Posts Tagged network management

Quick IP prefix calculation

It’s a quite common task that you need to translate an IP address into a prefix — for example, when creating an IP prefix list from a set of addresses. Here’s a simple Perl script that helps it:

sudo apt-get install libnetaddr-ip-perl
cat >getprefix.pl <<'EOT'
use strict;
use warnings;
use NetAddr::IP;
if( scalar(@ARGV) == 0 ) {
    die("Usage: $0 PREFIX ...");
}
foreach my $pref (@ARGV) {
    my $ip = NetAddr::IP->new($pref) or
        die("Cannot create NetAddr::IP from $pref");
    print $ip->network()->cidr(), "\n";
}
EOT

# testing
cat >/tmp/x <<'EOT'
10.1.1.1/23
192.168.5.3/28
EOT

cat /tmp/x | xargs perl getprefix.pl | awk '{print "set ", $1}'
set  10.1.0.0/23
set  192.168.5.0/28


Advertisements

, ,

Leave a comment

Inspiration projects for next-generation Torrus

It’s not yet clear when I can start working on a new-generation Torrus, but here are some nice software projects which would probably inspire the new design, or probably be part of the new design. I haven’t looked into them in depth though.

  • Bosun is a distributed monitoring system produced by StackExchange. It uses distributed collector agents which write data into OpenTSDB. Bosun and its collector are written in Go, and OpenTSDB is written in Java.
  • InfluxDB is a time-series database written in Go.

and yes, the new project will most probably have its core in Go. But the SNMP discovery engine will most probably remain in Perl because of a big list of supported vendors.

, , ,

Leave a comment

DOCSIS troubleshooting: pinging and sniffing

A customer DOCSIS network had some strange issues with modem and MTA performance, and here are some simple scripts that were used for troubleshooting.

Read the rest of this entry »

, , , ,

Leave a comment

Using Gerty for Cisco config automation

I’m developing the Gerty software since about two years already, and it needs a bit of an effort to publish the final release. Anyway, it’s completely usable and production ready.

Here I placed a new example based on a real-life use case: a few hundred Cisco routers need a context-dependent configuration update.

, , ,

Leave a comment

Tweaking Voyage Linux on PC engines’ ALIX

ALIX is a small-factor, low-power x86 platform designed and sold by PC Engines. I’ve set up one such system with my call-home scripts, and I plan to use it instead of (or alongside) those netbooks: it’s more compact, and it’s cheaper (around $150 for a box).

Voyage Linux is a Debian OS distribution adapted for such small-factor platforms. It mounts the flash drive in read-only mode by default, and also the kernel loads all necessary modules to support the ALIX board.

After setting up Voyage as described in their README, I do the following steps to optimize the setup (after issuing remountrw command):

0. Edit /etc/apt/sources.list and select a nearer mirror, e.g.

deb http://mirror.switch.ch/ftp/mirror/debian/ squeeze main contrib non-free

1. Adapt the DHCP client configuration so that it re-tries faster if DHCP service is unavailable:

# /etc/dhcp/dhclient.conf
# <other options skipped>
timeout 10;
retry 20;

2. Install NTP service. This is important because the board does not have a battery-powered RTC clock.

apt-get update
apt-get install ntp

3. Add a user for myself, add it to sudoers with NOPASSWD: option, and then remove the root password completely.

4. If I want to use X11 forwarding through SSH, there’s one problem: my home directory is by default on a read-only filesystem, and xauth tries to create .Xauthority in my home directory. To avoid that, I do the following:

sudo apt-get install xauth
sudo cat >> /etc/ssh/sshd_config <<EOT
PermitUserEnvironment yes
EOT
sudo service ssh restart
cat >.ssh/environment <<EOT
XAUTHORITY=/tmp/johndoe.Xauthority
EOT

5. Install additional stuff as needed:

sudo apt-get install dump git wireshark

6. Reboot, test, and backup the filesystem by using dump command (don’t use dump compression, as the CPU is rather slow).

, , ,

Leave a comment

Call-home SSH scripts

Sometimes I need to set up quickly some presence in a customer network: to be able to access it remotely, or to run some network management scripts, and so on. Most of such networks are behind NAT or at least a firewall, and incoming connections from outside aren’t always easy.

But outgoing connections from a customer LAN are mostly not a problem at all. So, I bring my own small netbook and place it in the customer LAN. This netbook automatically makes an outgoing SSH connection to my central server (a VPS) and pulls an SSH tunnel so that I can access the netbook from outside.

This is a kind of a backdoor, and it makes sense to make your customer completely aware of what you’re doing.

For such purposes, I have a couple of cheapest 10″ netbooks. I’m using Acer AspireOne and some older eMachines netbooks because they were sold cheaply. Most other netbooks would fit too, but one should be careful about Linux compatibility (especially the video drivers might be a problem). They come with 1GB RAM and 160 or 250 GB hard drives. It’s quite trivial to upgrade them to 2GB RAM, although it’s not really necessary. You must only be careful about buying a new SODIMM with exactly the same clocking as the original one.

The netbooks run standard Ubuntu Linux, with SSH daemon enabled. If the user home directory is encrypted, you won’t be able to login with your public SSH keys, so better not encrypt it.

Read the rest of this entry »

, , , , ,

1 Comment

DENOG3 presentation

I made a presentation at the DENOG3 meeting last week and covered the following Perl-based open-source software products for network management and monitoring:

  1. Torrus, a well-established and mature software for massive SNMP polling and performance monitoring.
  2. Gerty, a new project for network automation. Any tasks on the network devices which need any interaction and automation, are targeted by the tool. The first release is expected soon.
  3. Mooxu, a new project which is currently in its early design phase. The product will provide a platform for distributed network testing and monitoring (eventually it may replace Torrus).

The slideshow PDF is available at the meeting agenda page, and also a video will be available soon.

, , , ,

Leave a comment

Distributed Testing Platform: design concept

Author: Stanislav Sinyagin
Document status: concept draft

UPD: the project name is now Mooxu

Introduction

In many network environments, especially in those of large ISPs or carriers, there’s a need to periodically execute some network tests. For example, an IPTV transport provider would need to make sure that all important multicast streams are available in every part of its edge network. Or a customer support engineer would need to collect byte and packet counters from a particular network port every 5 seconds.

The new software system (Project name: Mooxu) is designed to provide an open-source framework that enables the network operators to build the testing environment for their needs.  Also a number of open-source testing probe modules will be available.

Read the rest of this entry »

, , , , , ,

2 Comments