09 Aug

Arista EOS – BGP remove-private-as

This is a post copied/stolen/updated from Kevin Wang’s wiznote – [EOS] [RFC6996] BGP remove-private-as

Summary:

  1. Feature support starts from 4.19.1F and 4.18.4F
  2. “remove-private-as” works for both 2B/4B AS#. 
  3. Private AS number: 64512-65534(2B), 4200000000-4294967294(4B). convert to asdot notation is 64086.59904.
  4. “neighbor x.x.x.x remove-private-as” only works for those as-path which only have private as number present.
  5. 3. In case you have both public as number and private as number, you need give the keyword “all” to force remove all private as number within the as-path-list. “neighbor x.x.x.x remove-private-as all”
  6. 4. If you want to keep the as-path length, using replace-as. “neighbor x.x.x.x remove-private-as all replace-as”
  7. 5. If the AS_PATH contains the AS number of the eBGP neighbor, BGP does not remove the private AS number.
  8. 6. If the AS_PATH contains confederations, BGP removes the private AS numbers only if they come after the confederation portion of the AS_PATH.
  9. If the eBGP neighbor using private as number which you intend to apply “remove-private-as”, you will get below warning message, but the CLI still able to apply and functionality also works as expected, the reason why we have this warning before it may create potential loop, because on local switch, you remove all private-as number which might be include peer’s ASN, in this case, the loop will happen, so that’s why we put the warning here.
  10. If you configured remote-as on peer-group, and peer inherit that information from peer-group, in this case, remove-private-as on peer will not prompt warning, because that’s inherit information, EOS will not check it.

04 Jul

BGP as-path regular expressions

A regular expression is the character pattern that can be matched against an input string. Regular expressions can be built using letters (A through Z, a through z), numbers (0 through 9) and other keyboard characters, such as the exclamation point (!) or a tilde (~). A regular expression can be a single-character pattern or a multiple-character pattern. Certain keyboard characters such as caret (^) and dollar sign ($) have special meaning and allow complex regular expressions to be built. Characters with special meaning can be used as simple keyboard characters by preceding them with a backslash (\). When a Border Gateway Protocol (BGP) update exits an Autonomous System (AS), the AS path attribute of the route gets updated. The AS number of the AS is prepended to an existing list of AS numbers. BGP can be configured to use regular expressions for route filtering based on the AS path attribute.

Range

A range is a sequence of characters contained within left and right square brackets. For example: [abcd]

Atom

An atom is a single character, such as the following:

. (Matches any single character)

^ (Matches the beginning of the input string)

$ (Matches the end of the input string)

\ (Matches the character)

– (Matches a comma (,), left brace ({), right brace (}), the beginning of the input string, the end of the input string, or a space.

Piece

A piece is an atom followed by one of the following symbols:

* (Matches 0 or more sequences of the atom)

+ (Matches 1 or more sequences of the atom)

? (Matches the atom or the null string)

Branch

A branch is a 0 or more concatenated pieces.

Examples of regular expressions follow:

a* (Any occurrence of the letter “a”, including none)

a+ ( At least one occurrence of the letter “a” should be present)

ab?a (This matches “aa” or “aba”)

_100_ (Via AS100)

_100$ (Origin AS100)

^100 .* (Coming from AS100)

^$ (Originated from this AS)

Refer to Using Regular Expressions in BGP for sample configurations on regular expression filtering

To test in live network using public looking glass server:
https://www.netdigix.com/servers.html

Additional readings:

http://www.quagga.net/docs/docs-multi/AS-Path-Regular-Expression.html

http://www.cisco.com/warp/public/459/26.html

http://www.avici.com/documentation/HTMLDocs/02223-06_revBA/Routing_Pol7.html

28 Apr

How to Run 40GbE Over Duplex LC MMF Cabling

This is a good guide for running 40G on existing MMF fiber.

The use of parallel optics in 40GbE multimode fiber cabling (MMF cabling) require more fiber strands than the 10GbE infrastructures. Thus, data center will require a cabling upgrade to meet the requirement of migration. In this case, cost is a big factor. To help user solve the fiber cost issue, many vendors developed a new transceiver alternative that allow zero-cost fiber migration by reusing the current 10Gbps multimode fiber-optic cabling plant for 40Gbps connectivity. This post will introduce three mainstream transceiver options for running 40GbE over duplex multimode fiber cable with LC connectors.Option 1: Cisco QSFP 40G BiDi Transceiver (QSFP-40G-SR-BD)

The Cisco QSFP BiDi transceiver can transmit full-duplex 40Gbps traffic over one duplex OM3 or OM4 MMF cable with LC connector. It provides the capability to reuse 10Gbps fiber infrastructure, enabling data center operators to upgrade to 40Gbps connectivity without making any changes to the previous 10GbE infrastructures.

The working principle of Cisco QSFP BiDi transceiver is that it uses two 20Gbps channels, each transmitted and received simultaneously over two wavelengths on a single MMF strand, as shown in the following.

QSFP BiDi

Concept of QSFP BiDi transceiver

Cisco QSFP BiDi transceiver can be supported in most Cisco switching and routing products that support 40GbE interfaces. The connection distance can reach up to 100 meters over OM3 MMF or 150 meters over OM4 MMF, which is the same as 40GBASE-SR4 QSFP+.

Note: The other version of Cisco QSFP BiDi transceiver (QSFP-40G-BD-RX) is almost the same with the QSFP-40G-SR-BD, but with link monitor hardware, such as the Cisco Nexus® Data Broker.

Option 2: Juniper 40Gbps QSFP+ LX4 (JNP-QSFP-40G-LX4)

Juniper 40Gbps QSFP+ LX4 module uses the same infrastructure as 10GbE. The LX4 technology represents a new way to deploy 40GbE that meets all of the performance criteria of today’s data centers by providing 40GbE on two MMF strands with duplex LC connectors. Thus, users can simply replace existing 10GbE transceiver modules with 40GbE LX4 modules without expensive 40GbE migration cassettes and additional fiber infrastructure.

As the following picture shown, QSFP+ LX4 transceiver uses four 10Gbps channels, each transmitted and received simultaneously over four wavelengths on a single MMF strand. Similar with the 40GBASE-SR4 modules, it can also support transmission distance up to 100 meters over OM3 MMF or 150 meters over OM4 MMF cable. Juniper 40Gbps QSFP+ LX4 can be supported in many Juniper devices that support 40GbE interface, such as QFX3000 QFabric system, QFX5100 switches, and so on.

qsfp-lx4

Concept of QSFP+ LX4 transceiver

Note: The Juniper 40Gbps QSFP+ LX4 also support to run over single-mode fiber (SMF: OS1) and reach up to 2 kilometers.

Option 3: Arista Networks QSFP-40G-UNIV Transceiver

The Arista networks QSFP-40G-UNIV is a 40GbE QSFP+ transceiver with a duplex LC connector that can be used with both MMF and SMF. Its working principle is similar with the Juniper LX4 mentioned above, having 4 channels of 10G multiplexed inside the module to transmit and receive an aggregate 40Gbps signal over 2 strands of fiber. UNIV is short for the word “universal” because of its ability to operate with both MMF and SMF without the need for any software/hardware changes to the module or any additional hardware in the network. The Arista networks QSFP-40G-UNIV can operates on OM3 or OM4 MMF for distance up to 100 meters or SMF (OS1) for distance up to 500 meters. It is noted that this QSFP module can interoperate with Cisco and other vendors standards based 40GbE LR4 optics.

Credit: http://www.fiber-optic-transceiver-module.com/how-to-run-40gbe-over-duplex-lc-mmf-cabling.html

21 Apr

Monitor TP-Link Smart Plug in check_mk

Objective: to integrate TP-Link Smart Plug into check_mk (for data history and for fun)
Pre-requisite: Check_MK is installed and you have created check_mk site. check_mk installation tutorial will not be covered under this post.

Install software dependencies

apt-get install nodejs npm

Install TP-Link Smart Home API

Switch to OMD site

OMD[home]:~/local/bin$ npm install tplink-smarthome-api

Install TP-Link power monitoring plugin

OMD[home]:~/tmp/wget https://mathias-kettner.com/check_mk-exchange-file.php?&file=tp-link-cmk-1.0.mkp

OMD[home]:~/mkp install /tmp/tp-link-cmk-1.0.mkp

Create monitoring host

Go to WATO > Host & Service Parameters > Datasource Programs

Go to Individual program call instead of agent access

Create new rule. You may insert the rule description and comments as needed (optional). Specify this command under INDIVIDUAL PROGRAM CALL INSTEAD OF AGENT ACCESS.
tp-link-power.js $HOSTNAME$

To be safe during test, you may hardcode explicitly the smart plug ip address.

Create new host, enter hostname and IP address and click “Save & Finish”. Edit again this node and click Parameters on top.

Expand DATASOURCE PROGRAM and select the custom check from here. Click “Individual program call instead of agent access” and make sure the check is here and valid.

Wait for few minutes and check the service graph.

References:

https://github.com/bmachek/tp-link-cmk
https://mathias-kettner.com/check_mk-exchange-file.php?&file=tp-link-cmk-1.0.mkp
https://mathias-kettner.com/download/Marco_Reale_Check_MK_Beginner_guide.pdf
https://www.npmjs.com/package/tplink-smarthome-api
https://mathias-kettner.com/cms_datasource_programs.html

28 Mar

BGP Additional Paths

BGP routers only advertise the best path to their neighbors. When a better path is found, it replaces the current path. Advertising a path and replacing it with a new path is called an implicit withdraw.

Since we only advertise the best path, a lot of other possible paths are unknown to some of the routers. We call this path hiding.

Extra notes on additional path command syntax:

  • neighbor neighbor-id additional-paths send: We use this to configure the router so it sends multiple BGP paths to a neighbor.
  • neighbor neighbor-id additional-paths receive: If you have a neighbor that sends multiple paths, that’s nice but you still have to configure your local router that it wants to receive multiple paths.
  • bgp additional-paths select : you receive a bunch of paths from your neighbor but you can still configure your router which of these paths you actually want to use.
  • bgp additional-paths install: this tells the router to actually install a backup path that you selected with the “bgp additional-paths install” command.
  • neighbor neighbor-id advertise additional-paths: This configures your router which additional-paths you want to advertise to a neighbor. “all” means all additional-paths.

Reference:
https://networklessons.com/bgp/bgp-additional-paths
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional-paths.html