BGP local-as

 

Here’s what I’ve been able to check in the lab. The “no-prepend” indeed removes the “local-as”-ASN from the bgp-advertisement to another site. So this can be used to make it cleaner. Note that the real 4BASN is never shown at the other site. You will see below that none of the other options (replace-as, dual-as) seem to make a difference.

 

 

Setup:

(172.16.22.0/24)101RS001-----------cedge101------------mpls-------- cedge201--------------------201RS002

                AS65005-----(local-as 5)AS420001111-----------------AS420002222(local-as 5)-----AS64922

 

I kept the ASNs on the switches different just to be able to get the BGP info also on the switches. We can still use the same during the migration in PROD, as they will follow the less specific routes.

 

 

Test 1)

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 550

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

 5 65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:22:23 UTC

  Refresh Epoch 1

  5 65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:22:23 UTC

 

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 104

Paths: (2 available, best #1, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

  5 65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:22:31 UTC

  Refresh Epoch 1

  5 65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:22:31 UTC

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 372

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

  5 420002222 5 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 5 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

102RS001#

 

 

 Test 2) no-prepend

 

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5 no-prepend

 

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 358

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

  65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 11:48:37 UTC

  Refresh Epoch 1

  65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 11:48:37 UTC

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 110

Paths: (2 available, best #1, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

 65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:26:30 UTC

  Refresh Epoch 1

  65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:26:30 UTC

 

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 340

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

 

 Test 3) no-prepend replace-as

 

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5 no-prepend replace-as

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 578

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

  65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:28:00 UTC

  Refresh Epoch 1

  65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:28:00 UTC

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 126

Paths: (2 available, best #2, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

  65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:28:08 UTC

  Refresh Epoch 1

  65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:28:08 UTC

cedge201#

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 396

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

 5 420002222 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

 

 Test 4) no-prepend replace-as dual-as

 

Cedge101#

router bgp 420001111

  neighbor 172.16.20.1 local-as 5 no-prepend replace-as dual-as

Cedge201#

router bgp 420001111

neighbor 172.16.30.6 local-as 5

 

cedge101#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 592

Paths: (2 available, best #1, table 1)

  Not advertised to any peer

  Refresh Epoch 1

  65005

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external, best

      Community: 101:65005

      Extended Community: RT:420001111:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:30:30 UTC

  Refresh Epoch 1

  65005, (received-only)

    172.16.20.1 (via vrf 1) from 172.16.20.1 (172.16.25.21)

      Origin incomplete, metric 200, localpref 100, valid, external

      Community: 101:65005

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:30:30 UTC

 

cedge201#sh ip bgp vpnv4 vrf 1 172.16.22.0/24

BGP routing table entry for 1:1:172.16.22.0/24, version 143

Paths: (2 available, best #2, table 1)

  Advertised to update-groups:

     5          6        

  Refresh Epoch 1

  65005, (received & used)

    172.16.30.2 (via vrf 1) from 172.16.30.2 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 50, valid, internal

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

      Updated on Jul 28 2021 12:30:38 UTC

  Refresh Epoch 1

  65005

    10.0.30.10 (via default) from 0.0.0.0 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 50, valid, sourced, best

      Community: 101:65005

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

      Updated on Jul 28 2021 12:30:38 UTC

 

102RS001#sh ip bgp 172.16.22.0/24

BGP routing table entry for 172.16.22.0/24, version 420

Paths: (2 available, best #2, table default)

  Advertised to update-groups:

     2        

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.17 from 172.16.30.17 (192.168.20.1)

      Origin incomplete, metric 1000, localpref 100, valid, external

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0

  Refresh Epoch 1

  5 420002222 65005

    172.16.30.5 from 172.16.30.5 (192.168.20.2)

      Origin incomplete, metric 1000, localpref 100, valid, external, best

      Community: 6684141

      Extended Community: SoO:0:102 RT:420002222:1

      rx pathid: 0, tx pathid: 0x0

 Urbackup GUI no accessible (loading forever)

Check IPTABLES/FIREWALLD (firewalld uses iptables, so don't change iptables manually)

Allow https via firewalld

 firewall-cmd --permanent --add-service=https

 firewall-cmd --reload

 firewall-cmd --list-all

 windows PC ping icmp not working

Windows Firewall -> Inbound Rules -> allow icmp.

Also, if the interface in Network of Windows is marked as “public” instead of “work", then it makes Windows think it is on a public hotspot and it will not give access remotely even if the windows firewall rules allow it (In “Public”-mode it doesn’t read the “Inbound Rules”…)

 Change the interfaces to “Work” or "Private"

In windows defender:

1. Search for Windows Firewall, and click to open it.
2. Click Advanced Settings on the left.
3. From the left pane of the resulting window, click Inbound Rules.
4. In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In)
5. Right-click each rule and choose Enable Rule
6. change remote "local subnet" to "any"

eve-ng : When a node won't start

 

/var/log/syslog shows:

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 ERR#011Error while connecting local AF_UNIX: No such file or directory /tmp/netio33797/5 (2)

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 ERR#011Cannot listen at AF_UNIX (5). ERR: Cannot open AF_UNIX sockets (2).

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 ERR#011Failed to create AF_UNIX socket file (2).

Jun 18 11:21:18 labusraeveng01 iol_wrapper[105334]: 18/5 15:21:18.639 INF#011Caught SIGTERM, killing child.

For some reason the socket in /tmp doesn't exist anymore.

mkdir /tmp/netio33797

python -c "import socket as s; sock = s.socket(s.AF_UNIX); sock.bind('/tmp/netio33797/5')"

chown -R 33797:unl /tmp/netio33797

et voila!

eve-ng network/interface linux issues

 

Sometimes the ip-config of eve-ng itself is deleted (on the linux level)

/var/log/syslog shows:

Jun 18 15:49:13 labusraeveng01 systemd-udevd[104705]: Could not generate persistent MAC address for vun001000000221: No such file or directory

This could be caused by this https://github.com/systemd/systemd/issues/3374. What I did was:
- Add file /etc/systemd/network/99-default.link

- Content:
[Link]
# NamePolicy=kernel database onboard slot path
MACAddressPolicy=none

- Reboot the server

After the reboot:
rm -f /opt/ovf/.configured
su –
and configure networking again.
Check license:
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
In case the license stays invalid, try:
systemctl restart licserver

You could still see in /var/log/syslog other errors:

Jun 18 16:23:33 labusraeveng01 systemd-udevd[66982]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.

(bug in systemd, should be fixed as of systemd v239) but this seems cosmetic

python virtualenv

 https://www.dabapps.com/blog/introduction-to-pip-and-virtualenv-python/

create virtualenv for your project

$ cd ~/code/myproject/
$ virtualenv env

install python libraries using pip that came with your virtualenv

$ env/bin/pip install <library>
To run python do
$ env/bin/python ...

MD5 Checksum

Windows (cmd)-> Certutil -hashfile <filename> MD5

Linux -> md5sum <filename>

Cisco -> verify /md5 bootflash:<filename>