Logging into a Linux shell from a Cisco ASR1000 Series Router

Cisco’s ASR1000 series of routers come in many form factors that all provide a number of different features, and options in terms of scalability. One thing common to all of the devices in this product line is that their IOS XE software that performs all of the standard routing operations for the platform is running on top of a Linux kernel. This post describes how to enter a linux shell on your router and run some basic linux commands to really get an idea of what your router has going on under the hood so to speak.

Do so at your own risk, as Cisco’s advises to only use this under their supervision of Cisco Support. This post is limited to viewing different things to get an idea of what is underlying on the system. It’s best to err on the side of caution and NOT do this on a production router, and be expecially careful to not edit/delete anything that’s vital as a mistake at this level of the router can cause major issues with any or all functions of the device.

With that being said, let’s dig in. For this demonstration I opened a shell into the RP, or the route processor of the router. The ASR1000 series routers consists of a chassis/slots/cards, which make up the physical Continue reading

CFEngine Part 1

What is CFEngine

CFEngine is an open source tool for system configuration management and is used in large scale environments with hundreds of servers. This has continued to be an important part of system administration. With the advent of virtualization, the number of servers now have the ability to scale well beyond the physical limitations of the data center and the concept of manually administering more than 100+ servers quickly becomes unfeasible for a single admin. The list of capabilities for CFEngine is nearly limitless but some of the main tasks include basic operating system configuration and maintenance, management of system users, customizable control of security and software/patching installation.

Due to the complexity of CFEngine, this will be a multi-posting topic. I have decided to go with CFEngine as opposed to Chef or Puppet due to its maturity and scalability. It was first written in 1993 and is very fast since it is written in C and does not rely on Ruby like the other two configuration management programs. There is also a large community user base from which to draw upon since the automation of tasks in the sysadmin work is generally not unique. Continue reading

Setting up a Site-to-Site VPN between Cisco ASA’s Using the CLI

What is a site to site VPN used for?

Site to site VPN tunnels are static tunnels setup between two network devices over the internet to allow multiple locations behind different firewalls access the same internal resources over a secure tunnel across the internet.

How is it different from Remote Access VPN?

Remote access VPN is primarly used for remote workers to access internal resources from outside the network. This type of VPN involves a software client configured on a user’s PC to contact the security gateway (ASA) or other device and establish a secure tunnel dynamically between the security gateway and the user’s software client so that the user’s traffic exiting their PC is tunneled through the VPN setup by the software client on the PC.

Network setup:

In our example we have two Cisco ASA firewalls running 8.3(x) code or below. There are slight command differences in newer code versions so for the Continue reading

A Brief Overview of NAT – Network Address Translation

What is NAT and how does it ‘translate’ an address?

NAT stands for network address translation; this is a process of modifying an IP packet as it transits a network.  This involves a router or firewall modifying the IP information in packets that are passed through the network boundary that is performing the address translation. The most common use of NAT is to translate a private address to a public addresses at a firewall/router, which separates an intranet network from the internet. As traffic originates from the internal side of the network boundary, the IP information in the packet is changed to a public IP address that is routable on the internet. Once traffic returns to the firewall, the NAT translations table that is stored on the device maps the public IP back to the private IP address, and forwards the information to the correct internal IP address that requested it.

While you can do different types of NATing, the most widely used configurations are dynamic NAT and static NAT. The most Continue reading

How to Mount and ISO Image in Solaris and Linux

Why Bother Mounting an ISO Image?

Sometimes you find yourself in a situation where you need to take an ISO image and utilize it like a CD or DVD. The popularity of virtual machines and the ability to manipulate larger files over high speed Internet increase the chances that you’ll have to work with an ISO image from time to time. Being able to mount an ISO image as though it were an inserted CD/DVD can make manipulating these kinds of files a bit easier– especially if your computer doesn’t have a CD/DVD ROM drive installed.

In Solaris

Let’s say you have a third party program you need to install, but the vendor only gives you an ISO file. Let’s say the name of the file is thirdparty.iso and you have downloaded that file to /export/home/myhome. Here’s an easy way to utilize this file under Solaris: Continue reading

Amazon Web Services : RHEL 6.4 Setup

Although most of my test servers are registered with RackSpace, I thought that it would be a good idea to review AWS for some of my less technical colleagues that are interested in gently stepping into the Cloud Server arena. AWS offers a free tier service for 12 months using the t1.micro instance for 750 hours. However, a credit card will be required to setup an account so they may easily charge you if you decide to upgrade to another service level. Although this straightforward 25 step process will help you get up running with a RHEL 6.4 server, you should read the AWS documentation and FAQs to understand how the system works and pricing levels.

1. Go to the Amazon website and click “Get Started for Free“,

  http://aws.amazon.com/free/

aws1 Continue reading

How to Sub-Delegate Reverse DNS Records Part 2

From the Service Provider’s Perspective

In part one of this topic, we discussed how to manage a sub-delegation for reverse DNS records once your ISP provides this service for you. Here in part two, we’ll discuss how to provide the sub-delegation of a reverse DNS range to another user. So in this situation, think of yourself as the provider offering the service for a customer or end user.

What You’ll Need

After you have received the request from the customer, you will need to confirm that they have created the proper zone for the Continue reading

A Brief Introduction to SQL using MySQL

I. Lab Setup

In order to setup this lab for your local users, you will need to install and configure mysql with the appropriate accounts and access. We are going to use the sample database file provided by the O’Reilly book, Learning SQL by Alan Beaulieu. Now, let’s install the mysql utilities and server,

[root@localhost]# yum install mysql
[root@localhost]# yum install mysql-server

Start the daemon and verify the process is running,

[root@localhost]# service mysqld start
[root@localhost]# pgrep -l mysql

Connect to the mysql database, set the root password and verify it is working correctly,

[root@localhost]# mysql -u root
mysql> set password for root@localhost=password('mysecret');
mysql> select user,host,password from mysql.user;
mysql> exit
[root@localhost]# mysql -u root -p
Enter password: Continue reading 

An Introduction to BGP – Border Gateway Protocol

Border Gateway Protocol-

BGP is the routing protocol of the internet. It is non-proprietary and has the ability to run on many different networking devices. This is typically ran on higher end routers, or even layer 3 switches. This is what the internet backbone routers use to make routing decisions for traffic traversing the internet.

BGP specifies how routers communicate with each other and share information which dictates the possible paths for traffic to take going in or out of a network.BGP is a path vector protocol, which means that its routing decisions are based on path, policies, and/or rule sets. Continue reading

How to Sub-Delegate Reverse DNS Records Part 1

The Purpose of DNS Sub-Delegation

Let’s say you have acquired a static IP range from your ISP. Now that you have that range, you decide you also want to control the PTR records for these addresses as well. But, PTR records typically belong to the ISP. However, you do not want to depend on the ISP for each change you’d like to make; you want more control. How can your gain more control over those PTR records?

The way to gain this control is through DNS Sub-Delegation. DNS Sub-Delegation is when your ISP forwards PTR requests to your name server so that you can have control over your record updates. In other words, the ISP delegates their authority over their PTR records to your DNS server.

Prerequisites

If you understood the implications of that last sentence, you’ll realize that you will need your own local DNS service that controls your domain. After all, if you don’t control your own domain, how are you going to control the PTR records once they are delegated to you? In this post, we’ll assume that you will manage your PTR records with your own DNS server. Continue reading