Friday, 1 June 2018

DHCP/ BOOTP


Given in RFC2131

First when device connects to a network, it sends Discover message. It is sent as a Broadcast. It uses Bootstrap Protocol which uses UDP. The ports are always fixed to 68 and 67 respectively for client and server.

SRC: 0.0.0.0 DST: 255.255.255.255

The DHCP servers on the n/w replies with Offers. It is also a broadcast since device doesn’t have IP address. Whichever server replies first, then, other servers will not reply (race condition).

After this, it sends a Request to one DHCP server and it is sent as a broadcast even though it knows the destination IP so that other DHCP servers can know that it chose a different DHCP server and thus, can free the IP.

Now, the server first pings the IP address that it is going to allocate so that it can be sure that the IP has not been assigned statically.If address is used, server sends NAC and the client should DORA again. If no ping reply, only then, it sends an Acknowledgement with an IP address for the client. Thus, client gets its own IP address.

Note that now even other DHCP servers will send an ACK to our IP to tell that we are okay to use it. It will be unicast since we got our IP address.

After getting the IP address, the host sends an ARP for the assigned IP (it is gratuitous ARP since it does ARP for its own IP address. Here, it uses the source IP as 0.0.0.0). If it gets a reply, then, it sends a DHCP Declined to the server since another device already has the same IP address. (It is not done by the DHCP server since the DHCP server can be on different subnet also, hence it is done by the client.)

Note: that both the client and server will use the same Transaction ID.


After the lease time is expired, client sends a DHCP Renew message to DHCP server. The server sends back a ACK and client can keep the IP address for another 90 days.


The DHCP ACK will have details like Lease Time, DNS Server IP address, Subnet Mask, etc…


DHCP RELAY:


We know that DHCP request is sent as broadcast, but it cannot cross routers and vlans. Here, we have to place a dhcp server for each subnet and vlan which is not scalable. Thus, we use DHCP relay.

Tuesday, 29 May 2018

SVI (Switch Virtual Interface)


  • It is used for Inter-Vlan routing
  • Using SVI, without using a router, we can route packets to different networks and vlans

  • Traditionally, switches send traffic only to hosts within the same broadcast domain (Single VLAN) and routers handled traffic between different broadcast domains (Different VLANs). This meant that network devices in different broadcast domains could not communicate without a router.
  • With SVIs the switch will use virtual Layer 3 interface to route traffic to other Layer 3 interface thus eliminating the need for a physical router.
  • VLANs reduce the load on a network by dividing a LAN into smaller segments and keeping local traffic within a VLAN. However, because each VLAN has its own domain, a mechanism is needed for VLANs to pass data to other VLANs without passing the data through a router.
  • The solution is to use switched virtual interface – SVI.


Monday, 28 May 2018

Switching and Mac Address Format


  • MAC address helps to uniquely identify a device.
  • The first 24 bits are called as OUI and is given to a manufacturer. Assigned by IANA
  • Arista uses the OUIs: 001C, 444C,... 
  • Type tells protocol at higher layer. Eg: For IPv4 it is 0x0800
  • The CRC (FCS) helps to know if the frame is corrupted or not
  • DLL does only error detection, TL does error correction
  • Format of ethernet header: Dest MAC (6 bytes) , Source MAC (6 bytes) and Type (2 bytes) :total 14 bytes
    • Preamble: it is just signaling
    • Start of Frame Delimiter (SFD)- shows end of preamble and start of ethernet frame
    • ---others----
    • IFG- Inter Frame Gap: Ethernet devices must allow a minimum idle period between transmission of Ethernet packets known as the interpacket gap (IPG), interframe spacing, or interframe gap (IFG). A brief recovery time between packets allows devices to prepare for reception of the next packet.
  • Using SFD and IFG, we know where frame starts and ends
  • Administrative Scope MAC Address- Do your research :D 
  • Nowadays, collision doesn’t happen because hubs are half duplex and we don’t use hubs nowadays. Switches, even if we use half duplex, avoids collision since it breaks the collision domain
  • CSMA/ CD:
    • Carrier Sense Multiple Access/Collision Detect (CSMA/CD) is the protocol for carrier transmission access in Ethernet networks. 
    • On Ethernet, any device can try to send a frame at any time. Each device senses whether the line is idle and therefore available to be used. 
    • If it is, the device begins to transmit its first frame. If another device has tried to send at the same time, a collision is said to occur and the frames are discarded. 
    • Each device then waits a random amount of time and retries until successful in getting its transmission sent.
  • An ethernet bridge is a device that connects one LAN to another. In other words, it connects one hub to another
  • 3 ways to connect:
    • Console- used as default way of connecting. It is used as Out of Band connectivity
    • Management- by default, no ip. To assign IP, we need management port. It is In Band connectivity
    • SVI(Switch Virtual Interface) - configuring a logical router (virtual). For Layer-3 switches, used for VLANs. By default, all ports will be in the SVI-1 interface. If we use switch#no switchport then the ports will get disconnected as it is no longer a switch port for the VLANs
  • EtherType Field:
    • If the size of the field is greater than 1500 bytes, then it represents 
        • Type .ie. It is used to indicate which protocol is encapsulated in the payload of the frame.
        • If the size of field is lesser or equal to 1500 bytes, then it is Length
      • If it is less than 1500 bytes, then, to tell about the Type, we use SNAP after the ethertype field
      • SNAP: 
        • Sub Network Access Protocol
        • It is an extension of the LLC to describe more higher layer protocols:
        • Thus, if the ethertype field is less than 1500 bytes, then, the format of L2 becomes:
      • VLAN:
        • On trunk port, we can send multiple vlan and we need vlan tag. (Some servers can send vlan tags, so their ports can be made trunk port --OR-- we can connect two switches using trunk ports since we need to send data related to all vlans). If untagged packet comes to trunk port, then, it will send to native vlan
        • On access port, we can access only one vlan and no need vlan tags. (Our laptops can connect only via this since it cannot send vlan tags .ie. it is not vlan-aware)
        • Switches have the concept called native vlan. All packets that are not tagged will be sent to the native vlan. By default, all devices will be in native vlan. Traffic on native vlan will not be tagged. We can make a vlan on a trunked port as native by using:
      • #conf
      • (conf)#int et 1
      • (conf-if)#switchport trunk native vlan <vlan-id>
      • Switches always have VLAN 1 as the default VLAN, which is needed for many protocol communication between switches like spanning-tree protocol for instance.You can't change or even delete the default VLAN, it is mandatory.
      • The native VLAN is the only VLAN which is not tagged in a trunk, in other words, native VLAN frames are transmitted unchanged.Per default the native VLAN is VLAN 1 but you can change that using (conf-if)#switchport trunk native vlan <vlan-id>. Even then, the default vlan will be vlan 1.

      • RULES FOR ACCEPTING PACKETS ON TRUNK AND ACCESS PORTS:
        • Trunk- accepts if the tagged packet belongs to allowed vlans (OR) puts the untagged packets on native vlan.
        • Access- accepts all untagged packets. If tagged packet, it accepts only those that belong to same vlan.

Sunday, 27 May 2018

Linux Fundamentals for Networking- Part 3

1) Diff b/w foreground and background process? How to bring to foreground?
  • Unlike with a foreground process, the shell does not have to wait for a background process to end before it can run more processes. 
  • To run a command as a background process, type the command and add a space and an ampersand to the end of the command. For example:    $ command1 &
  • Here, While that is running in the background, the shell prompt will return. 
  • To start a foreground process, enter a command at the prompt, e.g.,    $ command1
  • Here, the next prompt will not appear until command1 finishes running.
  • To bring background process to foreground, type $fg to bring the last process back to foreground. 
  • To get a list of all the background jobs, use $jobs -l and then see our needed process job number and type $fg %<job no>
2) Can we pass input to background process?
  • Depends on the type of input 
  • If you want to type the input, then you will have to put it back in the foreground to type your input, then put it into the background again. 
3) Process system calls?


  • Exit- terminate the current process 
  • Fork- create a child process 
  • Waitpid (OR) Wait4- wait for process termination 
  • Getpid- get process identification 
  • Ptrace- allows a parent process to control the execution of a child process 
  • Pause- suspend process until signal 
  • Nice- change process priority 
  • Kill- send signal to process 
  • Pipe- create an interprocess channel 
  • Times- get process times 
  • Brk- change the amount of space allocated for the calling process's data segment 
  • Setpgid- set process group ID 
  • Getpgid- get process group ID 
  • Sys_getsid- get process group ID of session leader 
  • Getppid- get parent process ID 
  • Setsid- creates a session and sets the process group ID 
  • Idle- make process 0 idle 
  • Personality- set the process execution domain 
  • Clone- create a child process 
  • Mlockall- disable paging for calling process 
  • Munlockall- reenable paging for calling process 
  • Prctl- operations on a process 
  • Capget- get process capabilities 
  • Capset- set process capabilities 
  • Vfork- create a child process and block parent 
4) Command to see list of sizes of files?  (similar to df -h for directory)
  • Use $ls -s to list file size, or if you prefer $ls -sh for human readable sizes.
  • For files use du, and again, $du -h * for human readable sizes. (du = disk usage of files and directories)
-a
All files  and folder
-h
Human readable sizes


5) Commands to compress- the tar and zip command flavours?

Compressing Files: 
  • gzip {filename} - Eg) gzip mydata.doc (OR) gzip *.jpg 
  • bzip2 {filename} 
  • zip {filenameofzip.zip} {filename-to-compress} 
  • tar -cfzv {filenameoftgz.tgz} {files} (OR)
  • tar -cfzv {filenameoftgz2.tbz2} {files} 
Decompressing Files: 
  • gzip -d {.gz file} (OR) gunzip {.gz file} 
  • bzip2 -d {.bz2-file} (OR) bunzip2 {.bz2-file} 
  • unzip {.zip file} 
  • tar -xfzv {.tgz-file}  (OR)
  • tar -xfzv {.tbz2-file}
6) FIND command- options and arguments?
  • Basic Syntax:
  • $find / -name filenametofind
    • The first part of the find command is obviously the word find. 
    • The second part is where to start searching from. Example: ~, /, /dev, etc...
    • The next part is an expression which determines what to find. Example: -empty (finds empty files and folders),  -executable (find all executable files), -readable (find all readable files), -name (search for all files with the specified name), -atime (find Files Accessed More Than A Certain Number Of Day Ago)
    • Finally the last part is the name of the thing to find. Example: 
      • $find / -name *.mp3 (pattern searching for all files with the extension mp3)
      • $find / -readable
      • $find / -executable
      • $find / -empty
      • $find ~ -atime 100 (find all the files within your home folder accessed more than 100 days ago)
    • More options on: https://www.lifewire.com/uses-of-linux-command-find-2201100
    • To see only the directories in / with name apple, $find / -type d -name apple
    • To see only the files in / with name apple, $find / -type f -name apple
7) Diff Command:
  • Compare 2 files 
  • $diff file1 file2
  • we can use diff to automatically display for us which lines differ between the two files
8) Environmental variables and commands 
    • Linux environment variable is an object that contains value. In simple terms it is a pair of data object and their respective values.
    • $printenv or $env command can be use to list linux environment variables.
    • Various environment variables are:
      • $echo $PATH where PATH is an environment variable name and echo is just to print
      • $TEMP – location where processes can store temporary files
      • $HOME - indicate where a user's home directory is located in the file system.
      • $PWD- show present working directory
      • $SHELL contains the path to the user's preferred shell
      • $TERM contains the type of the running terminal, e.g. xterm-256color.
      • $VISUAL contains command to run the full-fledged editor that is used for more demanding tasks, such as editing mail (e.g., vi, vim, emacs etc).
    • To add or define our own environment variables:
      • $vi ~/.bash_profile (open bash profile)
      • PATH= $PATH: $HOME/bin: /home/user1/custom_script (add our directory /home/user1/custom_script in PATH variable)
9) All vi options:

Linux Fundamentals for Networking- Part 2

SORT:
    • The Linux sort command can be used to sort the contents of a file in a number of ways. By default, the Linux sort command sorts the contents in alphabetical order depending on the first letter in each line. For example, the $sort /etc/passwd command would sort all users by username.
    • Important options of the sort are
-b (Ignores spaces at beginning of the line)
-d (Uses dictionary sort order and ignores the punctuation)
-f (Ignores caps)
-i (Ignores nonprinting control characters)
-m (Merges two or more input files into one sorted output)
-r (Sorts in reverse order)
-u (If line is duplicated only display once)
$ps | sort -k 3
  • Sorts the list of process in order of the 3rd column
$ cat text1.log text2.log | sort -k 1
  • Sorts the cat of two files on the first letter of each line

WC:
    • The Linux wc (word count) command, can return the number of lines, words, and characters in a file. Important options of the Linux wc command are
-c (Print the byte counts)
-m (Print the byte counts)
-l (Print the new line counts)
-w (Print the word counts)

More and Less Command:
  • The “more” command is used to view text output of commands or files one page at a time. When the user is ready for the next block of text, they press the space bar.
  • Less extends the functionality of more by adding forward and backwards movement, the ability to search multiple files, view gzipped files without uncompressing them first, set marks for navigation and can invoke an editor when viewing files.

Head and Tail Command:
  • tail prints the last 10 lines of each FILE to standard output.: tail myfile.txt
    • To print last 100 lines, we can use tail myfile.txt -n 100
  • head, by default, prints the first 10 lines of each FILE to standard output.

Help for Linux Commands:
  • Man: If you don’t know the exact command name for a specific functionality, use man -k option to locate the command.
$ man UNIXCOMMAND
  • Whatis: To display a single line description about the command, you can use whatis command.
$ whatis cron
  • cron (8)         - daemon to execute scheduled commands (Vixie Cron)
  • Use -h or –help option of the command itself: Sometimes you may know the functionality of a command very well, but cannot recollect all the available options for a specific command. Use -h option of the command to review all available options of the command.
$ UNIXCOMMAND -h
  • Info: When you are not able to find the required information from the Unix man page, try the info documents using the Unix info command as shown below.
$ info UNIXCOMMAND

Different Ways to see the running processes:
Ps
Top
  • Works like PS only
  • But, it is Real-time
  • Lists out CPU percentage usage also- so we can check whether our foreground process is only taking more memory
Memory Leak:
At the end of activity, application must release the memory
But, if the releasing doesn’t happen correctly, then, memory accumulation happens over a long time which results in a leak.
Due to this, memory starvation happens for other process

To see memory, 
show version (EOS command to show RAM memory)
Go to bash and then $df  or $df -h(df=diskspace for filesystem. Used to see flash and also all other filesystem mounts)

To see the agent logs, 
Go to bash and then $/var/log/agents and then $ls
It shows the log for currently running process

To see system logs,
Go to $/var/log/messages


OTHER COMMANDS:
System Crash dump is mounted in /var/core . It is a complete mirror image of system.
If any agent log becomes very large, we compress it using tar, gz, zip, etc

If we want to get more space, we clear varcore and other logs

To search for files, we use find command (it is important). For example, we can use find to find the debug.log file. 

$History command is used to see what we have executed on the shell (everyone’s session commands also shown as it is linux). It is linux command but it is also present in EOS CLI (due to linux integration) as #show history. It lists only of our current session, not everyone.

Environment Variables - The binaries are stored at a specific location and whenever a process asks for the file, it tells to look at the specific location using environment variables. To see all env variables, use $printenv
  • $echo $PATH where PATH is an environment variable name and echo is just to print
  • $TEMP – location where processes can store temporary files
  • $HOME - indicate where a user's home directory is located in the file system.
  • $PWD- show present working directory
  • $SHELL contains the path to the user's preferred shell
  • $TERM contains the type of the running terminal, e.g. xterm-256color.
  • $VISUAL contains command to run the full-fledged editor that is used for more demanding tasks, such as editing mail (e.g., vi, vim, emacs etc).
  • https://wiki.archlinux.org/index.php/environment_variables

BASHRC file:
  • Located in user’s home directory
  • .bashrc is a shell script that Bash runs whenever it is started interactively. 
  • You can edit it to set our environment variables
  • For example, we can set aliases in .bashrc for very long commands. It works only for us.
  • Note that alias works in EOS also and here it works for everyone

Installing Packages:
  • Fedora uses YUM Package Manager
  • Here, the package is RPM format
  • Inside Linux, everything is managed as a file including processes, devices, drivers, folders, etc…So, we can vi anything
  • Install using the command in bash: $rpm -i <package>.rpm

Background and Foreground Process:
  • Unlike with a foreground process, the shell does not have to wait for a background process to end before it can run more processes.
  • To run a command as a background process, type the command and add a space and an ampersand to the end of the command. For example:
$ command1 &
Here, While that is running in the background, the shell prompt will return.
  • To start a foreground process, enter a command at the prompt, e.g.,
$ command1
Here, the next prompt will not appear until command1 finishes running.
We can see routing tables in Linux using route or netstat -rn. It is called as Kernel Route Table and the routes are called bash routes
EOS maintains its own route tables.
Loopback Address:
  • IPC mechanisms like sockets and pipes use this
  • Used by developers to test their applications. For example, two applications on same machine can open a socket to loopback address and read data b/w them.
  • Testing the IP stack
  • Inside EOS, loopback address is a unique identifier for each switch
Currently, we have 550k routes on the internet
Tcpdump:
  • It is used to capture packets. (It can be used even from EOS and the command varies slightly)
  • For single interface, $tcpdump -i et 1/1
  • To write the output to a file, $tcpdump -i ma 1 -w /mnt/flash/filename.pcap
  • To see the capture for all interfaces, $sudo tcpdump
  • To listen to the traffic before it even goes to the CPU, $tcpdump -i fabric. Used for seeing vlan tagging.
To copy a file from linux to laptop.
  • $scp filename.pcap admin@switch1:/users/admin/Desktop
  • Note that the ‘:’ after ip address is compulsory in linux and not needed in EOS
To copy a file from laptop to linux,
  • $scp admin@my-laptop:/Users/admin/Desktop/filename.pcap .
  • The ‘.’ as the destination means it will copy the file to the current directory in linux
Accessing switch using ftp instead of ssh and copy the file to laptop:
  • admin$sftp root@switch1
sftp> ls
sftp> get filename.pcap
sftp> exit
admin$ ls | grep filename.pcap
  • The file will be there in our computer .ie. we transfered the file from switch to laptop using ftp
To connect to a local switch instead of remote switch, 
  • We first configure our ip address manually to the same subnet as the switch
192.168.1.2 and 255.255.255.0 where the ‘*.*.*.2’ is the port number on the switch
  • Then, we $ssh admin@192.168.1.100 using your password. Ie. we connect to the management port of the switch