Wednesday, 1 August 2018

Linux Networking Utilities for Arista EOS- Part 2

Linux Networking Utilities for Arista EOS 

LINUX NETWORKING UTILITIES:

.

ip netns: (Linux Namespaces or VRF)

  • A network namespace is logically another copy of the network stack, with its own routes, firewall rules, and network devices.
  • By default a process inherits its network namespace from its parent. Initially all the processes share the same default network namespace from the init process.
  • NOTE: If a VRF was created in EOS, then, in order to access then via Linux; append ‘ns-’ to the VRF name.
  • NOTE: If a namespace was created in Linux, then, it won’t show up in EOS.
  • So, always create a VRF in EOS and use it in Linux by appending ‘ns-’ to the VRF name
  • 1. ip netns list - show all of the named network namespaces
  • This command displays all of the network namespaces in /var/run/netns
  • Note that the VRF named ‘tmod’ when viewed in Linux has the name ‘ns-tmod’

[admin@ck338 ~]$ ip netns list

ns-newvrf

ns-tmod

ns-trident

ns-arad

default

  • 2. ip netns add NAME - create a new named network namespace
  • If NAME is available in /var/run/netns/ this command creates a new network namespace and assigns NAME.

[admin@ck338 ~]$ sudo ip netns add testvrf

[admin@ck338 ~]$ ip netns list

testvrf

ns-newvrf

ns-tmod

ns-trident

ns-arad

default

  • 3. ip [-all] netns delete [ NAME ] - delete the name of a network namespace(s)
  • If NAME is present in /var/run/netns it is umounted and the mount point is removed.
  • If -all option was specified then all the network namespace names will be removed.

[admin@ck338 ~]$ sudo ip netns delete testvrf

  • 4. Assigning Interfaces to network namespace (VRF)
  • Bring up the loopback interface in the vpn network namespace.
  • [IMP] 5. Accessing interface in another VRF or namespace via Linux:
  • ip [-all] netns exec [ NAME ] [cmd]
  • If we want to run a command on any VRF, then, use this command. For example, if you want to do tcpdump via Linux on an interface in another VRF
  • If -all option was specified then cmd will be executed synchronously on the each named network namespace even if cmd fails on some of them.
  • ip netns exec ns-tmod ip addr list will show only the related interfaces and addresses, and will not show any interfaces or addresses from the global namespace.

[admin@ck338 ~]$ sudo ip netns exec ns-tmod ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default

    link/ipip 0.0.0.0 brd 0.0.0.0

[admin@ck338 ~]$

  • Another useful command that this can be used with is for tcpdump and piping it to Wireshark:
  • The below command does packet capture on interface Vlan10 (which is in VRF dhcpvrf) only on port 67 and port 68 (since dhcp control messages use these ports)
  • ip netns exec ns-dhcpvrf tcpdump -i vlan10 port 67 or port 68
  • Now, in order to view the tcpdump on Wireshark:

ssh root@mc327 "ip netns exec ns-dhcpvrf tcpdump -i vlan10 port 67 or port 68 " | wireshark -k -i -

Tcpdump:

The various flags that can be used with tcpdump are:

  • -i <interface>
  • # tcpdump -i eth0
  • -i any
  • Listen on all interfaces just to see if you’re seeing any traffic.
  • # tcpdump -i any
  • -c <count> -i <interface>
  • Used to capture a specified number of packets
  • # tcpdump -c 5 -i eth0
  • -D
  • Used to display all available iinterfaces for tcpdump
  • # tcpdump -D
  • -e [useful]
  • To get ethernet header as well
  • Should be used if filtering packets based on L2 headers or for L2-only packets
  • -w [useful]
  • Used to capture and save packets in a pcap file
  • # tcpdump -w 0001.pcap -i eth0
  • -r
  • Used to read captured packets file
  • # tcpdump -r 0001.pcap
  • -n
  • Usually when we do tcpdump, the IP address is replaced with the DNS address
  • In order to get the IP address, use -n flag. It will ignore the hostname and print out IP address itself
  • # tcpdump -n -i eth0
  • [useful] To filter packets based on type of packet:
  • To capture packets based on TCP port, run the following command with option tcp.
  • # tcpdump -i eth0 tcp
  • Similarly, replace tcp with icmp to check for ping packets only
  • Similarly, replace with ether for checking only LLDP or LACP packets. You can increase further filtering by adding destination address so that only LLDP or LACP packets destined to me shows up:
  • tcpdump -nevvvi et1 ether dst host 01:80:c2:00:00:0e
  • The -n -e -vvv -i flags are used in above to get advanced tuning
  • dst host is used to filter based on destination mac address
  • Other types that can be used are: fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp
  • [useful] To capture based on port, src ip, dst ip:
  • Similarly, for packets on particular port: # tcpdump -i eth0 port 22
  • Similarly, for packets from particular source IP: # tcpdump -i eth0 src 192.168.0.2
  • Similarly, for packets from a particular destination IP: # tcpdump -i eth0 dst 50.116.66.139
  • [useful] -v, -vv, -vvv:
  • To select amount of packet information in verbose mode

resolv.conf:

  • resolv.conf is the name of a computer file used in various operating systems to configure the system's Domain Name System (DNS) resolver.
  • The file is a plain-text file usually created by the network administrator or by applications that manage the configuration tasks of the system.
  • The file resolv.conf typically contains directives that specify the default search domains; used for completing a given query name to a fully qualified domain name when no domain suffix is supplied. It also contains a list of IP addresses of nameservers available for resolution. An example file is:

search example.com local.lan
nameserver 127.0.0.1
nameserver 172.16.1.254
nameserver 172.16.2.254
nameserver 192.168.137.
2

  • resolv.conf is usually located in the /etc directory of the file system.
  • The file is either maintained manually, or when DHCP is used, it is usually updated with the utility resolvconf.

No comments:

Post a Comment