Using iPerf to test bandwidth

We can measure link bandwidth between two hosts by using iPerf.

Configure the server:

iperf -s -u

Configure the client:

iperf -c 172.20.255.254 -u -b 100m  -d -i 1

  1. -c Connect client to server at IP 172.20.255.254
  2. -u Use layer 4 transport protocol UDP instead of the default, TCP
  3. -b Send traffic over UDP and a bandwidth of 100 Mbit/s
  4. -d Make test in both directions
  5. -i Provide updates at 1 second intervals until test completes

 

 

References:

  1. https://www.sd-wan-experts.com/iperf-bandwidth-testing/
  2. https://fasterdata.es.net/performance-testing/network-troubleshooting-tools/iperf-and-iperf3/
  3. https://iperf.fr/

Send SYSLOG from Palo Alto to LibreNMS

Step 1 – Configure Server Profile used to send SYSLOG messages to a destination
Note: The Palo Alto Administrators guide states that by default all log data is forwarded over the MGT interface. In addition, we will have to create a Server Profile for external services the firewall will interact with.

From your web based management console navigate to Device -> Server Profiles -> Syslog. You’ll configure the name, ip address or fqdn of the syslog server, port, and format. Typically syslog messages are sent over UDP to port 514 in a BSD format. IETF format is normally used over TCP/SSL.

paloalto-syslog-server-profile

Step 2 – Enable Log Forwarding
Navigate to Objects -> Log Forwarding.
We create a Log Forwarding Profile that specify ServerProfiles that we will be sending event logs to in the form of SYSLOG and SNMP messages. You can control a severity threshold to define when messages are forwarded out of the palo alto to your log collector.

paloalto-logforwarding

 

Step 3 – Add Log Forwarding Profile to a Security Rule
In this example I have created a security rule that governs DNS traffic that is generated in our LAN and is destined for the Internet. My thought is I would like to receive notice when any user on my network tries to resolve a URL while avoiding our internal DNS servers. I edit this “Deny DNS Out” rule, navigating to the Actions Tab where we specify a Log Forwarding Profile created in step 2.

paloalto-connect-logforwarding-to-securitypolicy

tshark – list udp traffic from a specific host

We can use tshark to view traffic that reaches an interface. In my example I am looking for SYSLOG messages from a firewall destined to my instance of LibreNMS. LibreNMS listens for UDP traffic on port 514 of the eth0 interface from a specific IP address.

We’d like to filter traffic based on source ip address and protocol type.

Specify the interface
-i eth0

Specify the protocol
-O UDP

Specify packet capture count
-c

Write to a file for review
-w

#Use a display filter to limit view to a specific source IP
-R “ip.src==172.16.0.1”

Here’s the final product
tshark -i eth0 -O UDP -c 100 -w capture.pcap host a.b.c.d

Cisco Configure DHCP Server

At your central router, Corp, create a pool, specify a DNS server and default gateway that will be provided to clients that are configured using DHCP.

Exclude addresses from the pool before you enable the dhcp pool.

Corp(config)#ip dhcp excluded-address 192.168.10.1
Corp(config)#ip dhcp pool SF_LAN
Corp(dhcp-config)#network 192.168.10.0 255.255.255.0
Corp(dhcp-config)#default-router 192.168.10.1
Corp(dhcp-config)#dns-server 8.8.8.8

Configure the remote router to forward DHCP client requests received on the Fast Ethernet 0/0 interface to an IP address, in our case the Corp router that was just configured above.

LA(config)#int fa0/0
LA(config)#ip helper-address 172.16.10.5

Serial Connections: DCE & DTE

In a lab environment when you create a serial connection between two routers, keep the following in mind.  Modern Cisco ISR routers can autodetect this and set the clock rate to 2000000.

Determine what connection a router has by issuing sh controllers s0/0/0

You may see a DCE cable connection:

Router#sh controllers s0/0/1
Interface Serial0/0/1
Hardware is PowerQUICC MPC860
DCE V.35, clock rate 1000000

Of you may see a DTE cable connection:

Corp#show controllers s0/0/1
Interface Serial0/0/1
Hardware is PowerQUICC MPC860
DTE V.35 TX and RX clocks detected

Remember, a serial connection with a DCE interface requires that a clock rate be set as the other interface will have a DTE connection that receives the clock rate you set.

You can set the clock rate like so:

Router#conf t

Router(config)#int serial s0/0/0

Router(config-if)#clock rate 1000000

 

 

Display Names and Account Names

C:\>dsquery user “OU=FRESHMEN,OU=STUDENTS,DC=GREATSCHOOL,DC=US” -limit 0 | dsget user -samid -display > freshmen.txt

Use this command to list the name and login for all users that belong to a specific OU in a Microsoft Active Directory environment.

MDT 2013: Bootstrap.ini

Suppose your BootSettings.ini file has been modified. Remember that when you update your deployment share, ensure you select the option labeled “Completely regenerate the boot images.” Otherwise the .wim file will retain the old BootSettings.ini and your changes will not be read upon boot.

AWS VPC BGP Configuration Note

So you’ve configured your customer gateway to advertise your internal networks to your AWS virtual gateway, and can confirm that internal traffic is being forwarded through the tunnels torwards Amazon, yet none of this traffic reaches your instances within VPC.

This is because the virtual gateway will not automatically install any routes being advertised by your on-premises customer gateway! You must define these networks by hand in the Routes section of your VPC.

To confirm this you can use CloudWatch to monitor the network interfaces of you instances and gateways.

Get WAN IP Address on Edgerouter

WAN interface configured with DHCP so address is changing constantly. Wanted to build a script that would determine IP address and upload to remote server using sftp or scp.

This is incomplete right now, it lacks the upload ability.

Schedule script to run every every 15 minutes using cron.

#!/bin/bash

# Print layer 2 and 3 interface statistics to file
 ifconfig pppoe0 > pppoe.txt

#Find line that includes IP addresses, remove pppoe.txt
 awk '/inet/' pppoe.txt > addresses.txt
 rm pppoe.txt

# Print 2nd field
 awk -F: '{print $2}' addresses.txt > address.txt
 # Remove addresses.txt, no longer needed
 rm addresses.txt

# Extract IP address from string
 temp=$(<address.txt)
 echo "$temp" | grep -o '[0-9]*.[0-9]*.[0-9]*.[0-9]* '
 # Remove address.txt, no longer needed
 rm address.txt