[Cisco] Secondary Aggregator Ports Po1A or Po2A are Created

Refer: h**p://www.ciscosystems.org.ro/en/US/tech/tk389/tk213/technologies_configuration_example09186a0080094470.shtml#tshoot
Secondary Aggregator Ports Po1A or Po2A are Created

A secondary aggregator port will be created in the LACP process when the ports you are bundling are not compatible with each other, or with their remote peers. The secondary aggregator port will have the ports which are compatible with others.

Switch#show etherchannel summary
Flags: D - down P - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

u - unsuitable for bundling
Number of channel-groups in use: 6
Number of aggregators: 8

Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------
1 Po1(SU) LACP Gi1/16(P) Gi10/1(P) Gi10/2(P)
2 Po2(SD) LACP
2 Po2A(SU) LACP Gi1/15(P) Gi10/3(P) Gi10/4(P)
3 Po3(SU) LACP Gi1/14(P) Gi10/5(P) Gi10/6(P)
4 Po4(SD) LACP
4 Po4A(SU) LACP Gi1/13(P) Gi10/7(P) Gi10/8(P)
5 Po5(SU) LACP Gi1/12(P) Gi10/9(P) Gi10/10(P)
6 Po6(SU) LACP Gi1/11(P) Gi10/11(P) Gi10/12(P)
Configure all LAN ports in an EtherChannel to operate at the same speed and in the same duplex mode. LACP does not support half-duplex. Half-duplex ports in an LACP EtherChannel are put in the suspended state.

If you configure an EtherChannel from trunking LAN ports, verify that the trunking mode is the same on all the trunks. LAN ports in an EtherChannel with different trunk modes can operate unpredictably.

LAN ports with different STP port path costs can form an EtherChannel as long they are compatibly configured with each other. If you set different STP port path costs, the LAN ports are not incompatible for the formation of an EtherChannel.

[Cisco] Cisco Router878 G.SHDSL Back-to-Back Configuration

Cisco Router878 G.SHDSL Back-to-Back Configuration
IOS: c870-advipservicesk9-mz.124-4.T8.bin

[R1]G.SHDSL <-----------> G.SHDSL [R2]

test on wire: RJ11 ,4-wire

R1 as CO
R2 as CPE

[R1]

controller DSL 0
mode atm
line-term co
line-mode 4-wire enhanced
dsl-mode shdsl symmetric annex B
line-rate 2048
!
interface ATM0
ip address 192.168.2.1 255.255.255.0
no atm ilmi-keepalive
pvc 0/100
broadcast
encapsulation aal5snap
!
!


[R2]

controller DSL 0
mode atm
line-term cpe
line-mode 4-wire enhanced
dsl-mode shdsl symmetric annex B
line-rate 2048
!
interface ATM0
ip address 192.168.2.2 255.255.255.0
no atm ilmi-keepalive
pvc 0/100
broadcast
encapsulation aal5snap
!      
!

[Verify]

R1#sh controllers dsL 0

DSL 0 controller UP
SLOT 0: Globespan xDSL controller chipset
Frame mode: Utopia
Configured Line rate: 2048Kbps
Line Mode: Four Wire Enhanced Mode
DSL mode: SHDSL Annex B
Line Re-activated 0 times after system bootup
LOSW Defect alarm: ACTIVE
CRC per second alarm: ACTIVE
Line termination: CO

Line 0 statistics

      Current 15 min CRC: 0
      Current 15 min LOSW Defect: 0
      Current 15 min ES: 0
      Current 15 min SES: 0
      Current 15 min UAS: 19

      Previous 15 min CRC: 0
      Previous 15 min LOSW Defect: 0
      Previous 15 min ES: 0
      Previous 15 min SES: 0
      Previous 15 min UAS: 0


Line 1 statistics

      Current 15 min CRC: 0
      Current 15 min LOSW Defect: 0
      Current 15 min ES: 0
      Current 15 min SES: 0
      Current 15 min UAS: 19

      Previous 15 min CRC: 0
      Previous 15 min LOSW Defect: 0
      Previous 15 min ES: 0
      Previous 15 min SES: 0
      Previous 15 min UAS: 0

Line-0 status
Chipset Version:  0
Firmware Version:  R3.0.1
Modem Status:  Data, Status 1
Last Fail Mode:  No Failure status:0x0
Line rate:  1032 Kbps
Framer Sync Status: In Sync
Rcv Clock Status: In the Range
Loop Attenuation:  0.9 dB
Transmit Power:  7.5 dB
Receiver Gain:  9.7000 dB
SNR Sampling:  38.9000 dB
Line-1 status
Chipset Version:  0
Firmware Version:  R3.0.1
Modem Status:  Data, Status 1
Last Fail Mode:  No Failure status:0x0
Line rate:  1032 Kbps
Framer Sync Status: In Sync
Rcv Clock Status: In the Range
Loop Attenuation:  1.0 dB
Transmit Power:  7.5 dB
Receiver Gain:  9.7000 dB
SNR Sampling:  38.4860 dB
Dying Gasp: Present

R1#sh atm interface aTM 0
Interface ATM0:
AAL enabled:  AAL5  , Maximum VCs: 10, Current VCCs: 1

VCIs per VPI: 1024,
Max. Datagram Size: 4528
PLIM Type: GSHDSL - 2048Kbps, Framing is Unknown,, TX clocking: LINE
3057 input, 3072 output, 0 IN fast, 0 OUT fast
Avail bw = 2048
Config. is ACTIVE

R1#sh atm map
Map list ATM0_ATM_INARP : DYNAMIC
ip 192.168.2.2 maps to VC 1, VPI 0, VCI 100, ATM0
      , broadcast

R1#ping 192.168.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms

[Cisco] Example configuration Load share 2 ADSL lines with NAT and OER/PfR (Optimize Edge Routing)

Example configuration Load share 2 ADSL lines with NAT and OER/PfR (Optimize Edge Routing)


h**p://www.cisco.com/en/US/docs/ios/12_4t/oer/configuration/guide/h_oerstr.html
h**p://www.cisco.com/en/US/docs/ios/12_4t/oer/configuration/guide/h_oerstr.html#wp1054840
h**p://www.netcraftsmen.net/resources/archived-articles/443.html


   +----------ATM0/0/0---------> ADSL line
   |
[192.168.1.1/24]---Fa0/0----[Cisco2811]
   |
   +----------Fa0/1----ADSL modem-------> ADSL line


boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-24.T1.bin
boot-end-marker
!
key chain OER
 key 1
   key-string cisco
!
!
oer master
 no max-range-utilization
 logging
 !
 border 10.0.0.1 key-chain OER
  interface FastEthernet0/0 internal
  interface Dialer0 external
  interface Dialer1 external
 !
 learn
  throughput
  delay
  protocol tcp
  protocol udp
  periodic-interval 3
  monitor-period 2
  aggregation-type prefix-length 32
 delay threshold 20
 backoff 180 360
 mode route control
 mode monitor passive
 mode route metric static tag 60000
!
oer border
 logging
 local Loopback0
 master 10.0.0.1 key-chain OER
!
interface Loopback0
 ip address 10.0.0.1 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1460
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description ## Connect to ADSL modem ##
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 2
!
interface ATM0/0/0
 description ## Connect to ADSL line ##
 no ip address
 no atm ilmi-keepalive
 pvc 0/100 
  pppoe-client dial-pool-number 1
 !        
!
interface Dialer0
 bandwidth 8192
 ip address negotiated
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 load-interval 30
 dialer pool 1
 ppp pap sent-username XXXXX1 password 0 XXXX1
!
interface Dialer1
 bandwidth 4096
 ip address negotiated
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 load-interval 30
 dialer pool 2
 ppp pap sent-username XXXXX2 password 0 XXXX2
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets route-map STATIC->OSPF
 network 10.0.0.1 0.0.0.0 area 0
 network 192.168.1.1 0.0.0.0 area 0
!
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip nat inside source route-map NAT_DSL0 interface Dialer0 overload oer
ip nat inside source route-map NAT_DSL1 interface Dialer1 overload oer
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
!
route-map STATIC->OSPF permit 10
 match tag 60000
!
route-map NAT_DSL1 permit 10
 match ip address 1
 match interface Dialer1
!
route-map NAT_DSL0 permit 10
 match ip address 1
 match interface Dialer0
!

Router#sh ip nat statistics 
Total active translations: 65 (0 static, 65 dynamic; 65 extended)
Peak translations: 343, occurred 00:01:10 ago
Outside interfaces:
  Virtual-Access2, Virtual-Access3, Dialer0, Dialer1
Inside interfaces: 
  FastEthernet0/0
Hits: 780840  Misses: 0
CEF Translated packets: 779872, CEF Punted packets: 486
Expired translations: 672
Dynamic mappings:
-- Inside Source
[Id: 1] route-map NAT_DSL0 interface Dialer0 refcount 33
[Id: 2] route-map NAT_DSL1 interface Dialer1 refcount 32
Appl doors: 0
Normal doors: 0
Queued Packets: 0

! === Routing table before apply OER
Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     58.0.0.0/32 is subnetted, 4 subnets
C       58.8.92.79 is directly connected, Dialer0
C       58.8.88.84 is directly connected, Dialer1
C       58.8.88.1 is directly connected, Dialer1
C       58.8.92.1 is directly connected, Dialer0
     10.0.0.0/32 is subnetted, 1 subnets
C       10.0.0.1 is directly connected, Loopback0
C    192.168.1.0/24 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 is directly connected, Dialer0
               is directly connected, Dialer1

!== Routing table after apply OER

Router#sh ip route static 
     202.170.115.0/32 is subnetted, 1 subnets
S       202.170.115.94 [1/0] via 0.0.0.0, Dialer1
     66.0.0.0/32 is subnetted, 1 subnets
S       66.235.143.118 [1/0] via 0.0.0.0, Dialer1
     202.129.205.0/32 is subnetted, 1 subnets
S       202.129.205.52 [1/0] via 0.0.0.0, Dialer1
     110.0.0.0/32 is subnetted, 1 subnets
S       110.164.86.167 [1/0] via 0.0.0.0, Dialer1
     24.0.0.0/32 is subnetted, 1 subnets
S       24.67.37.33 [1/0] via 0.0.0.0, Dialer1
     58.0.0.0/32 is subnetted, 5 subnets
S       58.97.45.43 [1/0] via 0.0.0.0, Dialer1
     207.200.111.0/32 is subnetted, 1 subnets
S       207.200.111.33 [1/0] via 0.0.0.0, Dialer1
     208.117.252.0/32 is subnetted, 1 subnets
S       208.117.252.103 [1/0] via 0.0.0.0, Dialer1
     203.144.145.0/32 is subnetted, 1 subnets
S       203.144.145.57 [1/0] via 0.0.0.0, Dialer1
S*   0.0.0.0/0 is directly connected, Dialer0
               is directly connected, Dialer1

Router#sh ip route 202.170.115.94
Routing entry for 202.170.115.94/32
  Known via "static", distance 1, metric 0
  Tag 60000
  Redistributing via ospf 1
  Routing Descriptor Blocks:
  * directly connected, via Dialer1
      Route metric is 0, traffic share count is 1
      Route tag 60000     <==== default route tag is 5000
      
Router#sh ip ospf database external 202.170.115.94   <== verify route tag w/ 60000 redistributed into OSPF

            OSPF Router with ID (10.0.0.1) (Process ID 1)

  Type-5 AS External Link States

  LS age: 17
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 202.170.115.94 (External Network Number )
  Advertising Router: 10.0.0.1
  LS Seq Number: 80000001
  Checksum: 0xF50D
  Length: 36
  Network Mask: /32
 Metric Type: 2 (Larger than any link state path)
 TOS: 0 
 Metric: 20 
 Forward Address: 0.0.0.0
 External Route Tag: 60000

[Lighttpd] Config lighttpd support SSL

Test on FreeBSD 7.2
lighttpd-1.4.22 (ssl) - a light and fast webserver
Build-Date: Apr 18 2009 13:02:03

1. Generate key
#mkdir /etc/ssl/private
#cd /etc/ssl/private/
#openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes

2. vi /usr/local/etc/lighttpd.conf
# Uncomment mod_redirect in server.modules.

$SERVER["socket"] == "0.0.0.0:443" {
#### SSL engine
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
}
else $HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}


3. Start lighttpd
#/usr/local/etc/rc.d/lighttpd restart

[Linux] เพิ่มความสามารถให้ squid cache video ได้

This summary is not available. Please click here to view the post.

[FreeBSD] ลงโปรแกรม netatalk เอาไว้ share ให้ mac

# pkg_add -r netatalk

# vi /usr/local/etc/pam.d/netatalk

###

netatalk auth required pam_unix.so try_first_pass

netatalk account required pam_unix.so try_first_pass

netatalk session required pam_permit.so

###

vi /etc/rc.conf

netatalk_enable="YES"

atalkd_enable="NO"

papd_enable="NO"

cnid_metad_enable="NO"

afpd_enable="YES"

timelord_enable="NO"

#---- start service

#/usr/local/etc/rc.d/netatalk start

จากนั้นก็ใช้ mac ทำการ connect โดยเปิด finder-> Go -> Connect to server ,

Server address: afp://username@192.168.1.1 --> Connect

[Dynamips] script สำหรับ start process dynamips

vi dynamips.sh

#!/usr/local/bin/bash
# Script for start dynamips process

DYNAMIPS_BIN=/usr/local/bin/dynamips
WORKDIR=/dynamips/cache
PORT_START=3600
NUM_PROC=12

case "$1" in
start)
cd $WORKDIR
i=0
while [ $i -ne $NUM_PROC ]
do
(( PORT = $PORT_START + $i ))
echo "Start dynamips hypervisor port $PORT "
nice $DYNAMIPS_BIN -H $PORT -l /dev/null > /dev/null 2>&1 &
(( i = i + 1 ))
done
exit 0
;;
stop)
echo "Stop dynamips all process .."
pkill -9 dynamips
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: `basename $0` {start|stop|restart}" >&2
exit 64
;;
esac

[FreeBSD] Create RamDisk on FreeBSD

vi mkramdisk.sh

#!/bin/sh
MOUNT_DIR="/dynamips/cache"
SIZE=512M

case "$1" in
start)
/sbin/mdmfs -S -s $SIZE md0 $MOUNT_DIR
echo "$SIZE ramdisk created on /dev/md0 and mounted on $MOUNT_DIR"
exit 0
;;
stop)
/sbin/umount $MOUNT_DIR
/sbin/mdconfig -d -u 0
echo "ramdisk unmounted from $MOUNT_DIR and deleted from /dev/md0"
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: `basename $0` {start|stop|restart}" >&2
exit 64
;;
esac

[FreeBSD] Example /etc/pf.conf

vi /etc/rc.conf
pf_enable="YES" <== enable pf

vi /etc/pf.conf
## Macros
SYN_ONLY="S/FSRA"
EXT_NIC="bge0"
INT_NIC="bge1"

ALLOWED_ICMP="echoreq"
ALLOWED_TCP="{ 22,80 }"
TRUSTED_IP="{ 10.0.0.0/24, 1.1.1.1 }"

# Your Internet IP goes in the EXT_IP variable
EXT_IP="1.2.3.4"

# Your private network IP goes in the INT_IP variable
# if you have two NICs on the machine
INT_IP="192.168.1.1"

## TABLES


## GLOBAL OPTIONS
set block-policy drop

## TRAFFIC NORMALIZATION


## QUEUEING RULES


## TRANSLATION RULES (NAT)


## FILTER RULES

# Block everything (inbound AND outbound on ALL interfaces) by default (catch-all)
block all

# Default TCP policy
block return-rst in log on $EXT_NIC proto TCP all
pass in log quick on $EXT_NIC proto TCP from any to $EXT_IP port $ALLOWED_TCP flags $SYN_ONLY keep state

# Default UDP policy
block in log on $EXT_NIC proto udp all
# It's rare to be hosting a service that requires UDP (unless you are hosting
# a dns server for example), so there typically won't be any entries here.

# Default ICMP policy
block in log on $EXT_NIC proto icmp all
pass in log quick on $EXT_NIC proto icmp from any to $EXT_IP icmp-type $ALLOWED_ICMP keep state

# Default IP Policy
block in log on $EXT_NIC all
pass in log quick on $EXT_NIC from $TRUSTED_IP to $EXT_IP keep state

block out on $EXT_NIC all
pass out quick on $EXT_NIC from $EXT_IP to any keep state

# Allow the local interface to talk unrestricted
pass in quick on lo0 all
pass out quick on lo0 all

ทำ 2D Barcode เอาไว้เล่นครับ

พอดีใช้ E71 มันสามารถสแกน 2D barcode ได้ครับ
h**p://qrcode.kaywa.com/

[Nokia] E71 ใช้ battery มากกว่าปกติเพราะ garmin xt

h**p://dotdoh.com/?p=394

If you have just installed Garmin Mobile XT version 5.0.0.20 on your Mobile Phone (So far only verified on my Nokia E71 running Symbian OS), you may have notice that your battery life for you mobile phone seems to have reduce substantially from about 2 days before the installation to about 1 day.

This it seem is due to a background process that Garmin Mobile XT starts upon boot up of your Symbian operating system as well as upon running of the Mobile XT software.

Things you will need to verify if you are affected by this background process.

1.) An installed version of Garmin Mobile XT (Duh….)

2.) JBak Task Manager. (You can download it from: http://jbak.ru/jbaktaskman_en.php)

Step 1	Start JBakTaskMan
Step 2	Select Menu >> Tools >> Processes
Step 3	Type TSRAutoStart.exe

If the process TSRAutoStart.exe is found, you are most likely affected by this background process wasting away your battery life.

How to kill the TSRAutostart?

Step 1	Follow the previous Step 1 – 3
Step 2	Select the process TSRAutoStart.exe
Step 3	Select Menu >> Terminate process

How to prevent TSRAutostart from auto loading upon boot up.

Step 1	Plug mobile phone to PC under Mass Storage mode (! important as directories used are otherwise hidden)
Step 2	Delete file CardRunner.RSC in directory under Mobile Phone\Resource\plugins\CardRunner.RSC
Step 3	Delete the file CardRunner.dll in directory under Mobile Phone\sys\bin\CardRunner.dll

Permanent Fix.

Well if you are seeking a permanent fix, you could always try downloading the latest version of Garmin Mobile XT (Link: http://www8.garmin.com/support/collection.jsp?product=010-11034-00).

As of version 5.0.0.40, this background process is now an option that can be switched off, saving you the trouble of killing the process each time you run Garmin.

Step 1	Start GMobileXT (Duh…)
Step 2	Goto Tools >> Settings >> System
Step 3	Scroll down all the way till you see the option “Launch background service”
Step 4	Select Disabled then Done to save

h**p://www.symbian-freak.com/forum/viewtopic.php?p=440972

After installing v5.0.0.x0:

Turn OFF your S60
Turn S60 back ON
Launch JBak Taskman to see if TSRAutoStart.exe is running in Memory in Menu -> Tools -> Processes even though it's set as DISABLED by default in Tools -> Settings -> System -> Launch Background Services.


If TSRAutoStart.exe is running after S60 is turned ON, do this:

START GarminMXT v5.0.0.x0, goto Tools -> Settings -> System -> Launch Background Services and change to ENABLED.
EXIT GarminMXT, re-start GarminMXT and goto Tools -> Settings -> System -> Launch Background Services and change to DISABLED
Turn OFF S60
Turn ON S60
Launch JBak TaskMan to check that TSRAutoStart.exe ISN'T in Menu -> Tools -> Processes

Now:

START GarminMXT v5.0.0.x0
EXIT GarminMXT
Launch JBak TaskMan to check that TSRAutoStart.exe ISN'T in Menu -> Tools -> Processes

Now, you should find:

TSRAutoStart.exe doesn't start when you first turn ON your S60
TSRAutoStart.exe now CLOSES automatically when you exit GarminMXT v5.0.0.x0
It appears that GarminMXT v5.0.0.x0 when being installed, doesn't create the DISABLED entry and has to be done manually by setting to ENABLE, then DISABLE.

[Nokia] E71 แสดง IMEI

พิมพ์ *#06#

[Nokia] E71 แสดง mac address ของ wireless

พิมพ์ *#62209526#

[Nokia] E71 Hard reset

พิมพ์ *#7370# แล้วป้อน unlock default code = 12345

[Linux] script สำหรับ check process แบบง่ายๆๆๆๆ

สืบเนื่องมาจากเปิด transmission-daemon ไว้แล้วมัน crash บ่อยเลยอยากให้มี script ไว้ตรวจสอบแล้ว restart อัติโนมัติ

$vi psmon.sh

#!/bin/sh

pid=`ps -ef|grep transmis|grep -v grep|awk '{print $2}'`

if [ -z "$pid" ]; then

echo "Process NOT running, Start process now!"

/etc/init.d/transmission-daemon restart

date >> /home/ubuntu/Ubuntu/psmon.log

else

echo "Process running"

fi

$chmod 755 psmon.sh

แล้วเรียก script ใน crontab ทุกๆ 5 นาที

$crontab -e

*/5 * * * * /home/ubuntu/Ubuntu/psmon.sh

[Linux] ใช้ wireshark บน text mode

ผมติดการใช้งาน wireshark แต่พอดีมาใช้บน linux แล้วเป็น text mode command line ใช้ tcpdump มันแสดงผลไม่สวยเห็น wireshark มีบน text เหมือนกันชื่อ tshark

install

$sudo apt-get install tshark

$sudo tshark -i eth0 -V -f "host 192.168.1.1"

ตัวอย่างมีการ capture interface eth0 โดยมี filter ที่มี src หรือ dst เป็น 192.168.1.1 แล้วแสดงผลเป็น tree คล้ายๆ GUI

[Cisco] QoS ทำการ marking ค่า DSCP แล้ว ไม่เห็นค่าที่ mark

Diagram

[SERVER]-----------[CAT1]---------------[CAT2]----------[CLIENT]

อุปกรณ์เป็น Cisco Catalyst6509 มีการ marking input packet จาก SERVER ที่ตัว CAT1 แล้วมาจับ packet ที่ client พบว่า packet ค่า dscp เป็น 0

เนื่องมาจากว่า catalyst6509 มีค่า default ในการ rewrite packet ToS->DSCP

โดยดูจาก command: show mls qos

QoS is enabled globally

QoS ip packet dscp rewrite enabled globally <---- by default

Input mode for GRE Tunnel is Pipe mode

Input mode for MPLS is Pipe mode

Vlan or Portchannel(Multi-Earl) policies supported: Yes

Egress policies supported: Yes

----- Module [5] -----

QoS global counters:

Total packets: 1795932

IP shortcut packets: 0

Packets dropped by policing: 0

IP packets with TOS changed by policing: 459413

IP packets with COS changed by policing: 57

Non-IP packets with COS changed by policing: 0

MPLS packets with EXP changed by policing: 0

จึงทำให้มีการ rewrite ค่าของ DSCP ที่เรา mark ไว้ตั้งแต่ CAT1 เป็นค่าที่ได้จากการ map ToS ค่าจึงเป็น 0 (พูดถึง default mapping จาก ToS->DSCP)

แต่ถ้าต้องการ disable ทำได้ 2 วิธีคือ

1. ตัว CAT2 ที่ global config mode

conf t

no mls qos rewrite ip dscp

!verify

sh mls qos

QoS is enabled globally

QoS ip packet dscp rewrite disabled globally <--- disable

Input mode for GRE Tunnel is Pipe mode

Input mode for MPLS is Pipe mode

Vlan or Portchannel(Multi-Earl) policies supported: Yes

Egress policies supported: Yes

----- Module [5] -----

QoS global counters:

Total packets: 3631461

IP shortcut packets: 0

Packets dropped by policing: 0

IP packets with TOS changed by policing: 550481

IP packets with COS changed by policing: 169

Non-IP packets with COS changed by policing: 0

MPLS packets with EXP changed by policing: 0

2. ตัว CAT2 ที่ interface ที่ต่อกับ CAT1

interface x/x

mls qos trust dscp

[Juniper] How to simulate JUNOS w/ FreeBSD & VirtualBox on MacBook or Linux

How to simulate JUNOS w/ FreeBSD & VirtualBox on MacBook or Linux

Requiements:

JUNOS: jinstall-8.5R1.4-domestic-signed.tgz

FreeBSD: 4.10-RELEASE-i386-miniinst.iso

VirtualBox

Socat (install via macports, apt-get) <-- By default olive disable standard output, only management with serial port console

Credit:

h**p://brokenpipes.blogspot.com

h**p://www.packetmischief.ca/juniper/olive/

h**p://spirit.sheridanc.on.ca/help/virtualbox/Network_Between_VirtualBox_Machines.html

1. VirtualBox

1.1 Create VM

Name JuniperOlive

Operating system: BSD

Version: FreeBSD

1.2 Memory size 256M

1.3 Create new harddisk

- Dynamic expanding storage

- Location

- Size 3G

1.4 Config detail

1.4.1 Audio disabled

1.4.2 Network

- Adapter 1

-Adapter type: Intel PRO/1000MT Desktop

-Attached to: NAT

- Adapter 2

-Adapter type: Intel PRO/1000MT Desktop

-Attached to: Internal Network

-Name: intf_R1_R2

- Adpater 3

-Adapter type: Intel PRO/1000MT Desktop

-Attached to: Internal Network

-Name: intf_R1_R3

1.5 Serial Ports

Enable ports 1

Port number: COM1

Port mode: Host Pipe

Check Create Pipe

Path: /tmp/olive1

2. Install FreeBSD

2.1 Boot freebsd cd

2.2 Skip kernel configuration

2.3 Choose standard install

2.4 Fdisk, Press A, then Q

2.5 select: install a standard MBR

2.6 Create partitions, Press C

/ FS 500M

SWAP 500M

/config FS 100M

/var FS

Finish press Q.

2.7 Choose Distributions = Exit

2.8 Install media CD/DVD

2.9 Config Ethernet: Yes

2.10 Network Interface

2.8.1 select em0 for DHCP, no ipv6

2.8.2 enter hostname: olive, then OK

2.8.3 select NO any requested

2.8.4 Set root password YES, Add user & group= Exit

2.11 Exit from install

2. Install JUNOS software

2.1 Boot freebsd and login with root

#cd /var/tmp

#ftp x.x.x.x <-- get junos software

get jinstall-8.5R1.4-domestic-signed.tgz

#mkdir jinst-signed

#cd jinst-signed

#tar xvfz ../jinstall-8.5R1.4-domestic-signed.tgz

#mkdir jinst

#cd jinst

#tar xvfz ../jinstall-8.3R1.4-domestic.tgz

#mkdir pkgtools

#cd pkgtools

#tar xvfz ../pkgtools.tgz

#cd bin

#cp /usr/bin/true checkpic

#cd ..

#tar zcvf ../pkgtools.tgz *

#cd ..

#rm -rf pkgtools

#tar zcvf /var/tmp/jinstall-8.3R1.4-domestic-signed-olive.tgz *

#rm /dev/wd0c && ln -s /dev/ad0c /dev/wd0c

#mkdir /var/etc

#touch /var/etc/master.passwd

#touch /var/etc/group

#touch /var/etc/inetd.conf

! install JUNOS

#pkg_add /var/tmp/jinstall-8.3R1.4-domestic-signed-olive.tgz

! reboot to continue

3. VirtualBox clone VDI for Backup & for R2 R3 ..

On MacBook

$ cd Library/VirtualBox/VDI/

$ VBoxManage clonehd JuniperOlive.vdi JuniperOlive_R1.vdi

VirtualBox Command Line Management Interface Version 2.2.2

(C) 2005-2009 Sun Microsystems, Inc.

All rights reserved.

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Clone hard disk created in format 'VDI'. UUID: 564eefe7-350f-42a3-bfd2-bb967d2f998e

3.1 New VM name JuniperOlive_R2, JuniperOlive_R3 and select harddisk from clone

3.2 Config VirtualBox JuniperOlive_R2, JuniperOlive_R3 details same JuniperOlive_R1

- Set Serial ports path different from R1, such as path: /tmp/olive2, /tmp/olive3

4. Start Olive

on macbook open new terminal

$socat -d -d /tmp/olive1 pty <-- Create new PTY. Example /dev/ttys001

$minicom -o -s <-- console and setup select port /dev/ttys001

5. Finish

[Cisco] QoS for GRE tunnel

เราต้องการ implement QOS บน tunnel interface เนื่องจาก traffic วิ่งอยู่บน tunnel

pre-config บน physical และ tunnel ปกติครับ

ip access-list extended data
permit ip any host 2.2.2.22
ip access-list extended voice
permit ip any host 2.2.2.2
!
ip route 0.0.0.0 0.0.0.0 Tunnel0


policy-map QOS
class voice
priority 128
class data
bandwidth 1024

int tu0
service-policy output QOS <== เมื่อเราป้อน service-policy บน interface tunnel จะเห็น warnning ว่าไม่สามารถ support
Class Based Weighted Fair Queueing not supported on interface Tunnel0



ปกติถ้ามีการ implement QOS บน physical interface เราจะไม่สามารถ classify packet ได้เพราะมันถูก encasulation ด้วย tunnel ไปแล้ว
แต่ถ้าไป implement บน tunnel ก็จะติดfeature บางอย่างบน tunnel interface


วิธีแก้ดังนี้


Solution:
Reference: h**p://www.cisco.com/en/US/tech/tk543/tk545/technologies_tech_note09186a008017405e.shtml



class-map match-all data
match access-group name data
class-map match-all map-voice
match ip precedence 2
class-map match-all map-data
match ip precedence 6
class-map match-all voice
match access-group name voice
!
!
policy-map QOS
class map-voice
priority 128
class map-data
bandwidth 1024
policy-map QOS-tunnel
class voice
set ip precedence 2
class data
set ip precedence 6

int tu0
qos pre-classify
service-policy output QOS-tunnel
int s1/0
service-policy output QOS



Verify:

AS1_PE1#sh int tu0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.0.0.1/24
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.12.1 (Serial1/0), destination 192.168.12.2, fastswitch TTL 255
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Tunnel TTL 255
Checksumming of packets disabled, fast tunneling enabled
Last input 00:05:26, output 00:05:26, output hang never
Last clearing of "show interface" counters 00:20:05
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo (QOS pre-classification) <=================== qos pre-classify
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
140 packets input, 24080 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
140 packets output, 17360 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out


! Before test send voice packet

AS1_PE1#sh policy-map int tu0
Tunnel0

Service-policy output: QOS-tunnel

Class-map: voice (match-all)
0 packets, 0 bytes <==== 0 packet
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name voice
QoS Set
ip precedence 2
Packets marked 0

Class-map: data (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name data
QoS Set
ip precedence 6
Packets marked 0

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
AS1_PE1#sh policy-map int s1/0
Serial1/0

Service-policy output: QOS

Class-map: map-voice (match-all)
10 packets, 1280 bytes <===== 10 packet
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 128 (kbps) Burst 3200 (Bytes)
(pkts matched/bytes matched) 10/1280
(total drops/bytes drops) 0/0

Class-map: map-data (match-all)
20 packets, 2560 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 6
Queueing
Output Queue: Conversation 265
Bandwidth 1024 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 20/2560
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
54 packets, 3736 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any


! After test send voice 100 packet
AS1_PE1#ping 2.2.2.2 so lo0 re 100

Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 4/16/44 ms
AS1_PE1#sh policy-map int tu0
Tunnel0

Service-policy output: QOS-tunnel

Class-map: voice (match-all)
100 packets, 10000 bytes <--- match voice 100 packet
5 minute offered rate 2000 bps, drop rate 0 bps
Match: access-group name voice
QoS Set
ip precedence 2
Packets marked 100

Class-map: data (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group name data
QoS Set
ip precedence 6
Packets marked 0

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
AS1_PE1#sh policy-map int s1/0
Serial1/0

Service-policy output: QOS

Class-map: map-voice (match-all)
110 packets, 14080 bytes <===== voice increase 100 packet
5 minute offered rate 2000 bps, drop rate 0 bps
Match: ip precedence 2
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 128 (kbps) Burst 3200 (Bytes)
(pkts matched/bytes matched) 110/14080
(total drops/bytes drops) 0/0

Class-map: map-data (match-all)
20 packets, 2560 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 6
Queueing
Output Queue: Conversation 265
Bandwidth 1024 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 20/2560
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
61 packets, 4209 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any

[Linux] ทำ FTP caching

ต้องการทำ ftp caching ให้ install package frox
vi /etc/frox.conf
Listen 0.0.0.0
Port 2121
ResolvLoadHack wontresolve.doesntexist.abc
TcpOutgoingAddr 192.168.1.100
#^-- ifconfig eth0:1 inet 192.168.1.100 netmask 255.255.255.255 up
User frox
Group frox
WorkingDir /var/spool/frox
LogLevel 20
LogFile /var/spool/frox/frox-log
PidFile /var/run/frox.pid
APConv yes
BounceDefend yes
CacheModule local
CacheSize 10240
CacheAll yes
CacheOnFQDN yes
MaxForks 10
MaxForksPerHost 10
ACL Allow * - *