evilrouters.net

Recently, I moved the web site over from shared hosting at 1and1 to a VPS running FreeBSD 8.0 from ARP Networks (@arpnetworks and @bsdvps). They have a special going on right now, for a VPS with 768 MB of memory, 20 GB of disk space, and 200 GB of bandwidth for $20/mo. (that’s cheaper than Slicehost and Linode, who I also looked into), and they support FreeBSD!

I signed up online and within about half an hour, my VPS had been provisioned and I had the details needed to log in. Fortunately for me, it was late at night when I signed up, which is when they generally take care of this stuff (or so I’ve gathered, from hanging around their IRC channel). In a few hours time, I had set up my user accounts, updated the sources, rebuilt the world and a new kernel, configured the firewall and pretty had the “base” of the server the way I wanted it. I slept.

The next day, in short order, I had Apache, PHP5, and MySQL installed and up and running. To move this blog over, I dumped the MySQL database that Wordpress uses, made a backup of the Wordpress files, scp’d them over to the VPS, recreated the database and extracted the backup. After a quick edit of wp-config.php and editing the hosts file on my Windows 7 desktop, I was able to load up the website running off of the VPS. I tested as much as I could and, when I was satisfied everything was working correctly, I changed the A records in DNS, and waited for the change to take effect.

I began tailing Apache’s access.log files and watched, in pretty much real-time, as visitors were slowly directed over the “new” website running on the VPS.

Since that time, eight days or so ago, I haven’t heard of or noticed any issues with the site, so I assume everything is going well. I’ve also done a number of other things with the server, such as configuring log rotation (and per-vhost transfer and error logs, in Apache), replaced sendmail with Postfix and enabled relaying from my home mail server (my e-mail is still hosted on Google Apps and will be, for the foreseeable future), purchased an SSL certificate and enabled SSL on the website (mostly for the administration interface, but feel free to use SSL if you’d like), and enabled a nightly rsync to an off-site host where backups are then made.

The reason for the latter is to reduce the amount of traffic on the VPS. The Wordpress files don’t change very often at all (usually only if I update Wordpress, add or modify plugins or themes, etc.) and the database doesn’t either, so I chose to simply rsync them to an off-site machine. The traffic used for this is around 650 kB currently. I then run a backup on the off-site machine, and the backups are around 55 MB. Doing it this way accomplishes the goal of having a nightly backup (I’m keeping 30 days worth) in a different physical location (indeed, halfway across the United States) as well as minimizing the amount of traffic on the VPS.

So far, I haven’t had a single issue with the VPS, thanks to my superior sysadmin skillz (hah!) and the great job of the guys at ARP Networks. Their servers have RAID 10, redundant power supplies (on separate circuits and UPS), they run their own multi-homed network, support native IPv6 (this may be my next blog-related project), and their equipment is located in the Wilshire Annex facility at 900 N. Alameda, in Los Angeles. If you’re looking for a VPS provider, check ‘em out (and, before you ask, my only relationship with them is as a paying customer).

Reliable hardware and network, and a rock-solid and stable operating system, this is the right way to run your website!

A month or so ago, I decided to replace my trusty, reliable but aging Sun Netra T1 (500 MHz, 1GB, 2×18.2GB RAID1) box running Debian 5.0.3 (Sparc) at home. The box doesn’t really do a whole lot, but does provide the following services:

• DNS (via ISC’s BIND) for the home network,
• Web server (Apache) for a few “internal-only” webapps (cacti, etc.),
• Asterisk (for VoIP services) — configured but hardly used,
• TFTP server for storing my IOS images,
• AAA (via FreeRADIUS) for my home router and switch,
• syslog (via syslog-ng) for my home servers and network devices,
• MySQL for the few webapps that require it,
• “smarthost” (via postfix) for SMTP for the other home servers, and
• running irssi to chat on IRC (Freenode and a private network)

Interesting… I actually forgot it was doing so much until I just reviewed dpkg -l to see what all was installed. =)

There’s a lot running on that box, but since it’s just on my home network it’s not like resource utilization is high or anything. I’m nowhere near taxing the 500 MHz CPU and 1GB of RAM that it has. I was introduced to Linux (Slackware, ugh!) circa 1996 and Debian shortly thereafter. Once I switched to Debian, I rarely run anything else as far as Linux is concerned. The exception is at ${work}, where most of the production Linux boxes I’m responsible for run Red Hat Enterprise Linux. Years ago, I “tried” FreeBSD (4.2, I believe) and fell in love with it. It’s a rock-solid platform and extremely reliable. The amount of work involved in maintaining it (at the time) was a bit of a turn-off, however, especially for someone used to only having to run the occasional apt-get update && apt-get upgrade to ensure his boxes were up-to-date. My home servers are typically old, as I have no need for a powerful (and more expensive) box at home and rebuilding the world on an old server can be an exercise in patience (which I am already short of)!

My two top choices (for a non-Windows server) have long been Debian and FreeBSD, in that order. Anyone who has followed Debian over the years is surely aware of the politics involved in the project and it eventually became too much for me for stand. So when I recently decided to replace the Sun Netra T1 with a (still old, but not quite as much) IBM xSeries x330 server that I had sitting around unused. This box still isn’t a powerhouse, though it is much more powerful than the Netra. I actually have two of the x330’s, both with 2×1.13GHz processors and 2×36GB SCSI HDDs. Both originally (I picked ‘em up on eBay for $40/each) came with 2GB of RAM, but I swapped it around a bit — one has 3GB, the other 1GB. The 3GB one is what I’m running FreeBSD on.

Anyway, a month or so ago when I decided to replace the Netra (I actually have three of them, with various specs) I decided to go back to my old love, FreeBSD. Installing 7.2 was a breeze and I was up and running in no time. While I’ve still yet to get all of the services that the Netra (“bart”) is providing up and running on the x330 (“homer”), I’m probably halfway there. I hope to get the rest of the services moved over in the next week or so or, worst case, over my two weeks of vacation around Christmas. Fast forward to today, when I’m checking up on Facebook and noticed a friend (who manages several FreeBSD boxes at a local ISP) had posted a status update mentioning that he was “upgrading his workstation from FreeBSD 7.2 to FreeBSD 8.” I thought, “FreeBSD 8!?” and headed over to freebsd.org to verify. Somehow, I missed the 8.0-RELEASE announcement (and accompanying press release). Since I wasn’t really doing anything else, I decided to go ahead and upgrade to 8.0-RELEASE.

A utility called freebsd-update was released a while ago (around 6.2, I think — not exactly sure) that made it possible to do binary diff upgrades as opposed to upgrading via sources. Since I’ve always ran FreeBSD on older hardware and, as I mentioned, upgrading can take a long time (to put it mildly), this was great news to me. I’d still prefer to do upgrades via source, but I haven’t done it for years and remember clearly how long it took, so freebsd-update seemed to be a nice easy way to upgrade. It worked out quite well, and saved me many hours of downloading and compiling source code. Downloading doesn’t take very long anymore, but it sure did back when my first FreeBSD boxes were connected over dial-up.

I took the time to record the commands that I used (and the associated) to update my 7.2-RELEASE system to 8.0-RELEASE and the (now) out-of-date ports that I have installed. Like most things I post here, it’s primarily for my own benefit and future reference, but I decided to go ahead and post the details in the event it might be useful to others.

NOTE: The following steps could, potentially, completely and irreversible hose your system. Always make sure to completely back up your system and all data before performing any major upgrades such as these. In addition, I did my upgrade over a serial console (this is a headless box) instead of through an SSH session. Your mileage may vary, offer void where prohibited.

My FreeBSD box, homer, is running 7.2 i386:

[root@homer ~]# uname -rm
7.2-RELEASE-p4 i386

The “tag” for the version that I want to upgrade to is “8.0-RELEASE”. Invoke freebsd-update with the -r option, specifying the tag and the command “upgrade”. freebsd-update will immediately begin doing its job:

[root@homer ~]# freebsd-update -r 8.0-RELEASE upgrade
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 7.2-RELEASE from update5.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 1 metadata files... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/dict world/doc world/games world/info
world/manpages

The following components of FreeBSD do not seem to be installed:
src/base src/bin src/cddl src/contrib src/crypto src/etc src/games
src/gnu src/include src/krb5 src/lib src/libexec src/release src/rescue
src/sbin src/secure src/share src/sys src/tools src/ubin src/usbin
world/catpages world/proflibs

Does this look reasonable (y/n)? y

Fetching metadata signature for 8.0-RELEASE from update5.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 1 metadata patches. done.
Applying metadata patches... done.
Fetching 1 metadata files... done.
Inspecting system... done.
Fetching files from 7.2-RELEASE for merging... done.
Preparing to download files... done.
Fetching 9311 patches.....10....20....30....40....50....60....70....80....

[snip]

....9240....9250....9260....9270....9280....9290....9300....9310 done.
Applying patches... done.
Fetching 771 files... done.
Attempting to automatically merge changes in files... done.

At this point, I was prompted to manually edit and merge changes to my (BIND) named.conf file, due to the extensive changes I had made to the default version. No biggie, a few minutes later and I had it the way I wanted. I was asked to “approve” changes to a number of other files, all of which were simply changes to the header lines, the ones that identify the filename, version, date, time, and author, such as this one (what’re these called anyways?):

# $FreeBSD: src/etc/master.passwd,v 1.40.22.1.2.1 2009/10/25 01:10:29 kensmith Exp $

freebsd-update then continued on with its business, letting me know what it was doing each step of the way:

The following files will be removed as part of updating to 8.0-RELEASE-p1:

[snip]

The following files will be added as part of updating to 8.0-RELEASE-p1:

[snip]

The following files will be updated as part of updating to 8.0-RELEASE-p1:

[snip]

After the freebsd-update upgrade run was done, I was returned to the shell. The next step is to tell freebsd-update to actually install all the files that were updated (they are kept separate from the real files until this is done):

[root@homer ~]# freebsd-update install
Installing updates... 
Kernel updates have been installed.  Please reboot and run
"/usr/sbin/freebsd-update install" again to finish installing updates.

Do what it says and give your machine a good ol’ reboot.

[root@homer ~]# reboot

When the machine boots back up, log back in and invoke the last command again, like you were told:

[root@homer ~]# freebsd-update install
Installing updates...

Completing this upgrade requires removing old shared object files.
Please rebuild all installed 3rd party software (e.g., programs
installed from the ports tree) and then run "/usr/sbin/freebsd-update install"
again to finish installing updates.

At this point, I went ahead and rebooted my server again, just for good measure. It may not be required, but I figured it couldn’t hurt.

[root@homer ~]# reboot

Checking the output of uname again, we can see that the system has been successfully upgraded to 8.0-RELEASE.

[root@homer ~]# uname -rm
8.0-RELEASE i386

Now, we can upgrade our installed software (“Please rebuild all installed 3rd party software …”). I don’t have a lot of software installed at this point (it is a relatively new installation), but I have installed a handful of ports. There are a number of tools that can be used to upgrade them, but I prefer portupgrade. Supplying the “-a” option tells portupgrade to “do with all the installed packages” (in other words, upgrade them all). Let’s fetch and extract the latest copy of the ports collection, then run portupgrade.

[root@homer ~]# portsnap fetch extract
Looking up portsnap.FreeBSD.org mirrors... 2 mirrors found.
Fetching snapshot tag from portsnap1.FreeBSD.org... done.
Fetching snapshot metadata... done.
Updating from Thu Dec  3 18:36:48 EST 2009 to Sat Dec  5 16:53:42 EST 2009.
Fetching 4 metadata patches... done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 104 patches.....10....20....30....40....50....60....70....80....90....100.. done.
Applying patches... done.
Fetching 4 new ports or files... done.

[snip]

Building new INDEX files... done.

[root@homer ~]# portupgrade -a

When that finishes, which may take anywhere from a few minutes to several hours, depending on the speed of your network connection and (more importantly) your CPUs, you’re system should pretty much be up to date.

Now that we’re all done, we need to run freebsd-update install one more time to finish up. I followed it up with a reboot, but, again, I’m not sure if it was necessary.

[root@homer ~]# freebsd-update install
Installing updates... done.
[root@homer ~]# reboot

Enjoy!

UPDATE: If you’re not interesting in doing this yourself and just want to see it in action, check out the video, “Dumping 265k BGP routes into dynamips”. When I went through these steps to document, I ended up with 298,870 prefixes in my dynamips router. When I did it the second time, to record the video, I only ended up with 265,857 prefixes. Not sure why the discrepancy, but at least you can see it works! YMMV!

After I posted “Dynamips, a 7200, and a full BGP table”, a number of you left comments asking how I got the BGP routes into dynamips… the answer is einval’s “bgpsimple”.

“This perl script allows to setup an BGP adjacency with a BGP peer, monitor the messages and updates received from that peer, and to send out updates from a predefined set of NLRIs/attributes. BGP session and message handling is done by Net::BGP.”

0. Pre-requisites

On Ubuntu, at least, you’re going to need to install some packages that likely aren’t already installed. We’re going to need these to be able to build bgpdump in step 2. Fortunately, the following command will install everything you need (well, except for Net::BGP and bgpsimple):

[root@stewie ~]# apt-get install build-essential zlib1g-dev libbz2-dev

1. Install Net::BGP

Before we can even think about doing this, we’re going to need to install the Net::BGP perl modules, most likely from CPAN (your distribution may provide it in a handy installable package, but I wouldn’t count on it). I’m using an Ubuntu 8.04 LTS Server installation — you can use whichever distribution (or BSD) that you like, but this is what I’m using.

Fire up the CPAN shell:

[root@stewie ~]# perl -MCPAN -e shell

cpan shell -- CPAN exploration and modules installation (v1.9402)
Enter 'h' for help.

cpan[1]>

If this is the first time you’ve done this, you’ll have to go through some configuration. That configuration is out of scope of this document. Google it.

Next, install Net::BGP and exit the CPAN shell:

cpan[1]> install Net::BGP
CPAN: Storable loaded ok (v2.15)
Going to read '/home/jlgaddis/.cpan/Metadata'
  Database was generated on Thu, 20 Aug 2009 22:27:00 GMT
Running install for module 'Net::BGP'
Running make for K/KB/KBRINT/Net-BGP-0.13.tar.gz

[snip]

Appending installation info to /usr/lib/perl/5.8/perllocal.pod
  KBRINT/Net-BGP-0.13.tar.gz
  /usr/bin/make install  -- OK

cpan[2]> exit
Lockfile removed.
[root@stewie ~]#

2. Install bgpdump

As mentioned in bgpsimple’s README, we’re going to use a RIB dump from a router in the default-free zone. Fortunately, RIPE makes this data available for download. Before we can use it, however, we need to convert it to a format that bgpsimple can use. We’re going to download and compile bgpdump which can do the conversion for us.

[root@stewie ~]# wget http://www.ris.ripe.net/source/libbgpdump-1.4.99.9.tar.gz
--22:00:48--  http://www.ris.ripe.net/source/libbgpdump-1.4.99.9.tar.gz
           => `libbgpdump-1.4.99.9.tar.gz'
Resolving www.ris.ripe.net... 193.0.19.19
Connecting to www.ris.ripe.net|193.0.19.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 82,909 (81K) [application/x-gzip]

100%[=====================================================>] 82,909       130.32K/s

22:00:49 (129.85 KB/s) - `libbgpdump-1.4.99.9.tar.gz' saved [82909/82909]

[root@stewie ~]#

Uncompress the tarball and change to the newly created directory:

[root@stewie ~]# tar zxf libbgpdump-1.4.99.9.tar.gz
[root@stewie ~]# cd libbgpdump-1.4.99.9/

Be sure to skim through the README file in this directory.

Now, we can begin to build bgpdump. I don’t need IPv6 support, so I’m going to leave it out.

[root@stewie ~/libbgpdump-1.4.99.9]# ./configure --disable-ipv6
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes

[snip]

checking for inet_ntoa... yes
checking for inet_ntop... yes
checking for IPv6 support... disabled
configure: creating ./config.status
config.status: creating Makefile
config.status: creating bgpdump-config.h
[root@stewie ~/libbgpdump-1.4.99.9]#

Once the configure script has completed (successfully!), we can build bgpdump:

[root@stewie ~/libbgpdump-1.4.99.9]# make

[snip]

[root@stewie ~/libbgpdump-1.4.99.9]# ls -l bgpdump
-rwxr-xr-x 1 root root 46540 2009-08-20 22:14 bgpdump

As you see, we end up with a binary named “bgpdump”, which I’m going to copy over to /usr/local/bin. I’m also going to create a directory named “bgp”, where I’ll store the files we’ll be working with:

[root@stewie ~/libbgpdump-1.4.99.9]# cp bgpdump /usr/local/bin
[root@stewie ~/libbgpdump-1.4.99.9]# mkdir ../bgp
[root@stewie ~/libbgpdump-1.4.99.9]# cd ../bgp

3. Get some route data

Before we can inject any routes into our router, we need some routes to inject! As mentioned, RIPE makes these available to us. Go to the “RIS Raw Data” page, pick a collector, then download a file containing the raw data:

[root@stewie ~/bgp]# wget http://data.ris.ripe.net/rrc16/2009.08/bview.20090820.2359.gz
--22:59:26--  http://data.ris.ripe.net/rrc16/2009.08/bview.20090820.2359.gz
           => `bview.20090820.2359.gz'
Resolving data.ris.ripe.net... 193.0.19.19
Connecting to data.ris.ripe.net|193.0.19.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3,108,638 (3.0M) [application/x-gzip]

100%[=====================================================>] 3,108,638    234.33K/s    ETA 00:00

22:59:40 (214.70 KB/s) - `bview.20090820.2359.gz' saved [3108638/3108638]

[root@stewie ~/bgp]#

Now that we have some routing data, we need to get it into a format that bgpsimple can work with. This is where bgpdump comes into play. Copying from bgpsimple’s README:

[root@stewie ~/bgp]# zcat bview.20090820.2359.gz | bgpdump -m - > myroutes
[root@stewie ~/bgp]#

4. Download bgpsimple

Download the code for bgpsimple:

[root@stewie ~/bgp]# wget http://bgpsimple.googlecode.com/files/bgp_simple.tgz
--23:11:17--  http://bgpsimple.googlecode.com/files/bgp_simple.tgz
           => `bgp_simple.tgz'
Resolving bgpsimple.googlecode.com... 209.85.225.82
Connecting to bgpsimple.googlecode.com|209.85.225.82|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9,324 (9.1K) [application/x-gzip]

100%[=====================================================>] 9,324         --.--K/s

23:11:17 (114.18 KB/s) - `bgp_simple.tgz' saved [9324/9324]

[root@stewie ~/bgp]#

Uncompress the tarball:

[root@stewie ~/bgp]# tar zxf bgp_simple.tgz

You should end up with a Perl script named “bgp_simple.pl”:

[root@stewie ~/bgp]# ls -l bgp_simple.pl
-rwxr-xr-x 1 jlgaddis jlgaddis 20388 2009-01-07 10:31 bgp_simple.pl

5. Start up your dynamips router

Now it’s time to fire up our virtual 7200 router. Here’s the .net file for dynagen that I used (don’t forget to change the filenames and paths, as appropriate).

Start up dynamips, start up dynagen, connect to the console, and do some initial configuration:

[jlgaddis@stewie ~]$ telnet 192.168.1.109 2000
Trying 192.168.1.109...
Connected to 192.168.1.109.
Escape character is '^]'.
Connected to Dynamips VM "R1" (ID 0, type c7200) - Console port


              Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

[snip]

Router> enable
Router# configure terminal
Router(config)# no ip domain lookup
Router(config)# no ip http server
Router(config)# hostname c7200
c7200(config)# line con 0
c7200(config-line)# exec-timeout 0 0
c7200(config-line)# logging synchronous

6. Configure dynamips router’s network interface

We need to put an IP address on the router’s fastethernet 2/0 interface, then verify that we can ping the host that we’re going to run bgpsimple on:

c7200(config-line)# interface fastethernet 2/0
c7200(config-if)# ip address 192.168.1.99 255.255.255.0
c7200(config-if)# no shutdown
c7200(config-if)#
*Aug 20 23:23:26.167: %LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to up
*Aug 20 23:23:27.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0,
changed state to up
c7200(config-if)# do ping 192.168.1.104

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.104, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms

7. Configure the BGP session on your dynamips router

Next, we need to configure our dynamips router for a BGP session with bgpsimple. You will need to change IP address below (192.168.1.104) to the IP address of the box you are running bgpsimple on:

c7200(config-if)# router bgp 65000
c7200(config-router)# no synchronization
c7200(config-router)# no auto-summary
c7200(config-router)# neighbor 192.168.1.104 remote-as 65000

8. Test with a limited number of prefixes

Now that our dynamips router is configured for BGP, we’re ready for a quick test with a small number of prefixes (10, for now). Look at the README for what all these command-line options mean (I wrapped this for readability, you don’t have to):

[root@stewie ~/bgp]# ./bgp_simple.pl -myas 65000 -myip 192.168.1.104 \
> -peerip 192.168.1.99 -peeras 65000 -p myroutes -m 10 -n
---------------------------------------- CONFIG SUMMARY --------------------------------------------------
Configured for an iBGP session between me (ASN65000, 192.168.1.104) and peer (ASN65000, 192.168.1.99).
Will use prefixes from file myroutes.
Maximum number of prefixes to be advertised: 10.
Will spoof next hop address to 192.168.1.104.
----------------------------------------------------------------------------------------------------------
Sending full update.

[snip]

Looks like that worked, let’s take a look at the BGP table on our dynamips router:

*Aug 20 23:31:49.715: %BGP-5-ADJCHANGE: neighbor 192.168.1.104 Up
c7200# show ip bgp
BGP table version is 31, local router ID is 192.168.1.99
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>i1.1.1.0/24       192.168.1.104                   0      0 25152 6939 3303 8300 i
*>i3.0.0.0          192.168.1.104                   0      0 25152 6939 15412 9304 80 i
*>i3.51.92.0/23     192.168.1.104                   0      0 25152 23148 7018 ?
*>i4.0.0.0/9        192.168.1.104                   0      0 25152 1273 3356 i
*>i4.0.0.0          192.168.1.104                   0      0 25152 1273 3356 i
*>i4.21.103.0/24    192.168.1.104                   0      0 25152 6939 3549 46133 i
*>i4.23.88.0/24     192.168.1.104                   0      0 25152 23148 7018 46164 i
*>i4.23.88.0/23     192.168.1.104                   0      0 25152 23148 7018 46164 i
*>i4.23.89.0/24     192.168.1.104                   0      0 25152 23148 7018 46164 i
*>i4.23.92.0/22     192.168.1.104                   0      0 25152 23148 7018 46164 i
c7200#

And there’s our 10 routes! w00t!

9. Advertise all the routes!

Now that we now we can get an adjacency up and exchange routes, let’s go for the gusto!

Kill bgp_simple.pl (CTRL-C works) and let’s take a quick look at how many routes are in the “myroutes” file.

[root@stewie ~/bgp]# wc -l myroutes
300035 myroutes

In my case, we have just over 300k. Your numbers may vary slightly — and there very well may be duplicate prefixes — depending on which dump you download from RIPE. In order to inject all the routes, we just run bgp_simple.pl as before, but without the “-m 10″ (maximum of 10 prefixes to advertise) option (again, wrapped for readability):

[root@stewie ~/bgp]# ./bgp_simple.pl -myas 65000 -myip 192.168.1.104 \
> -peerip 192.168.1.99 -peeras 65000 -p myroutes -n
---------------------------------------- CONFIG SUMMARY --------------------------------------------------
Configured for an iBGP session between me (ASN65000, 192.168.1.104) and peer (ASN65000, 192.168.1.99).
Will use prefixes from file myroutes.
Maximum number of prefixes to be advertised: 10.
Will spoof next hop address to 192.168.1.104.
----------------------------------------------------------------------------------------------------------
Sending full update.

[snip]

And now we just watch the number of prefixes received continually go up on our dynamips router:

c7200# show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.1.104   4 65000   98425      21    98413    0    0 00:01:24    98237

c7200# show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.1.104   4 65000  141060      23   141069    0    0 00:02:04   140849

c7200# show ip bgp summary | begin Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.1.104   4 65000  238966      25   238975    0    0 00:03:16   238739

We can take a quick look at a few of the prefixes in our BGP table:

c7200# show ip bgp 12.0.0.0/8 longer-prefixes | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*>i12.0.0.0/9       192.168.1.104                   0      0 25152 23148 7018 i
*>i12.0.0.0         192.168.1.104                   0      0 25152 23148 7018 i
*>i12.0.18.0/24     192.168.1.104                   0      0 25152 23148 7018 27585 i
*>i12.0.19.0/24     192.168.1.104                   0      0 25152 1273 3561 27487 i
*>i12.0.28.0/24     192.168.1.104                   0      0 25152 1273 4323 30050 i
*>i12.0.29.0/24     192.168.1.104                   0      0 25152 1273 174 30538 i
*>i12.0.33.0/24     192.168.1.104                   0      0 25152 1273 174 40544 i
*>i12.0.43.0/24     192.168.1.104                   0      0 25152 23148 7018 2386 i
*>i12.0.48.0/20     192.168.1.104                   0      0 25152 1273 174 1742 i
*>i12.0.153.0/24    192.168.1.104                   0      0 25152 23148 7018 6519 i
*>i12.0.170.0/24    192.168.1.104                   0      0 25152 23148 7018 22528 i
*>i12.0.239.0/24    192.168.1.104                   0      0 25152 19151 1239 33628 i
[snip]

That’s all there is to it!

10. All your routes are belong to us!

c7200# show ip bgp summary
BGP router identifier 192.168.1.99, local AS number 65000
BGP table version is 1038362, main routing table version 1038362
298870 network entries using 34967790 bytes of memory
298870 path entries using 15541240 bytes of memory
51910/51909 BGP path/bestpath attribute entries using 6436840 bytes of memory
47723 BGP AS-PATH entries using 1265376 bytes of memory
1 BGP community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 58211270 total bytes of memory
BGP activity 668359/369489 prefixes, 668359/369489 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.1.104   4 65000  669061      20  1038362    0    0 00:04:16   298870
c7200#

OPTIONAL: If the BGP connection between bgpsimple and your dynamips router dies due to a hold timer expiring, you can get around this by doing two things:

1. Editing bgp_simple.pl. At line 220, I added two lines:

        KeepAliveTime           => 600,
        HoldTime                => 1800,

That “section” of code (setting up the peer connection using Net::BGP::Peer) now reads like this:

my $bgp  = Net::BGP::Process->new();
my $peer = Net::BGP::Peer->new(
        Start                   => 0,
        ThisID                  => $myip,
        ThisAS                  => $myas,
        PeerID                  => $peerip,
        PeerAS                  => $peeras,
        KeepaliveCallback       => \&sub_keepalive_callback,
        UpdateCallback          => \&sub_update_callback,
        NotificationCallback    => \&sub_notification_callback,
        ErrorCallback           => \&sub_error_callback,
        OpenCallback            => \&sub_open_callback,
        ResetCallback           => \&sub_reset_callback,
        KeepAliveTime           => 600,
        HoldTime                => 1800,
);

1. Adjusting the BGP timers on the dynamips router, like so:

c7200# configure terminal
c7200(config)# router bgp 65000
c7200(config-router)# timers bgp 600 1800
c7200(config-router)# end

We can then see those values reflected here:

c7200# show ip bgp neighbor 192.168.1.104 | in Last
  Last read 00:00:00, last write 00:00:56, hold time is 1800, keepalive interval is 600 seconds
c7200#

Note that it’s probably best to change both sides (bgp_simple.pl and your router’s config), since BGP will use the lowest of the values configured between peers.

I’ve been using dynamips on and off for a while now and always knew it was cool as hell, but this just really impressed me:

c7200# show ip bgp summary
BGP router identifier 192.168.1.201, local AS number 65101
BGP table version is 593019, main routing table version 593019
297882 network entries using 34852194 bytes of memory
297882 path entries using 15489864 bytes of memory
56505/56484 BGP path/bestpath attribute entries using 7006620 bytes of memory
51421 BGP AS-PATH entries using 1620448 bytes of memory
1632 BGP community entries using 107766 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 59076892 total bytes of memory
BGP activity 298425/543 prefixes, 298425/543 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.1.81    4 65001  592483     167   593019    0    0 01:19:55   297882

192.168.1.201 is a 7200 running under dynamips, and I just fed it a (nearly) full BGP table.

For the curious, that was the only router I had running under dynamips and the host is a MacBook (10.5.8), with a 2.2GHz Core2Duo and 4GB of RAM.

How fuckin’ cool is that!?

A couple hours ago, Jeremy Stretch posted an article entitled “Quick and dirty packet capture data extraction” in which he shows how one can extract a JPEG image from a packet capture containing the HTTP stream.

Stretch’s method uses “foremost” to recover the original file which works, but… there’s an even quicker way to do it. Actually, just like with Perl, TMTOWTDI.

I made two videos showing how to extract files from data streams within Wireshark. Instead of embedding them in this post, I’m linking to them instead as they are quite large (resolution wise).

• Video 1: Extracting objects from HTTP streams (shows how to extract the same JPEG from the same capture)
• Video 2: Extracting a PDF from an HTTP stream (shows how to extract a PDF file from a different capture)

Hopefully this will be helpful to some others, it definitely has been to me. Thanks to Jeremy Stretch for the idea, and the guys who taught my SANS Comprehensive Packet Analysis (SEC 556) class for originally showing me how to do it!