EVE-NG gateway via Cloud0 not reachable    

If a ping to a gateway outside of vmware doesn't work and you're sure that the promiscuous/forged mode in the virtual switch in vSphere is configured correctly, i.e.

router10.0.35.20---Cloud0-EVENG10.0.35.5-----LABSWITCH---LABROUTER(Arista with virtual-router 10.0.35.1)

Router#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.35.19              -   aabb.cc00.3d00  ARPA   Ethernet0/0
Router#ping 10.0.35.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.35.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

ping from router to 10.0.35.1 doesn't work then do a ping towards the real IP 10.0.35.3.

Router#ping 10.0.35.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.35.3, timeout is 2 seconds:
.!!!!

This will populate the ARP table on the router with 10.0.35.1 also for some reaso

Router#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.0.35.1               0   001c.7300.0099  ARPA   Ethernet0/0
Internet  10.0.35.3               0   444c.a869.07dd  ARPA   Ethernet0/0
Internet  10.0.35.19              -   aabb.cc00.3d00  ARPA   Ethernet0/0

and then ping to 10.0.35.1 will work

Router#ping 10.0.35.1 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.35.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 Find public IP from Cisco CLI

checkip.dyndns.org is a simple http page that shows your public IP. If your device does not have DNS-resolution than use their IP 193.122.130.0 instead.

You need to type what is in green

# telnet checkip.dyndns.org 80  

Trying checkip.dyndns.org (193.122.130.0, 80)... Open

GET / HTTP/1.1

Host: checkip.dyndns.org

<hit enter>
<hit enter>

HTTP/1.1 200 OK

Date: Wed, 01 Jun 2022 13:53:04 GMT

Content-Type: text/html

Content-Length: 104

Connection: keep-alive

Cache-Control: no-cache

Pragma: no-cache

<html><head><title>Current IP Check</title></head><body>Current IP Address: 85.7.234.201</body></html>

BGP local-as

 

Here’s what I’ve been able to check in the lab. The “no-prepend” indeed removes the “local-as”-ASN from the bgp-advertisement to another site. So this can be used to make it cleaner. Note that the real 4BASN is never shown at the other site. You will see below that none of the other options (replace-as, dual-as) seem to make a difference.

 

 

Setup:

(172.16.22.0/24)101RS001-----------cedge101------------mpls-------- cedge201--------------------201RS002

                AS65005-----(local-as 5)AS420001111-----------------AS420002222(local-as 5)-----AS64922

 

I kept the ASNs on the switches different just to be able to get the BGP info also on the switches. We can still use the same during the migration in PROD, as they will follow the less specific routes.

 

 

Test 1)

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 550

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

 5 65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:22:23 UTC

  Refresh Epoch 1

  5 65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:22:23 UTC

 

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 104

Paths: (2 available, best #1, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

  5 65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:22:31 UTC

  Refresh Epoch 1

  5 65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:22:31 UTC

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 372

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

  5 420002222 5 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 5 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

102RS001#

 

 

 Test 2) no-prepend

 

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5 no-prepend

 

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 358

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

  65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 11:48:37 UTC

  Refresh Epoch 1

  65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 11:48:37 UTC

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 110

Paths: (2 available, best #1, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

 65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:26:30 UTC

  Refresh Epoch 1

  65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:26:30 UTC

 

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 340

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

 

 Test 3) no-prepend replace-as

 

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5 no-prepend replace-as

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 578

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

  65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:28:00 UTC

  Refresh Epoch 1

  65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:28:00 UTC

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 126

Paths: (2 available, best #2, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

  65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:28:08 UTC

  Refresh Epoch 1

  65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:28:08 UTC

cedge201#

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 396

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

 5 420002222 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

 

 Test 4) no-prepend replace-as dual-as

 

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5 no-prepend replace-as dual-as

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 592

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

  65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:30:30 UTC

  Refresh Epoch 1

  65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:30:30 UTC

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 143

Paths: (2 available, best #2, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

  65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:30:38 UTC

  Refresh Epoch 1

  65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:30:38 UTC

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 420

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

 Urbackup GUI no accessible (loading forever)

Check IPTABLES/FIREWALLD (firewalld uses iptables, so don't change iptables manually)

Allow https via firewalld

 firewall-cmd --permanent --add-service=https

 firewall-cmd --reload

 firewall-cmd --list-all

 windows PC ping icmp not working

Windows Firewall -> Inbound Rules -> allow icmp.

Also, if the interface in Network of Windows is marked as “public” instead of “work", then it makes Windows think it is on a public hotspot and it will not give access remotely even if the windows firewall rules allow it (In “Public”-mode it doesn’t read the “Inbound Rules”…)

 Change the interfaces to “Work” or "Private"

In windows defender:

1. Search for Windows Firewall, and click to open it.
2. Click Advanced Settings on the left.
3. From the left pane of the resulting window, click Inbound Rules.
4. In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In)
5. Right-click each rule and choose Enable Rule
6. change remote "local subnet" to "any"

eve-ng : When a node won't start

 

/var/log/syslog shows:

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 ERR#011Error while connecting local AF_UNIX: No such file or directory /tmp/netio33797/5 (2)

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 ERR#011Cannot listen at AF_UNIX (5). ERR: Cannot open AF_UNIX sockets (2).

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 ERR#011Failed to create AF_UNIX socket file (2).

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 INF#011Caught SIGTERM, killing child.

For some reason the socket in /tmp doesn't exist anymore.

mkdir /tmp/netio33797

python -c "import socket as s; sock = s.socket(s.AF_UNIX); sock.bind('/tmp/netio33797/5')"

chown -R 33797:unl /tmp/netio33797

et voila!

eve-ng network/interface linux issues

 

Sometimes the ip-config of eve-ng itself is deleted (on the linux level)

/var/log/syslog shows:

Jun 18 15:49:13 labusraeveng01 systemd-udevd[104705]: Could not generate persistent MAC address for vun001000000221: No such file or directory

This could be caused by this https://github.com/systemd/systemd/issues/3374. What I did was:
- Add file /etc/systemd/network/99-default.link

- Content:
[Link]
# NamePolicy=kernel database onboard slot path
MACAddressPolicy=none

- Reboot the server

After the reboot:
rm -f /opt/ovf/.configured
su –
and configure networking again.
Check license:
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
In case the license stays invalid, try:
systemctl restart licserver

You could still see in /var/log/syslog other errors:

Jun 18 16:23:33 labusraeveng01 systemd-udevd[66982]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.

(bug in systemd, should be fixed as of systemd v239) but this seems cosmetic