BFD between IOSXE and IOS XR

I don’t really easily documentary to configure BFD (RFC5880 and you could read precedent blog-post : BFD : Bidirectional Forwarding Detection (RFC5880)) between IOSXE and IOSXR boxes.

Here it comes 🙂

 

IOSXE : 

R0# show run | sec bfd 
bfd fast-timers-on-slow-interface
bfd-template single-hop BFD
   interval min-tx 200 min-rx 200 multiplier 3
[...]
R0#show run int port-ch 14
Building configuration...

Current configuration : 373 bytes
!
interface Port-channel14
description *** Vers R1_Be10000 ***
mtu 9202
ip address 172.18.255.29 255.255.255.252
ip ospf authentication message-digest
ip ospf message-digest-key 10 md5 7 XXXXXXXXXXXXXXXXXX
ip ospf network point-to-point
ip ospf bfd
ip ospf cost 20000
no negotiation auto
mpls ip
port-channel bfd destination ipv4 172.18.255.30 BFD
end

R0#

IOS XR : 

RP/0/RSP0/CPU0:R1#show conf run int be10000
Tue Feb 14 14:49:35.026 CET
interface Bundle-Ether10000
description *** Vers R0_Po14 *** 
bfd mode ietf
bfd address-family ipv4 multiplier 3
bfd address-family ipv4 destination 172.18.255.29
bfd address-family ipv4 fast-detect
bfd address-family ipv4 minimum-interval 200
mtu 9216
ipv4 address 172.18.255.30 255.255.255.252
!

RP/0/RSP0/CPU0:R1#

Python3 and plotly.express : if it fails to import…

AS me if you want to use plotly.express module and you fail with somethink like :

ImportError: Plotly express requires pandas to be installed.

It seems obvious : “pip3 install pandas”. But it can fail with :

>> import pandas
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/__init__.py", line 48, in <module>
from pandas.core.api import (
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/api.py", line 47, in <module>
from pandas.core.groupby import (
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/groupby/__init__.py", line 1, in <module>
from pandas.core.groupby.generic import (
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/groupby/generic.py", line 77, in <module>
from pandas.core.frame import DataFrame
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/frame.py", line 171, in <module>
from pandas.core.generic import NDFrame
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/generic.py", line 148, in <module>
from pandas.core.describe import describe_ndframe
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/core/describe.py", line 43, in <module>
from pandas.io.formats.format import format_percentiles
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/io/formats/format.py", line 105, in <module>
from pandas.io.common import (
File "/root/src/tango-batch/venv/lib/python3.9/site-packages/pandas/io/common.py", line 8, in <module>
import bz2
File "/usr/local/lib/python3.9/bz2.py", line 18, in <module>
from _bz2 import BZ2Compressor, BZ2Decompressor
ModuleNotFoundError: No module named '_bz2'

the way to correct it (if as me you have compiled your version of Python) :

apt-get install libbz2-dev

And go to :

./configure --prefix=/usr/local && make && make install

You could normally do some :

(venv) root@SERVER:~/src/project# python3 
Python 3.9.14 (main, Sep 20 2022, 17:54:59) 
[GCC 5.4.0 20160609] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pandas
>>> import plotly.express as px

Have fun !

[FR] — Parce qu’on a tjs des bonnes intentions en dĂ©but d’annĂ©e…

J’ai eu de bonnes intentions en dĂ©but d’annĂ©es de produire du contenu en Français sur diffĂ©rents sujets rĂ©seaux et tĂ©lĂ©coms de niveau basiques, mais j’avoue que cela s’est vite arrĂŞtĂ©.

Le but Ă©tait de fournir tout en un :

  • Video explicative ;
  • Une fiche d’Ă©tude rapide au format cheatsheet ;
  • Un guide de travail ;
  • Un accès Ă  un lab guidĂ©

Bon j’avoue cela prend Ă©normĂ©ment de temps et d’autres projets personnels sont venus s’intercalĂ©s.

Bref autant partagĂ© ce qu’il en reste et amusez-vous bien :

Soyez pas trop durs …

L’accès Ă  la partie Lab est bien Ă©videmment depuis pĂ©rimĂ© (on peut donner des durĂ©es d’utilisation avec pnetlab :)).

A plus,

Christophe

xrv9k-full, qemu, AMD Ryzen

If as me you have EVE-NG (2.0.3) and lab some Cisco XRV9K-Full on a virtualized box running AMD Ryzen processor, you have probably encountered problem to start the image. After reading lot of website, it seems the answer is change the command line.

My original command line is :

-enable-kvm -smbios type=1,manufacturer="cisco",product=\"Cisco IOS XRv 9000\",uuid=[...] -cpu host

I correct to :

-enable-kvm -smbios type=1,manufacturer="cisco",product="Cisco IOS XRv 9000",uuid=[...] -cpu qemu64,+ssse3,+sse4.1,+sse4.2

Proxmox and replacing disk in ZFS pool

For one time this blog post will not be around Telecom and Cisco/Juniper/Nokia or something like this.

Just to keep in mind how to replace a faulty device in a ZFS pool.

I have :

root@pve:~# zpool status -x
root@pve:~#  zpool status
  pool: pve-zfs
 state: DEGRADED
status: One or more devices could not be used because the label is missing or
        invalid.  Sufficient replicas exist for the pool to continue
        functioning in a degraded state.
action: Replace the device using 'zpool replace'.
   see: http://zfsonlinux.org/msg/ZFS-8000-4J
  scan: resilvered 41.9M in 0 days 00:00:11 with 0 errors on Sun Jul 24 13:38:51 2022
config:

        NAME                        STATE     READ WRITE CKSUM
        pve-zfs                     DEGRADED     0     0     0
          mirror-0                  DEGRADED     0     0     0
            wwn-0x50014ee267b78b52  ONLINE       0     0     0
            2534239155907356895     FAULTED      0     0     0  was /dev/sdb1
          mirror-1                  ONLINE       0     0     0
            wwn-0x50014ee267b63342  ONLINE       0     0     0
            wwn-0x50014ee2bd0cf6b4  ONLINE       0     0     0

errors: No known data errors

But how to replace this faulty device when all the howto on the net talk about replace/make offline the old disk… But in my situation I have made an RMA on the disk and don’t have mind to make the faulty device offline.

Nevertheless, I have replaced my 2TB disk with a new one, such as :
But If I made :

root@pve:~# zpool replace pve-zfs   2534239155907356895  ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN
invalid vdev specification
use '-f' to override the following errors:
/dev/disk/by-id/ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN-part1 contains a filesystem of type 'ntfs'

After make a little apt-get install parted :

root@pve:~# parted /dev/sda
GNU Parted 3.2
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print                                                            
Model: ATA WDC WD20EFRX-68E (scsi)
Disk /dev/sda: 2000GB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags: 

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  2000GB  2000GB  primary  ntfs

(parted) rm 1                                                             
(parted) print                                                            
Model: ATA WDC WD20EFRX-68E (scsi)
Disk /dev/sda: 2000GB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos
Disk Flags: 

Number  Start  End  Size  Type  File system  Flags

(parted) mklabel GPT                                                      
Warning: The existing disk label on /dev/sda will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? Yes                                                               
(parted) q                                                                
Information: You may need to update /etc/fstab.

root@pve:~#

So :

root@pve:~# zpool replace pve-zfs   2534239155907356895  ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN
root@pve:~# zpool status -x
  pool: pve-zfs
 state: DEGRADED
status: One or more devices is currently being resilvered.  The pool will
        continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
  scan: resilver in progress since Sun Jul 24 14:23:11 2022
        10.5G scanned at 716M/s, 4.04G issued at 276M/s, 450G total
        0B resilvered, 0.90% done, 0 days 00:27:37 to go
config:

        NAME                                            STATE     READ WRITE CKSUM
        pve-zfs                                         DEGRADED     0     0     0
          mirror-0                                      DEGRADED     0     0     0
            wwn-0x50014ee267b78b52                      ONLINE       0     0     0
            replacing-1                                 DEGRADED     0     0     0
              2534239155907356895                       FAULTED      0     0     0  was /dev/sdb1
              ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN  ONLINE       0     0     0
          mirror-1                                      ONLINE       0     0     0
            wwn-0x50014ee267b63342                      ONLINE       0     0     0
            wwn-0x50014ee2bd0cf6b4                      ONLINE       0     0     0

errors: No known data errors
root@pve:~#

How I get the new device name :

root@pve:~# ls -l /dev/disk/by-id | grep J8KN
lrwxrwxrwx 1 root root  9 Jul 24 14:23 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN -> ../../sda
lrwxrwxrwx 1 root root 10 Jul 24 14:23 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Jul 24 14:23 ata-WDC_WD20EFRX-68EUZN0_WD-WCC4M1EUJ8KN-part9 -> ../../sda9
root@pve:~# 

Where “J8KN” is a pattern of the Serial Number you can pick on the new disk.

Musical Annual French cities festival and ridiculous thoughts

For the annuary musical amateur festival in all roads and cities of France, my prefered song :

Sorry for me music stops in April 5, 1994. Perhaps I have not enough searched on jamendo or independant scene. I don’t have ever found a music with all this primitive energy I can feel with Nirvana music. Maybe life should have stopped in the 90s, it would have been better considering all the shit that we can see, live, with all these media, this escalation in the presence on social networks. What would Kurt think living in 2022? I know this post is in that movement. I only ever wrote on this rag to share my bullshit, my feelings and hacks on free systems (BSD my love come here :-)) that I have been around since 1997.

Bind9 as master DNS server, NSD as backup with TSIG.

Perhaps it seems easy for you, but it was not for me at begining even if I am running bind9 master/bind9 slave already.

We will begin with TSIG key, on your master DNS server :

root@Sagitarius:~# tsig-keygen mykey > /etc/bind/keys/mykey.key
root@Sagitarius:~# cat /etc/bind/keys/mykey.key
key "mykey" {
        algorithm hmac-sha256;
        secret "+OyXk+FYgsnE6Lei59Qi2LPsctRHPaqcYRpftG4YXKk=";
};
root@Sagitarius:~# 

Now we will configure this on my “named.conf.local” file as :

root@Sagitarius:/etc/bind# cat named.conf.local 
[...]
//On indique la clé à utiliser et son algorithme de chiffrement
include "/etc/bind/keys/mykey.key";

//On indique l'adresse IP du serveur "Esclave"
server 192.168.1.81
{
        keys { mykey; };
};
[...]
zone "my-blah-zone.fr" {
       type master;
       file "/etc/bind/my-blah-zone.fr.zone";
       allow-transfer { 192.168.1.81; key mykey; };
       notify yes;
};
[...]

Ok. last command :

root@Sagitarius:~# rndc reload
root@Sagitarius:~#

Ok good, now let’s see how it is configured on NSD host.
It’s really easy :

clucas@slave:/etc/nsd$ cat /etc/nsd/nsd.conf.d/secondaries/my-blah-zone.fr.conf 
key:
  name: "mykey"
  algorithm: hmac-sha256
  secret: "+OyXk+FYgsnE6Lei59Qi2LPsctRHPaqcYRpftG4YXKk="


zone:
        # this server is secondary,  is master.
        name: my-blah-zone.fr
        allow-notify: 192.168.1.43 mykey
        request-xfr:  192.168.1.43 mykey

Now :

nsd-checkconf /etc/nsd/nsd.conf
nsd-control reload
nsd-control status

It seems easy, but I have take long time to see that all these items bellow must be identical :

  • name of the key
  • algorithm
  • secret

Easy as hell !

PS : All this can be controlled by Ansible, but it is another story.

IOS, IOS XE and configure … revert timer X

If you are familiar with IOS XR and JunOS, it lacks a rollback to IOS and IOS XE. You can do it with “archive” such as :

  1. Configure where your archive will be stored.
  2. Say to your OS to “archive” at a point
  3. Configure your router with a “revert timer”
  4. Confirm if it is ok for you

Here we go in details now :

  1. Configure where your archive will be stored.
Router# conf t
Router(conf)# archive
Router(conf-archive)# path bootflash:myconfig
Router(conf-archive)# maximum 10
Router(conf-archive)# end
Router# wr

2. Say to your OS to “archive” at a point

Router# archive config 
Router# 
Router# show archive
The maximum archive configurations allowed is 10.
There are currently 1 archive configurations saved.
The next archive file will be named bootflash:myconfig-<timestamp>-1
 Archive #  Name
   1        bootflash:myconfig-Jan--3-2022-08-34-34.348-CET-0 <- Most Recent
   2         
   3         
   4         
   5         
   6         
   7         
   8         
   9         
   10   
Router#     

3. Configure your router with a “revert timer”

Router# configure terminal revert timer 1
Router(conf)# Rollback Confirmed Change: Backing up current running config to bootflash:myconfig-Jan--3-2022-08-35-01.511-CET-1

Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#Rollback Confirmed Change: Rollback will begin in one minute.
Enter "configure confirm" if you wish to keep what you've configured

*Jan  3 2022 08:35:01.670 CET: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_BACKUP: Backing up current running config to bootflash:myconfig-Jan--3-2022-08-35-01.511-CET-1
*Jan  3 2022 08:35:01.670 CET: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_START_ABSTIMER: User: console(Priv: 15, View: 0): Scheduled to rollback to config bootflash:myconfig-Jan--3-2022-08-35-01.511-CET-1 in 1 minutes
*Jan  3 2022 08:35:01.670 CET: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_WARNING_ABSTIMER: System will rollback to config bootflash:myconfig-Jan--3-2022-08-35-01.511-CET-1 in one minute. Enter "configure confirm" if you wish to keep what you've configured
Router(conf)# hostname BLAH
BLAH(conf)#
[................... WAITING FOR A MINUTE ........................]
Rollback Confirmed Change: rolling to:bootflash:myconfig-Jan--3-2022-08-35-01.511-CET-1

!Pass 1
!List of Rollback Commands:
no hostname BLAH
hostname Router
end


Total number of passes: 1
Rollback Done

*Jan  3 2022 08:36:01.669 CET: %ARCHIVE_DIFF-5-ROLLBK_CNFMD_CHG_ROLLBACK_START: Start rolling to: bootflash:myconfig-Jan--3-2022-08-35-01.511-CET-1
*Jan  3 07:36:01.722: Rollback:Acquired Configuration lock.


Router(conf) # end

4. Confirm if it is ok for you

If between your “conf t revert time X” and t0+X, you are ok with the configuration you have made, so you can confirm your changes.

Router# configure confirm

That’s it ! Have fun.