×

Public BGP Peering using GRE/IPSEC by studiox_swe in networking

[–]packetsar 3 points4 points  (0 children)

If you are just looking for a small amount of bandwidth, then DM me. We have a Datacenter at One Wilshire in LA you can peer with for cheap and a new DC coming online in Denver if you want to multihome.

Do routers use ARP to find next hop mac? by mitchiswhoiam in networking

[–]packetsar -1 points0 points  (0 children)

Adding to the route lookup question:

Routers will recurse their routing table until a directly connected next hop IP is found. For example:

Router receives a packet destined for 10.0.0.1. It looks up the route for 10.0.0.0/8. The next hop is 192.168.1.1.

It then does a route table lookup for 192.168.1.1. 192.168.1.0/24 is directly connected on eth0. Then it will ARP for 192.168.1.1 on eth0.

If the original 192.168.1.1 is not directly connected, then it will continue to recurse until it finds a directly connected next hop IP for the route of the last next hop IP.

Sorry is I made that confusing to read.

Public BGP Peering using GRE/IPSEC by studiox_swe in networking

[–]packetsar 0 points1 point  (0 children)

How much data do you plan to push through the tunnel?

Get Public IP with CLI (TelnetMyIP.com) by packetsar in networking

[–]packetsar[S] 0 points1 point  (0 children)

I haven’t heard of STUN. What is it?

Disagree on internet access for internal routers. Blocking outbound ports and access is an old security model that no longer has relevance. Almost all machines need internet access in the future for updates, call home, etc

Get Public IP with CLI (TelnetMyIP.com) by packetsar in networking

[–]packetsar[S] -13 points-12 points  (0 children)

GET /index.html

Yes that's a bit better

Get Public IP with CLI (TelnetMyIP.com) by packetsar in networking

[–]packetsar[S] -39 points-38 points  (0 children)

telnet icanhazip.com 80

Yea that works. Dirty though.

Get Public IP with CLI (TelnetMyIP.com) by packetsar in networking

[–]packetsar[S] 16 points17 points  (0 children)

and if you are on a router or switch with no curl?

Get Public IP with CLI (TelnetMyIP.com) by packetsar in networking

[–]packetsar[S] -9 points-8 points  (0 children)

Nice if you have a curl or wget agent. Try using it on a router with no HTTP agent

Cisco ASA Config Cleanup Tool by packetsar in networking

[–]packetsar[S] 1 point2 points  (0 children)

Keep in mind it makes no changes. It will generate commands to help you do the cleanup, but cannot make changes itself.

Cisco ASA Config Cleanup Tool by packetsar in networking

[–]packetsar[S] 0 points1 point  (0 children)

Yea I don’t know of it. The new Palo Alto software has something for ACLs, but that’s it.

FreeZTP: Zero-Touch Provisioning for Cisco IOS by packetsar in networking

[–]packetsar[S] 0 points1 point  (0 children)

I'd heartily recommend re-evaluating how you interact with your DHCP server

  • I'll check out Kea. I looked a bit for a DHCP server when I decided to build that functionality into FreeZTP, but couldn't find a library that did what I need. It seems like they all require to be run as root since it needs raw sockets. Thanks for the suggestion. I will check it out

Python 2 isn't going to be supported in major new operating systems

  • The TFTP library I am using had some issues with Py3. I believe everything else is (or is very close to) Py3 compatible. It is definately on the road map.

You should also consider using pylint/autopep8

  • Yes the style and size is something worth mentioning. Style is no biggie. I can work on getting that pep8 standard pretty quick. Splitting to multiple files is going to suck. I get the purpose but I just hate having a bunch of files to manage. I mull that one over a bit

listening globally for commands on port 10000

  • Good catch here. I meant to bind that socket to localhost so it is only accessible from the OS. I will fix that immediately. The IPC functionality here is so simple that IDK if it is worth trying to use a formal RPC lib. I'll have to look into that.

new database from scratch in here

  • The database here is stupid simple. I will look at SQLite but I'd really rather not have a database service running in the background. Do you have a suggestion for anything that can run purely in the main Python process?

standard module library for logging

  • I played with that logging module a bit and hated it. I may revisit eventually, but not a high priority.

Either package this as a native Python library

  • I really like the idea of making a RPM instead of the current install process. I am going to see if I can move it over to that model for v2.0

I really appreciate all of the feedback. I can tell you actually took the time to look at the code and evaluate it. I'm relatively new to Python and programming in general and don't have an environment where I can easily get any kind of code review, so again, I really appreciate your suggestions here.

FreeZTP: Zero-Touch Provisioning for Cisco IOS by packetsar in networking

[–]packetsar[S] 0 points1 point  (0 children)

It isn't really possible to do this with AutoInstall (as far as I know). AutoInstall downloads the config from the TFTP server and I don't believe you can manipulate the switch number from there.

network design help 1 by popotatoe in networking

[–]packetsar 0 points1 point  (0 children)

Port-Security protects you against MAC flooding. I don't believe I have ever seen a MAC flooding attack happen in real life.

FreeZTP: Zero-Touch Provisioning for Cisco IOS by packetsar in networking

[–]packetsar[S] 1 point2 points  (0 children)

I believe so. I have not done extensive testing on routers, but did have it work on a router (albeit by accident).

FreeZTP: Zero-Touch Provisioning for Cisco IOS by packetsar in networking

[–]packetsar[S] 1 point2 points  (0 children)

I looked for a Python based DHCP server but wasn’t able to find anything that looked good or as capable.

FreeZTP: Zero-Touch Provisioning for Cisco IOS by packetsar in networking

[–]packetsar[S] 1 point2 points  (0 children)

Thanks. Also check out Apstra's AEON. I believe it already supports Arista for zero-touch functionality

FreeZTP: Zero-Touch Provisioning for Cisco IOS by packetsar in networking

[–]packetsar[S] 4 points5 points  (0 children)

I suppose it is possible, but you will often get a lot of extra config on the switch (its default config it comes with). You will also have problems auto logging into the switch if the IP changes due to your final config template.

I'll mull this over to see if there is a way to do this.

I will likely be adding functionality to FreeZTP to support Cisco's newer Plug-and-Play protocol which uses HTTPS instead of TFTP. This will likely solve your concern about somebody in the middle changing the config.

FreeZTP: Zero-Touch Provisioning for Cisco IOS by packetsar in networking

[–]packetsar[S] 2 points3 points  (0 children)

you mean like log into the switch, pull the running config, and do a diff with the config that ZTP generated?