思科路由命令备忘稿:Cisco BGP常用show命令

show ip bgp  regexp ^6939
show ip bgp neighbors 100.64.163.1
show ip bgp neighbors 100.64.163.1 advertised-routes


Cisco BGP常用show命令
1.常用的show 命令
查看BGP路由表
XRV8#show ip bgp all
For address family: IPv4 Unicast
BGP table version is 217, local router ID is 10.255.255.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 10.33.0.0/19 0.0.0.0 32768 i
*> 10.33.1.0/24 0.0.0.0 0 32768 i
*> 10.33.2.0/24 0.0.0.0 0 32768 i
*> 10.33.3.0/24 0.0.0.0 0 32768 i
查看BGP邻居表
XRV8#show ip bgp summary 
BGP router identifier 10.255.255.8, local AS number 65002
BGP table version is 217, main routing table version 217
72 network entries using 10368 bytes of memory
76 path entries using 6080 bytes of memory
3/3 BGP path/bestpath attribute entries using 456 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 16928 total bytes of memory
BGP activity 140/68 prefixes, 220/144 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.201.1.1 4 65000 95 89 217 0 0 01:08:02 4
10.201.2.1 4 65000 86 90 217 0 0 01:01:00 4
查看路由表中的BGP路由
XRV8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 141 subnets, 4 masks
B 10.33.0.0/19 [200/0], 01:07:50, Null0
B 10.63.0.0/19 [20/0] via 10.201.2.1, 00:14:30
B 10.79.0.0/19 [20/0] via 10.201.2.1, 00:14:30
B 10.118.0.0/19 [200/0], 01:07:50, Null0
B 10.123.0.0/19 [200/0], 01:07:50, Null0
B 10.133.0.0/19 [20/0] via 10.201.2.1, 00:14:30
B 10.149.0.0/19 [200/0], 01:07:50, Null0
B 10.158.0.0/19 [20/0] via 10.201.2.1, 00:14:30
 查看BGP路由含有某些特定路由的信息
XRV8#show ip route bgp | include 10.133.0.0
B 10.133.0.0/19 [20/0] via 10.201.2.1, 00:19:04
 查看含有某些前缀的BGP路由信息
XRV8#show ip bgp 10.133.0.0
BGP routing table entry for 10.133.0.0/19, version 216
Paths: (2 available, best #2, table default)
Not advertised to any peer
Refresh Epoch 4
65000 65001, (aggregated by 65001 10.255.255.7)
10.201.1.1 from 10.201.1.1 (10.255.255.5)
Origin IGP, localpref 100, valid, external, atomic-aggregate
rx pathid: 0, tx pathid: 0
Refresh Epoch 4
65000 65001, (aggregated by 65001 10.255.255.7)
10.201.2.1 from 10.201.2.1 (10.255.255.6)
Origin IGP, localpref 100, valid, external, atomic-aggregate, best
rx pathid: 0, tx pathid: 0x0
 查看某个特定的掩码区间的路由
XRV8#show ip bgp 10.133.0.0/16 longer-prefixes
BGP table version is 217, local router ID is 10.255.255.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 10.133.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
 查看起源于某个特定AS的路由
XRV8#show ip bgp regexp 65001$
BGP table version is 217, local router ID is 10.255.255.8
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 10.63.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
* 10.79.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
* 10.133.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i
* 10.158.0.0/19 10.201.1.1 0 65000 65001 i
*> 10.201.2.1 0 65000 65001 i


Cisco配置备忘稿

VRF

Usage Guidelines

This command is available for all IP-route tracked objects that are tracked by the track ip route global configuration command. Use this command to track a route that belongs to a specific VPN.

Examples

In the following example, the route associated with a VRF named VRF1 is tracked:

Router(config)# track 1 ip route 10.0.0.0 255.0.0.0 metric threshold
Router(config-track)# exit
Router(config)# ip vrf VRF1
Router(config-vrf)# rd 100:1
Router(config-vrf)# route-target both 100:1
!
Router(config)# interface ethernet0/2
Router(config-if)# no shutdown
Router(config-if)# ip vrf forwarding VRF1
Router(config-if)# ip address 10.0.0.2 255.0.0.0

Command

Description

ip vrf forwarding

Associates a VPN VRF with an interface or subinterface.

track ip route

Tracks the state of an IP route and enters tracking configuration mode.



ip tcp adjust-mss


  • ip tcp adjust-mss 1452

  • ip mtu 1492

Examples

The following example shows the configuration of a PPPoE client with the MSS value set to 1452:

vpdn enable
no vpdn logging
!
vpdn-group 1
request-dialin
protocol pppoe
!
interface Ethernet0
 ip address 192.168.100.1 255.255.255.0
 ip tcp adjust-mss 1452
 ip nat inside
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 8/35
 pppoe client dial-pool-number 1
!
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex B
dsl linerate AUTO
!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username sohodyn password 7 141B1309000528
!
ip nat inside source list 101 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 101 permit ip 192.168.100.0 0.0.0.255 any



原文地址https://www.cisco.com/en/US/docs/ios-xml/ios/ipapp/command/ip_tcp_adjust-mss_through_ip_wccp_web-cache_accelerated.html

goflow(Netflow/IPFIX Collector)

go get github.com/cloudflare/goflow/cmd/goflow
cd ~/go/src/github.com/cloudflare/goflow/cmd/goflow
go install

goflow -kafka=false -nf -nf.addr 192.168.1.8 -nf.port 567

goflow -h
goflow -kafka=false -nf -nf.addr 192.168.1.8 -nf.port 5678


邮件系统收集整理

iRedMail


https://qing.su/article/158.html
香菇肥牛大佬写了些涨经验值的内容.


poste


https://poste.io/
基于docker的一个邮件投递系统

postal


   https://postal.atech.media/

https://github.com/postalhq/postal/wiki/Quick-Install
用来专门投递邮件这玩意不错的.

mailu


https://mailu.io/
https://github.com/Mailu/Mailu
mailu这玩意是基于docker运行的, 看起来好像不错, 还没搭建过,

Mail-in-a-Box

https://mailinabox.email/
https://github.com/mail-in-a-box/mailinabox
指定在ubuntu上部署, ubuntu18可以安装, 还算比较不错的.

postalserver

http://docs.postalserver.io
https://github.com/postalserver/postal

 


Zimbra和Modoboa好像还可以, 但还没搭建过.


未完待续

ESXI清空root密码

先挂一个rescue系统重启并进入,挂载/dev/sda5分区.

www.system-rescue-cd.org 可以下载, 用linux带rescue的iso也可以.


操作流程大致如下:

mkdir /mnt/sda5
mount /dev/sda5 /mnt/sda5
cp /mnt/sda5/state.tgz /tmp
cd /tmp
tar -xf state.tgz #(这一步对文件进行解压之后,会生成一个local.tgz的文件)
tar -xf local.tgz #(这一步操作结束后,tmp下会有一个etc目录)
vim etc/shadow   #(把root的密码删掉)
rm -f /tmp/state.tgz /tmp/local.tgz
tar -zcvf local.tgz etc/
tar -zcvf state.tgz local.tgz
cp state.tgz /mnt/sda5/


files.photo.gallery

演示地址:https://files.photo.gallery/demo/?samples

下载链接:https://cdn.jsdelivr.net/npm/files.photo.gallery/index.php

设置说明:https://forum.photo.gallery/viewtopic.php?f=66&t=9964

开心补丁:https://cdn.jsdelivr.net/gh/yyingc/[email protected]/files.js


php组建需求: fileinfo exif imagemagick


配置根目录、密码访问和排除不需要显示的目录:

// 根目录配置
'root' => '根目录路径', // root path relative to script.
'start_path' => false, // start path relative to script. If empty, root is start path
// 登录账号密码配置
'username' => 'zhujizixun',
'password' => '12345678', // Add password directly or use https://tinyfilemanager.github.io/docs/pwd.html to encrypt the password (encrypted password is more secure, as it prevents your password from being exposed directly in a file).
// 排除文件或者目录
'files_exclude' => '/.(html|xml)$/i', // '/.(pdf|jpe?g)$/i'
'dirs_exclude' => '//js|/_files(/|$)/i', //'//Convert|/football|/node_modules(/|$)/i',
'allow_symlinks' => true, // allow symlinks

解决nocps的samba跨网速度慢的问题

smb跨网的速度慢到爆,  虽然可以在Installation profiles里面增加一个外带本地smb路径, 在能不改变就不改变的前提下解决.


在ROS里面把445,137,138,139的tcp和udp重新定向到网内的smb服务器ip上.

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=远程SMB dst-address-type=!local dst-port=445,137,138,139 protocol=udp to-addresses=本地SMB
add action=dst-nat chain=dstnat dst-address=远程SMB dst-address-type=!local dst-port=445,137,138,139 protocol=tcp to-addresses=本地SMB

然后将nocps下smb目录文件同步出来, 先把nocps的smb挂载到本地目录然后用rsync进行同步, 然后再分发到其他区域的smb服务器.


其实能在路由上做nat的情况, 完全可以把smb单独出来分区域镜像跑, 但是我不太想去折腾了, 能省一步省一步.





BGP Regular Expressions Examples

Regular Expressions are used often for BGP route manipulation or filtering. In this lesson we’ll take a look at some useful regular expressions. First let’s take a look at the different characters that we can use:

Characters

?
repeats the previous character one or zero times.
*
repeats the previous character zero or many times.
+
repeats the previous character one or more times.
^
matches the beginning of a string.
$
matches the end of a string.
[]
is a range.
_
matches the space between AS numbers or the end of the AS PATH list.
\\
is an escape character. You’ll need this for BGP confederations.

Examples

^$matches an empty AS PATH so it will match all prefixes from the local AS.
^51_matches prefixes from AS 51 that is directly connected to our AS.
_51_matches prefixes that transit AS 51.
_51$matches prefixes that originated in AS 51, the $ ensures that it’s the beginning of the AS PATH.
^([0-9]+)_51matches prefixes from AS 51 where AS 51 is behind one of our directly connected AS’es.
^51_([0-9]+)matches prefixes from the clients of directly connected AS 51.
^(51_)+([0-9]+)matches prefixes from the clients of directly connected AS 51, where AS 51 might be doing AS PATH prepending.
^51_([0-9]+_)+matches prefixes from the clients of directly connected AS 51, where the clients might be doing AS PATH prepending.
^\65200\)matches prefixed from confederation peer 65200.

https://networklessons.com/bgp/bgp-regular-expressions-examples/

内网IP分配用途表

Address BlockPresent UseReference
0.0.0.0/8"This" NetworkRFC 1122, Section 3.2.1.3
10.0.0.0/8Private-Use NetworksRFC 1918
127.0.0.0/8LoopbackRFC 1122, Section 3.2.1.3
169.254.0.0/16Link LocalRFC 3927
172.16.0.0/12Private-Use NetworksRFC 1918
192.0.0.0/24IETF Protocol AssignmentsRFC 5736
192.0.2.0/24TEST-NET-1RFC 5737
192.88.99.0/246to4 Relay AnycastRFC 3068
192.168.0.0/16Private-Use NetworksRFC 1918
198.18.0.0/15Network Interconnect
Device Benchmark Testing
RFC 2544
198.51.100.0/24TEST-NET-2RFC 5737
203.0.113.0/24TEST-NET-3RFC 5737
224.0.0.0/4MulticastRFC 3171
240.0.0.0/4Reserved for Future UseRFC 1112, Section 4
255.255.255.255/32Limited BroadcastRFC 919, Section 7
RFC 922, Section 7

#---------------------- 










Summary Table

Address BlockPresent UseReference
0.0.0.0/8"This" NetworkRFC 1122, Section 3.2.1.3
10.0.0.0/8Private-Use NetworksRFC 1918
127.0.0.0/8LoopbackRFC 1122, Section 3.2.1.3
169.254.0.0/16Link LocalRFC 3927
172.16.0.0/12Private-Use NetworksRFC 1918
192.0.0.0/24IETF Protocol AssignmentsRFC 5736
192.0.2.0/24TEST-NET-1RFC 5737
192.88.99.0/246to4 Relay AnycastRFC 3068
192.168.0.0/16Private-Use NetworksRFC 1918
198.18.0.0/15Network Interconnect
Device Benchmark Testing
RFC 2544
198.51.100.0/24TEST-NET-2RFC 5737
203.0.113.0/24TEST-NET-3RFC 5737
224.0.0.0/4MulticastRFC 3171
240.0.0.0/4Reserved for Future UseRFC 1112, Section 4
255.255.255.255/32Limited BroadcastRFC 919, Section 7
RFC 922, Section 7

hex dec ip

#!/bin/bash
dec2ip () {
    local ip [email protected]
    for e in {3..0}
    do
        ((octet = dec / (256 ** e) ))
        ((dec -= octet * 256 ** e))
        ip+=$delim$octet
        delim=.
    done
    printf '%s\n' "$ip"
}

dec2ip "[email protected]"
#!/bin/bash
ip2dec () {
    local a b c d [email protected]
    IFS=. read -r a b c d <<< "$ip"
    printf '%d\n' "$((a * 256 ** 3 + b * 256 ** 2 + c * 256 + d))"
}

ip2dec "[email protected]"
dec2ip ()
{
   local v=$1
   local i1=$((v>>24&255))
   local i2=$((v>>16&255))
   local i3=$((v>>8&255))
   local i4=$((v&255))
   printf '%d.%d.%d.%d\n' $i1 $i2 $i3 $i4
}


tohex

echo -n   10.0.14.5  | hexdump -e '/1 "%02x"';

ip2hex

gethostip -x 10.0.14.5

hex2ip

hextoip() { hex=$1;  printf "%d." 0x${hex:0:2};  printf "%d." 0x${hex:2:2};  printf "%d." 0x${hex:4:2};  printf "%d" 0x${hex:6:2};  }


隧道大师系列....gretap/VXLAN/EOIP

Linux Endpunkte

GRETAP

/bin/ip link add 命名 type gretap local 本地IPv4 remote 远程IPv4 ttl 255
/bin/ip link set dev 命名 up

VXLAN

/bin/ip link add 命名 type vxlan local 本地IPv4 remote 远程IPv4 dstport 4789 id 0 ttl 255
/bin/ip link set dev 命名 up

Ethernet over IP

# install
wget https://raw.githubusercontent.com/4b42/4ixp/master/eoip/install.sh -O /tmp/eoip.sh
chmod +x /tmp/eoip.sh
/tmp/eoip.sh
rm -f /tmp/eoip.sh
# config
cat << EOF > /etc/eoip.cfg
[eoip命名]
id=0
dst=远程IPv4
EOF
/usr/local/bin/eoip /etc/eoip.cfg


MikroTik RouterOS Endpunkte

/interface eoip add !keepalive name=命名 local-address=本地IPv4 remote-address=远程IPv4 tunnel-id=0

代替htpasswd生成密码方法

 printf "user:$(openssl passwd -crypt 123456)\n" >>conf/htpasswd


ROS历史版本下载

ROS历史版本下载

https://www.routeros.co.id/
https://www.mikrotik.com/download/archive

IPMITOOL单机批量执行命令

首先得安装有ipmitool或者OpenIPMI的包以及加载相应的内核模块

yum install ipmitool -y -q
modprobe ipmi_watchdog
modprobe ipmi_poweroff
modprobe ipmi_devintf
modprobe ipmi_si

执行例子

ipmitool exec ipmi.txt -I lanplus  -U '用户' -P '密码' -H IP地址

ipmi.txt内容例子 

power status
sensor
mc info
user list
lan print

主要是把所有的命令写在一个文本里面, 不用每次发送命令都带上IP 用户名密码等等

尤其是遇上更改IPMI的IP配置和用户配置的时候, 省去了一大部分的冗余操作.


通过ssh备份juniper配置文件

首先,为了方便rsa免密码登陆要事先准备好.

其次,如果有堡垒机穿透也要事先在ssh/config下配置好.

方法一

ssh [email protected] "cli<< EOF
show configuration|dis set
EOF 
" |grep set >junos.backup.txt

 方法二

ssh [email protected]   'csh -s'  <./backup.sh |grep set > junos.backup.txt

方法二是用csh -s将本地的脚本文件内容抛到juniper上执行.