Friday, January 28, 2011

Rancid failing to write term with ssh client ServerAliveInterval

We found that rancid was no longer able to perform a 'write terminal' after we setup the /etc/ssh/ssh_config option: ServerAliveInterval 5

Every single time you would do:

ssh router.example.com
term length 0
write term

The router would send a TCP FIN at the exact same spot halfway though the config:

...
13:53:39.199206 IP rancid.example.com.54509 > router.example.com.ssh: Flags [.], ack 18941, win 41440, length 0
13:53:39.199327 IP router.example.com.ssh > rancid.example.com.54509: Flags [P.], seq 18941:18973, ack 2697, win 2920, length 32
13:53:39.199337 IP rancid.example.com.54509 > router.example.com.ssh: Flags [.], ack 18973, win 41440, length 0
13:53:39.199605 IP router.example.com.ssh > rancid.example.com.54509: Flags [P.], seq 18973:19005, ack 2697, win 2920, length 32
13:53:39.199615 IP rancid.example.com.54509 > router.example.com.ssh: Flags [.], ack 19005, win 41440, length 0
13:53:39.199675 IP router.example.com.ssh > rancid.example.com.54509: Flags [FP.], seq 19005, ack 2697, win 2920, length 0
13:53:39.199858 IP rancid.example.com.54509 > router.example.com.ssh: Flags [F.], seq 2697, ack 19006, win 41440, length 0
13:53:39.201624 IP router.example.com.ssh > rancid.example.com.54509: Flags [.], ack 2698, win 2920, length 0


After checking every single network switch, interface, cable, IP, firewall, etc. The problem was:


ServerAliveInterval


Once this was either removed or changed to a value greater then 5, for example 300, it worked just fine.


Friday, January 14, 2011

Anycast DNS setup using Linux and Cisco routers.

Cisco Router Configuration:

ip sla 101
dns anycast.example.com name-server 10.10.10.1
frequency 30
ip sla schedule 101 life forever start-time now
!
track 101 ip sla 101
!
ip route 10.0.0.1 255.255.255.255 10.10.10.1 track 101




Here is the IP route on the router:

router# show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
Known via "static", distance 1, metric 0
Redistributing via eigrp 1234
Advertised by eigrp 1234 route-map STATIC-TO-EIGRP
bgp 1234
Routing Descriptor Blocks:
* 10.10.10.1
Route metric is 0, traffic share count is 1




Then you can see that this same address is also available from multiple locations:


router# show ip eigrp topology 10.0.0.1/32
EIGRP-IPv4 Topology Entry for AS(1234)/ID(10.9.9.1) for 10.0.0.1/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2562560
Descriptor Blocks:
10.10.10.1, from Rstatic, Send flag is 0x0
...
10.8.8.1 (Vlan20), from 10.6.6.1, Send flag is 0x0
...
10.7.7.1 (Vlan30), from 10.4.4.1, Send flag is 0x0



On the Unix server I have the following network interfaces setup:

eth0 Link encap:Ethernet HWaddr 00:15:17:A6:25:97
inet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0

lo:1 Link encap:Local Loopback
inet addr:10.0.0.1 Mask:255.255.255.255



To summarize the whole setup.

1) The router does a DNS query to the DNS server that is directly connected to it every 30 seconds.
2) If the DNS query succeeds the static router stays in the table.
3) If the test fails the route is withdrawn.

1) If a DNS query is sent to 10.0.0.1 the router will process this by sending the query to the IP address the static route points to.
2) The DNS server accepts the query on the management interface, then passes it to the lo:1 interface for processing.


Depending on where you are at you automatically get routed to the closest server:

jemurray@pluto:~$ traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 60 byte packets
1 l3-core-vl7.nts.example.com (10.50.1.46) 0.309 ms 0.338 ms 0.381 ms
2 anycast.ip.example.com (10.0.0.1) 0.202 ms 0.195 ms 0.180 ms


jemurray@paddington:~$ sudo traceroute 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 64 hops max, 52 byte packets
1 nts-desk120-brook.nts.example.com (10.50.120.125) 0 ms 0 ms 0 ms
2 anycast.ip.example.com (10.0.0.1) 0 ms 0 ms 0 ms



The best thing about this setup is:

1) If a server fails you automatically fail over to the next closest server. This way the client does not have to deal with DNS times outs.
2) Depending on your location you are automatically routed to the closest server. This will help with DNS response time.
3) It is not that hard to setup.
4) Nothing special is needed either the router or the server.

Setup HE IPv6 Tunnel in Ubuntu Linux

Script to build the tunnel:

jemurray@glock:/etc$ more /etc/init.d/he6tunnel.sh

#!/bin/bash

## Setup the Tunnel Dynamic IP
/usr/bin/wget --no-check-certificate https://ipv4.tunnelbroker.net/ipv4_end.php?ipv4b=AUTO\&pass=MY-MD5-PASSWORD-GOES-HERE\&user_id=MY-CUSTOMER-ID-GOES-HERE\&tunnel_id=41636

## Setup the Linux proto41 tunnel
/sbin/ifconfig sit0 up
/sbin/ifconfig sit0 inet6 tunnel ::209.51.181.2
/sbin/ifconfig sit1 up
/sbin/ifconfig sit1 inet6 add 2001:470:1f10:2cc::2/64
/sbin/route -A inet6 add ::/0 dev sit1

## Route the static block
/sbin/route -A inet6 add 2001:470:1f11:2cc::/64 dev eth0

## Setup first IP on eth0 interface
/sbin/ifconfig eth0 inet6 add 2001:470:1f11:2cc::1/64


Setup RADV to hand out IPv6 addresses to clients:

jemurray@glock:/etc$ cat /etc/radvd.conf
interface eth0 {
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
# prefix 2001:4978:268::/64 {
prefix 2001:470:1f11:2cc::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
AdvPreferredLifetime 20;
AdvValidLifetime 30;
};
RDNSS 2001:470:1f11:2cc::1 {
AdvRDNSSLifetime 20;
};
};



Client:

jemurray@kimber:~ $ ifconfig en1
en1: flags=8863 mtu 1500
ether 00:1c:b3:ba:e3:f9
inet6 fe80::21c:b3ff:feba:e3f9%en1 prefixlen 64 scopeid 0x6
inet6 2001:470:1f11:2cc:21c:b3ff:feba:e3f9 prefixlen 64 autoconf
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
media: autoselect
status: active



jemurray@kimber:~ $ ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:1f11:2cc:21c:b3ff:feba:e3f9 --> 2001:4860:b007::63
16 bytes from 2001:4860:b007::63, icmp_seq=0 hlim=56 time=135.405 ms
16 bytes from 2001:4860:b007::63, icmp_seq=1 hlim=56 time=33.788 ms
16 bytes from 2001:4860:b007::63, icmp_seq=2 hlim=56 time=33.910 ms
^C
--- ipv6.l.google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 33.788/67.701/135.405/47.874 ms



Followers

Contributors