsg), &(sa6->sin6_addr),
sizeof(sa6->sin6_addr));
cmsg = (struct cmsghdr *)((caddr_t) cmsg + ALIGN(cmsg->cmsg_len));
It works fine, if I configure 2001::2001 as source-ip and server does reply back to this address.
But If I configure an unreachable IPv6 source address say 1001::1001, there is no error message from sendmsg similar to the one we see in IPv4 case. Message is still sent with original IPv6 which is 2001::1.
Can someone please suggest on what can be the problem?
Thanks.
IP_SENDSRCADDR and IPV6_PKTINFO must be two different implementations. Maybe in the first case it just control errors. Have you tried to set the interface index in the ancillary data for IPV6_PKTINFO? For IPV6_PKTINFO the ancillary data is of type: in6_pktinfo.
struct in6_pktinfo {
struct in6_addr ipi6_addr; /* src/dst IPv6 address */
unsigned int ipi6_ifindex; /* send/recv if index */
};
Hope this helps in some way
I meet the same issue, I set source address as 408:6666:f:f500::1 (not local IP), but I received the packet with 4085:6666:f:fc10::1 (the local IP) as source address, no matter I set ipi6_ifindex or not.
I will get forward to investigate it.

How to broadcast Video using UDPCLient Class in C# over internet?

I am trying to develop a Video Client/functionality that captures video using webcam and transfers to other servent (server-client) somewhere on the internet. I am using UDPCLient Class to do that.
I want my application to be able to listen and tarnsmit video captured from webcam. The capturing, transmission and receiving works fine when i do that on local network.
But when i test the application from behind router (across two differnt networks/internet) after forwarding respective ports, the internet connectivity is lost on both routers (They hang up or something) and i need to restart the routers or switch to an alternate connection. The configuration is as follows:
Servent 1 <--> Router1 <--> Internet Connection#01
Servent 02 <---> Router2 <---> Internet Connection#02
Both connections are on separate DSL Line. One of the routers is ZTE brand and the other is of Netgear.
Code for listenning/transmission is as follows:
private void StartSockets()
{
//For testing across internet i use IPAddress obtained via different function
var IPAddress = getMyIpAddress();
this.udpSender = new UdpClient(IpAddress, 4000);
this.udpListener = new UdpClient(4000);
}
private IPAddress getMyIpAddress()
{
IPAddress localIP ;//= AddressAr[0];
localIP = IPAddress.Parse(GetPublicIP());
return localIP;
}
public string GetPublicIP()
{
String direction = "";
WebRequest request = WebRequest.Create("http://checkip.dyndns.org/");
using (WebResponse response = request.GetResponse())
{
using (StreamReader stream = new StreamReader(response.GetResponseStream()))
{
direction = stream.ReadToEnd();
}
}
//Search for the ip in the html
int first = direction.IndexOf("Address: ") + 9;
int last = direction.LastIndexOf("</body>");
direction = direction.Substring(first, last - first);
return direction;
}
Code for receiving response is as follows:
private void ReceiveData()
{
//For testing across internet i use IPAddress obtained via different function
var IPAddress = getMyIpAddress();
IPEndPoint ep = new IPEndPoint(IPAddress, myPort);
try
{
byte[] receiveBytes = this.udpListener.Receive(ref ep);
this.OnReadImage(new ImageEventArgs(this.ByteToImage(receiveBytes)));
}
catch (Exception)
{
}
}
If i test on local network , i use DNSHostname to get ip address (private ip addresses) and video works fine on local network. That does not work over internet so i switch to live Ip Address and thus i use the method of getPublicIpAddress().
I know there is something seriously wrong with my approach? What would be right approach?
Should i switch to TCP Listenner? I intend to have multiple receiver of same video in future. So would that affect?
Can UDP clients cause routers to crash, hang up and restart? How can i avoid that?
Lastly, if were to avoid port-forwarding what would be the best strategy?
Please help.
Thanks
Steve

Resources