Archiv der Kategorie: Random

Random stuff which i discovered or found in inet.0.

BGP Path Selection Juniper vs. Cisco vs. HP/Huawei

This is just a sort summary sheet about how the BGP path selection process is done by different vendors:

Cisco Juniper HP and Huawei
1 Path with highest WEIGHT Path with highest WEIGHT (PreVal)
2 Path with highest LOCAL_PREF Path with highest LOCAL_PREF Path with highest LOCAL_PREF
3 Lowest AIGP attribute
4 Path originated by the local router Path originated by the local router
5 Path with shortest AS_PATH Path with shortest AS_PATH Path with shortest AS_PATH
6 Path with lowest origin code Path with lowest origin code Path with lowest origin code
7 Path with lowest MED Path with lowest MED Path with lowest MED
8 Striclty prefer internal paths
8 Prefer eBGP over iBGP paths Strictly prefer external BGP paths Prefer eBGP over iBGP paths
9 Path with lowest IGP metric to the BGP next hop Path with lowest IGP metric to the BGP next hop Path with lowest IGP metric to the BGP next hop.
10 Determine if BGP multipath is needed Prefer the path with maximum IGP next hops
11 eBGP Path that was received first eBGP Path that is currently active
12 Prefer the path with lowest router ID Prefer the path with lowest router ID
13 Path with shortest CLUSTER_LIST Path with shortest CLUSTER_LIST Path with shortest CLUSTER_LIST
14 Path with smallest ORIGINATOR_ID
15 Prefer the path with lowest router ID
16 Path that comes from the lowest IP address Prefer the path with lowest peer IP address Path that comes from the lowest IP address

Sending multicast traffic in JunOS

If you need to send traffic to a multicast group, to see if multicast working, you can easily use the ping tool. You have add the „bypass-routing“ option, to make sure the traffic get out without a lookup.

Here is an example:

ping 239.1.1.1 bypass-routing interface ge-0/0/1 count 10000

You can use the „interval 0.1“ option to increase the packets per second.

If you want a receiver you could add a static igmp join, but this only create the forwarding state. If you also need a reply to the multicast ping traffic you must add a listener, like this:

set protocols sap listen 239.1.1.1

Test your MTU size with ping (JunOS/IOS and some more)

Here are some examples for testing MTU size with ICMP request/reply (aka Ping) and different operating systems. The list show the options to test your MTU with 1500 byte packets and don’t fragment bit set. If you get a reply, your MTU is fine.

OS Version Size option DF-bit option Example command
IOS (Cisco) 12.4 size 1500 df-bit ping ip 10.0.0.1 size 1500 df-bit
JunOS (Juniper) 11.4 size 1472 do-not-fragment ping 10.0.0.1 size 1472 do-not-fragment
VRP (Huawei) 5.70 -s 1472 -f ping -s 1472 -f 10.0.0.1
Windows XP -l 1472 -f ping 10.0.0.1 -l 1472 -f -t
Linux Open-SuSE 11.4 -s 1472 -M do ping 10.0.0.1 -s 1472 -M do
Solaris 11 1480 not implemented ping 10.0.0.1 1480

 

 

 

Tunneling HTTP/DNS through SSH (SOCKS 5)

Tunneling HTTP with SOCKS over SSH

If you stay in a hostel, in China 😉 or any other location where you don’t trust your inet connection, you could use an easy way to secure your traffic. Like me, I use a SSH tunnel to one of my servers. You can open a local port and tunnel your traffic through a SOCKS 5 proxy to your SSH server. Here is an example:

ssh -D 8080 -f -C -q -N username@yourserver

This open the localport 8080 with an encrypted (-C) tunnel (-D 8080 and -N) running in background (-f) without any logs (-q). Now you can add in Firefox or Chrome under the proxy settings SOCKS 5 proxy to localhost:8080.

Tunneling DNS over SOCKS 5

In order to activate DNS tunneling in Firefox, you must change a option in the configuration file. Howto:

1. Open about:config as URL
2. Change network.proxy.socks_remote_dns to TRUE

Tunneling any other network connection through SOCKS

I use the tool tsocks to tunnel other traffic like from apt-get or wget through SOCKS. You only have to edit the /etc/tsocks.conf and add your localhost:8080.  You can use it like this:

tsocks apt-get update

Simple and easy 😉