Posts Tagged ‘software’
Getting BGP routes into dynamips (with video)
Written by jlgaddis on August 21, 2009 – 5:24 am -UPDATE: If you’re not interesting in doing this yourself and just want to see it in action, check out the video, “Dumping 265k BGP routes into dynamips”. When I went through these steps to document, I ended up with 298,870 prefixes in my dynamips router. When I did it the second time, to record the video, I only ended up with 265,857 prefixes. Not sure why the discrepancy, but at least you can see it works! YMMV!
After I posted “Dynamips, a 7200, and a full BGP table”, a number of you left comments asking how I got the BGP routes into dynamips… the answer is einval’s “bgpsimple”.
“This perl script allows to setup an BGP adjacency with a BGP peer, monitor the messages and updates received from that peer, and to send out updates from a predefined set of NLRIs/attributes. BGP session and message handling is done by Net::BGP.”
0. Pre-requisites
On Ubuntu, at least, you’re going to need to install some packages that likely aren’t already installed. We’re going to need these to be able to build bgpdump in step 2. Fortunately, the following command will install everything you need (well, except for Net::BGP and bgpsimple):
[root@stewie ~]# apt-get install build-essential zlib1g-dev libbz2-dev
1. Install Net::BGP
Before we can even think about doing this, we’re going to need to install the Net::BGP perl modules, most likely from CPAN (your distribution may provide it in a handy installable package, but I wouldn’t count on it). I’m using an Ubuntu 8.04 LTS Server installation — you can use whichever distribution (or BSD) that you like, but this is what I’m using.
Fire up the CPAN shell:
[root@stewie ~]# perl -MCPAN -e shell cpan shell -- CPAN exploration and modules installation (v1.9402) Enter 'h' for help. cpan[1]>
If this is the first time you’ve done this, you’ll have to go through some configuration. That configuration is out of scope of this document. Google it.
Next, install Net::BGP and exit the CPAN shell:
cpan[1]> install Net::BGP CPAN: Storable loaded ok (v2.15) Going to read '/home/jlgaddis/.cpan/Metadata' Database was generated on Thu, 20 Aug 2009 22:27:00 GMT Running install for module 'Net::BGP' Running make for K/KB/KBRINT/Net-BGP-0.13.tar.gz [snip] Appending installation info to /usr/lib/perl/5.8/perllocal.pod KBRINT/Net-BGP-0.13.tar.gz /usr/bin/make install -- OK cpan[2]> exit Lockfile removed. [root@stewie ~]#
2. Install bgpdump
As mentioned in bgpsimple’s README, we’re going to use a RIB dump from a router in the default-free zone. Fortunately, RIPE makes this data available for download. Before we can use it, however, we need to convert it to a format that bgpsimple can use. We’re going to download and compile bgpdump which can do the conversion for us.
[root@stewie ~]# wget http://www.ris.ripe.net/source/libbgpdump-1.4.99.9.tar.gz
--22:00:48-- http://www.ris.ripe.net/source/libbgpdump-1.4.99.9.tar.gz
=> `libbgpdump-1.4.99.9.tar.gz'
Resolving www.ris.ripe.net... 193.0.19.19
Connecting to www.ris.ripe.net|193.0.19.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 82,909 (81K) [application/x-gzip]
100%[=====================================================>] 82,909 130.32K/s
22:00:49 (129.85 KB/s) - `libbgpdump-1.4.99.9.tar.gz' saved [82909/82909]
[root@stewie ~]#
Uncompress the tarball and change to the newly created directory:
[root@stewie ~]# tar zxf libbgpdump-1.4.99.9.tar.gz [root@stewie ~]# cd libbgpdump-1.4.99.9/
Be sure to skim through the README file in this directory.
Now, we can begin to build bgpdump. I don’t need IPv6 support, so I’m going to leave it out.
[root@stewie ~/libbgpdump-1.4.99.9]# ./configure --disable-ipv6 checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes [snip] checking for inet_ntoa... yes checking for inet_ntop... yes checking for IPv6 support... disabled configure: creating ./config.status config.status: creating Makefile config.status: creating bgpdump-config.h [root@stewie ~/libbgpdump-1.4.99.9]#
Once the configure script has completed (successfully!), we can build bgpdump:
[root@stewie ~/libbgpdump-1.4.99.9]# make [snip] [root@stewie ~/libbgpdump-1.4.99.9]# ls -l bgpdump -rwxr-xr-x 1 root root 46540 2009-08-20 22:14 bgpdump
As you see, we end up with a binary named “bgpdump”, which I’m going to copy over to /usr/local/bin. I’m also going to create a directory named “bgp”, where I’ll store the files we’ll be working with:
[root@stewie ~/libbgpdump-1.4.99.9]# cp bgpdump /usr/local/bin [root@stewie ~/libbgpdump-1.4.99.9]# mkdir ../bgp [root@stewie ~/libbgpdump-1.4.99.9]# cd ../bgp
3. Get some route data
Before we can inject any routes into our router, we need some routes to inject! As mentioned, RIPE makes these available to us. Go to the “RIS Raw Data” page, pick a collector, then download a file containing the raw data:
[root@stewie ~/bgp]# wget http://data.ris.ripe.net/rrc16/2009.08/bview.20090820.2359.gz
--22:59:26-- http://data.ris.ripe.net/rrc16/2009.08/bview.20090820.2359.gz
=> `bview.20090820.2359.gz'
Resolving data.ris.ripe.net... 193.0.19.19
Connecting to data.ris.ripe.net|193.0.19.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3,108,638 (3.0M) [application/x-gzip]
100%[=====================================================>] 3,108,638 234.33K/s ETA 00:00
22:59:40 (214.70 KB/s) - `bview.20090820.2359.gz' saved [3108638/3108638]
[root@stewie ~/bgp]#
Now that we have some routing data, we need to get it into a format that bgpsimple can work with. This is where bgpdump comes into play. Copying from bgpsimple’s README:
[root@stewie ~/bgp]# zcat bview.20090820.2359.gz | bgpdump -m - > myroutes [root@stewie ~/bgp]#
4. Download bgpsimple
Download the code for bgpsimple:
[root@stewie ~/bgp]# wget http://bgpsimple.googlecode.com/files/bgp_simple.tgz
--23:11:17-- http://bgpsimple.googlecode.com/files/bgp_simple.tgz
=> `bgp_simple.tgz'
Resolving bgpsimple.googlecode.com... 209.85.225.82
Connecting to bgpsimple.googlecode.com|209.85.225.82|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 9,324 (9.1K) [application/x-gzip]
100%[=====================================================>] 9,324 --.--K/s
23:11:17 (114.18 KB/s) - `bgp_simple.tgz' saved [9324/9324]
[root@stewie ~/bgp]#
Uncompress the tarball:
[root@stewie ~/bgp]# tar zxf bgp_simple.tgz
You should end up with a Perl script named “bgp_simple.pl”:
[root@stewie ~/bgp]# ls -l bgp_simple.pl -rwxr-xr-x 1 jlgaddis jlgaddis 20388 2009-01-07 10:31 bgp_simple.pl
5. Start up your dynamips router
Now it’s time to fire up our virtual 7200 router. Here’s the .net file for dynagen that I used (don’t forget to change the filenames and paths, as appropriate).
Start up dynamips, start up dynagen, connect to the console, and do some initial configuration:
[jlgaddis@stewie ~]$ telnet 192.168.1.109 2000
Trying 192.168.1.109...
Connected to 192.168.1.109.
Escape character is '^]'.
Connected to Dynamips VM "R1" (ID 0, type c7200) - Console port
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
[snip]
Router> enable
Router# configure terminal
Router(config)# no ip domain lookup
Router(config)# no ip http server
Router(config)# hostname c7200
c7200(config)# line con 0
c7200(config-line)# exec-timeout 0 0
c7200(config-line)# logging synchronous
6. Configure dynamips router’s network interface
We need to put an IP address on the router’s fastethernet 2/0 interface, then verify that we can ping the host that we’re going to run bgpsimple on:
c7200(config-line)# interface fastethernet 2/0 c7200(config-if)# ip address 192.168.1.99 255.255.255.0 c7200(config-if)# no shutdown c7200(config-if)# *Aug 20 23:23:26.167: %LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to up *Aug 20 23:23:27.167: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, changed state to up c7200(config-if)# do ping 192.168.1.104 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.104, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/8/12 ms
7. Configure the BGP session on your dynamips router
Next, we need to configure our dynamips router for a BGP session with bgpsimple. You will need to change IP address below (192.168.1.104) to the IP address of the box you are running bgpsimple on:
c7200(config-if)# router bgp 65000 c7200(config-router)# no synchronization c7200(config-router)# no auto-summary c7200(config-router)# neighbor 192.168.1.104 remote-as 65000
8. Test with a limited number of prefixes
Now that our dynamips router is configured for BGP, we’re ready for a quick test with a small number of prefixes (10, for now). Look at the README for what all these command-line options mean (I wrapped this for readability, you don’t have to):
[root@stewie ~/bgp]# ./bgp_simple.pl -myas 65000 -myip 192.168.1.104 \ > -peerip 192.168.1.99 -peeras 65000 -p myroutes -m 10 -n ---------------------------------------- CONFIG SUMMARY -------------------------------------------------- Configured for an iBGP session between me (ASN65000, 192.168.1.104) and peer (ASN65000, 192.168.1.99). Will use prefixes from file myroutes. Maximum number of prefixes to be advertised: 10. Will spoof next hop address to 192.168.1.104. ---------------------------------------------------------------------------------------------------------- Sending full update. [snip]
Looks like that worked, let’s take a look at the BGP table on our dynamips router:
*Aug 20 23:31:49.715: %BGP-5-ADJCHANGE: neighbor 192.168.1.104 Up
c7200# show ip bgp
BGP table version is 31, local router ID is 192.168.1.99
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*>i1.1.1.0/24 192.168.1.104 0 0 25152 6939 3303 8300 i
*>i3.0.0.0 192.168.1.104 0 0 25152 6939 15412 9304 80 i
*>i3.51.92.0/23 192.168.1.104 0 0 25152 23148 7018 ?
*>i4.0.0.0/9 192.168.1.104 0 0 25152 1273 3356 i
*>i4.0.0.0 192.168.1.104 0 0 25152 1273 3356 i
*>i4.21.103.0/24 192.168.1.104 0 0 25152 6939 3549 46133 i
*>i4.23.88.0/24 192.168.1.104 0 0 25152 23148 7018 46164 i
*>i4.23.88.0/23 192.168.1.104 0 0 25152 23148 7018 46164 i
*>i4.23.89.0/24 192.168.1.104 0 0 25152 23148 7018 46164 i
*>i4.23.92.0/22 192.168.1.104 0 0 25152 23148 7018 46164 i
c7200#
And there’s our 10 routes! w00t!
9. Advertise all the routes!
Now that we now we can get an adjacency up and exchange routes, let’s go for the gusto!
Kill bgp_simple.pl (CTRL-C works) and let’s take a quick look at how many routes are in the “myroutes” file.
[root@stewie ~/bgp]# wc -l myroutes 300035 myroutes
In my case, we have just over 300k. Your numbers may vary slightly — and there very well may be duplicate prefixes — depending on which dump you download from RIPE. In order to inject all the routes, we just run bgp_simple.pl as before, but without the “-m 10″ (maximum of 10 prefixes to advertise) option (again, wrapped for readability):
[root@stewie ~/bgp]# ./bgp_simple.pl -myas 65000 -myip 192.168.1.104 \ > -peerip 192.168.1.99 -peeras 65000 -p myroutes -n ---------------------------------------- CONFIG SUMMARY -------------------------------------------------- Configured for an iBGP session between me (ASN65000, 192.168.1.104) and peer (ASN65000, 192.168.1.99). Will use prefixes from file myroutes. Maximum number of prefixes to be advertised: 10. Will spoof next hop address to 192.168.1.104. ---------------------------------------------------------------------------------------------------------- Sending full update. [snip]
And now we just watch the number of prefixes received continually go up on our dynamips router:
c7200# show ip bgp summary | begin Neighbor Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.104 4 65000 98425 21 98413 0 0 00:01:24 98237
c7200# show ip bgp summary | begin Neighbor Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.104 4 65000 141060 23 141069 0 0 00:02:04 140849
c7200# show ip bgp summary | begin Neighbor Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.104 4 65000 238966 25 238975 0 0 00:03:16 238739
We can take a quick look at a few of the prefixes in our BGP table:
c7200# show ip bgp 12.0.0.0/8 longer-prefixes | begin Network Network Next Hop Metric LocPrf Weight Path *>i12.0.0.0/9 192.168.1.104 0 0 25152 23148 7018 i *>i12.0.0.0 192.168.1.104 0 0 25152 23148 7018 i *>i12.0.18.0/24 192.168.1.104 0 0 25152 23148 7018 27585 i *>i12.0.19.0/24 192.168.1.104 0 0 25152 1273 3561 27487 i *>i12.0.28.0/24 192.168.1.104 0 0 25152 1273 4323 30050 i *>i12.0.29.0/24 192.168.1.104 0 0 25152 1273 174 30538 i *>i12.0.33.0/24 192.168.1.104 0 0 25152 1273 174 40544 i *>i12.0.43.0/24 192.168.1.104 0 0 25152 23148 7018 2386 i *>i12.0.48.0/20 192.168.1.104 0 0 25152 1273 174 1742 i *>i12.0.153.0/24 192.168.1.104 0 0 25152 23148 7018 6519 i *>i12.0.170.0/24 192.168.1.104 0 0 25152 23148 7018 22528 i *>i12.0.239.0/24 192.168.1.104 0 0 25152 19151 1239 33628 i [snip]
That’s all there is to it!
10. All your routes are belong to us!
c7200# show ip bgp summary BGP router identifier 192.168.1.99, local AS number 65000 BGP table version is 1038362, main routing table version 1038362 298870 network entries using 34967790 bytes of memory 298870 path entries using 15541240 bytes of memory 51910/51909 BGP path/bestpath attribute entries using 6436840 bytes of memory 47723 BGP AS-PATH entries using 1265376 bytes of memory 1 BGP community entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 58211270 total bytes of memory BGP activity 668359/369489 prefixes, 668359/369489 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.104 4 65000 669061 20 1038362 0 0 00:04:16 298870 c7200#
OPTIONAL: If the BGP connection between bgpsimple and your dynamips router dies due to a hold timer expiring, you can get around this by doing two things:
- Editing bgp_simple.pl. At line 220, I added two lines:
KeepAliveTime => 600,
HoldTime => 1800,
That “section” of code (setting up the peer connection using Net::BGP::Peer) now reads like this:
my $bgp = Net::BGP::Process->new();
my $peer = Net::BGP::Peer->new(
Start => 0,
ThisID => $myip,
ThisAS => $myas,
PeerID => $peerip,
PeerAS => $peeras,
KeepaliveCallback => \&sub_keepalive_callback,
UpdateCallback => \&sub_update_callback,
NotificationCallback => \&sub_notification_callback,
ErrorCallback => \&sub_error_callback,
OpenCallback => \&sub_open_callback,
ResetCallback => \&sub_reset_callback,
KeepAliveTime => 600,
HoldTime => 1800,
);
- Adjusting the BGP timers on the dynamips router, like so:
c7200# configure terminal c7200(config)# router bgp 65000 c7200(config-router)# timers bgp 600 1800 c7200(config-router)# end
We can then see those values reflected here:
c7200# show ip bgp neighbor 192.168.1.104 | in Last Last read 00:00:00, last write 00:00:56, hold time is 1800, keepalive interval is 600 seconds c7200#
Note that it’s probably best to change both sides (bgp_simple.pl and your router’s config), since BGP will use the lowest of the values configured between peers.
Tags: bgp, ccnp, cisco, internet, labs, linux, networking, open-source, osx, software | 6 Comments »
Even quicker packet capture data extraction using Wireshark
Written by jlgaddis on July 13, 2009 – 12:28 am -A couple hours ago, Jeremy Stretch posted an article entitled “Quick and dirty packet capture data extraction” in which he shows how one can extract a JPEG image from a packet capture containing the HTTP stream.
Stretch’s method uses “foremost” to recover the original file which works, but… there’s an even quicker way to do it. Actually, just like with Perl, TMTOWTDI.
I made two videos showing how to extract files from data streams within Wireshark. Instead of embedding them in this post, I’m linking to them instead as they are quite large (resolution wise).
- Video 1: Extracting objects from HTTP streams (shows how to extract the same JPEG from the same capture)
- Video 2: Extracting a PDF from an HTTP stream (shows how to extract a PDF file from a different capture)
Hopefully this will be helpful to some others, it definitely has been to me. Thanks to Jeremy Stretch for the idea, and the guys who taught my SANS Comprehensive Packet Analysis (SEC 556) class for originally showing me how to do it!
Tags: hacking, labs, networking, open-source, security, software, video | 1 Comment »
Fun with hping3
Written by jlgaddis on December 20, 2008 – 1:55 am -I was bored so decided to play with hping3 a bit tonight.
[jlgaddis@bertram:~]$ sudo hping3 --udp -p 10000 --destport 10000 --flood 192.168.1.12 HPING 192.168.1.12 (eth0 192.168.1.12): udp mode set, 28 headers + 1400 data bytes hping in flood mode, no replies will be shown
I have the same thing running 192.168.1.12 as well, for “bi-directional” traffic.
c1811# sh int fa7 | in put\ rate 5 minute input rate 96657000 bits/sec, 8404 packets/sec 5 minute output rate 93537000 bits/sec, 11389 packets/sec
Tags: hacking, labs, linux, networking, open-source, software | No Comments »
HP: “It seems that you have discovered an anomaly.”
Written by jlgaddis on December 19, 2008 – 6:29 pm ------Original Message----- From: PCC-Americas Sent: Friday, December 19, 2008 5:22 PM To: Jeremy L. Gaddis Subject:RE: en-us: Possible bug in K.13.45 (5400zl series)? Dear Jeremy, Thank you for contacting HP ProCurve Networking. It seems that you have discovered an anomaly. We would like to investigate this for you. At your convenience, would you mind collecting the textual output of the command, "show tech all" as issued within the CLI of the switch? Please follow-up the text capture by again issuing the "show ip igmp config" command. We will work with our engineers to reproduce this issue, and identify its root cause. Thank you very much for contacting HP ProCurve Networking Support. We hope to hear form you soon. Sincerely, Linda HP ProCurve Networking
Here’s what I was seeing (serial numbers of my installed GBICs “sanitized”). This was on a HP ProCurve 5406zl:
SWITCH# show ip igmp config
IGMP Service
IGMP Forward with Querier Querier
VLAN ID VLAN Name Enabled High Priority Allowed Interval
------- ------------ -------- -------------- -------- ---------
1 DEFAULT_VLAN No No Yes 125
2 VLAN2 No No Yes 125
14 VLAN14 No No Yes 125
16 VLAN16 No No Yes 125
20 VLAN20 No No Yes 125
30 VLAN30 No No Yes 125
31 VLAN31 No No Yes 125
32 VLAN32 No No Yes 125
36 VLAN36 No No Yes 125
38 VLAN38 No No Yes 125
41 VLAN41 No No Yes 125
42 VLAN42 No No Yes 125
43 VLAN43 No No Yes 125
64 VLAN64 No No Yes 125
GBIC 1 ( Port A1): J4858C XXXX2EK3W9
GBIC 2 ( Port A2): J4858C XXXX2EK3X4
GBIC 3 ( Port A3): J4858C XXXX2EK1Z2
GBIC 4 ( Port A5): J4858C XXXX2EK1RT
GBIC 5 ( Port A7): J4858C XXXX2EK2G4
GBIC 6 ( Port A9): J4858C XXXX2EK3FM
GBIC 7 ( Port A11): J4858C XXXX2EK3WD
GBIC 8 ( Port A13): J4858C XXXX2EK2NF
GBIC 9 ( Port A14): J4858C XXXX2EK4YD
GBIC 10 ( Port A15): J4858C XXXX2EK1HG
GBIC 11 ( Port A16): J4858C XXXX2EK5HA
GBIC 12 ( Port A17): J4858C XXXX2EK2CG
GBIC 13 ( Port A18): J4858C XXXX2EK2GH
GBIC 14 ( Port A20): J4858C XXXX2EK1RP
GBIC 15 ( Port A21): J4859C XXXX0EL04Y
GBIC 16 ( Port A22): J4859C XXXX0EL06W
GBIC 17 ( Port A23): J4859C XXXX4EL053
GBIC 18 ( Port A24): J4859C XXXX4EL02X
78 VLAN78 No No Yes 125
79 VLAN79 No No Yes 125
80 VLAN80 No No Yes 125
94 VLAN94 No No Yes 125
96 VLAN96 No No Yes 125
101 VLAN101 No No Yes 125
110 VLAN110 No No Yes 125
112 VLAN112 No No Yes 125
128 VLAN128 No No Yes 125
172 VLAN172 No No Yes 125
192 VLAN192 No No Yes 125
202 VLAN202 No No Yes 125
4011 VLAN4011 No No Yes 125
4012 VLAN4012 No No Yes 125
4030 VLAN4030 No No Yes 125
4040 VLAN4040 No No Yes 125
4050 VLAN4050 No No Yes 125
4060 VLAN4060 No No Yes 125
4070 VLAN4070 No No Yes 125
Geez, an “anomaly”? Ya think? =)
Tags: hp, networking, software, vendors, work | 1 Comment »
rpmdb: Lock table is out of available locker entries
Written by jlgaddis on December 8, 2008 – 1:04 am -This morning, I received an e-mail from a cronjob on one of my production RHEL 5.2 servers:
From: Cron Daemon To: Jeremy L. Gaddis Cc: Subject: Cron <root@SERVERNAME> run-parts /etc/cron.weekly /etc/cron.weekly/makewhatis.cron: rpmdb: Lock table is out of available locker entries rpmdb: Unknown locker ID: b4a0 error: db4 error(22) from db->close: Invalid argument error: cannot open Pubkeys index using db3 - Cannot allocate memory (12) ...
There were probably a couple hundred errors in that e-mail. In addition, I also received an e-mail from our RHN Satellite Server letting me know that this particular server had failed to check in. Logging in, I saw that, indeed, it had not been checking in with the our satellite.
So, what to do? Google, of course! Fortunately, major over at Racker Hacker encountered this same issue about a year and a half ago and has already provided the fix for us:
[root@SERVERNAME ~]# tar cvzf rpmdb-backup.tar.gz /var/lib/rpm [root@SERVERNAME ~]# rm /var/lib/rpm/__db.00* [root@SERVERNAME ~]# rpm --rebuilddb [root@SERVERNAME ~]# rpm -qa | sort # to make sure everything's okay
I wanted to verify that the cronjob would now successfully execute, so I invoked it manually:
[root@SERVERNAME ~]# sh /etc/cron.weekly/makewhatis.cron [root@SERVERNAME ~]#
Success! It also seemed like a good time to go ahead and install the updates that were missing so I took care of those using yum.
Many thanks to major at Racker Hacker for the fix!
Tags: linux, open-source, software, work | 2 Comments »
