House Keeping

I have been working on articles in the backend as of lately but a few upcoming changes…


  1. I have updated the blog theme to a newer design. This design will allow for me to have a better page tree breakdown between the Linux and Network Articles.
  2. I am deleting all of the blog entries as I convert them to pages. Blog entries will mostly be linked to the newest pages created.
  3. Better breakdown of Linux/Network articles (based on OS Type/Vendor Type).

Stay Tuned…

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Further Learning


  • IOS – GNS3 – (free). Works best on MAC (windows/Linux supported)
    • Good for doing routing testing (we built an entire global ospf/bgp lab at IMC and tested changes there before deploying)
  • vEOS (free) Using Virtualbox you can build your own Arista mini lab to test functionality.
  • JunOS – GNS3/Virtualbox (free). Works best on MAC (windows/Linux supported)
  • NX-OS – Cisco VIRL ($150/yr). Works best on MAC (windows/Linux supported)
  • F5 Virtual Lab








rsyslog Configuration with multiple hosts on CentOS 7.x

yum install rsyslog

yum install postfix

chkconfig rsyslog on

sudo mkdir /var/log/syslog

vim /etc/rsyslog.conf


Uncomment the UDP and TCP syslog reception items to match below:

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Add Template before GLOBAL DIRECTIVES

$template RemoteLogs,”/var/log/syslog/%HOSTNAME%/%$now%.log” *
*.* ?RemoteLogs
& ~

Make sure rsyslog is on on boot and restart it

systemctl enable rsyslog.service

systemctl restart rsyslog.service


Setup Email Alerting

$ModLoad ommail
$ActionMailSMTPServer localhost
$template mailSubject,”Network Issue on %hostname%”
$template mailBody,”RSYSLOG Alert\nmsg=’%msg%'”
$ActionMailSubject mailSubject
# make sure we receive a mail only once in an
# hours (3600 seconds)
$ActionExecOnlyOnceEveryInterval 3600
# the if … then … mailBody must be on one line!
if ($msg contains ‘BGP’ or $msg contains ‘bgp’ or $msg contains ‘OSPF’ or $msg contains ‘ospf’ or $msg contains ‘FLAP’ or $msg contains ‘down’ or $msg contains ‘DOWN’ or $msg contains ‘SPAN’ or $msg contains ‘span’ or $msg contains ‘loop’ or $msg contains ‘LOOP’ or $msg contains ‘up’ or $msg contains ‘UP’) then :ommail:;mailBody
# re-set interval so that other actions are not affected
$ActionExecOnlyOnceEveryInterval 0

Setup logrotate

sudo vim /etc/logrotate.conf

At very bottom of the file do the following

# Rotate the log daily up to 5 years of retention 365 times 5

/var/log/syslog/*.log /var/log/syslog/*/*.log {
dateformat .%Y-%m-%d
rotate 1825

Test the rotations

logrotate -d /etc/logrotate.conf

Configure Debian 7.x/8.x and Ubuntu 14.04 LTS Boxes with Smokeping

  • Login and then update the OS

shell> sudo apt-get update
shell> sudo apt-get upgrade

  • Configure Hostname (in our example we will use turtle):

shell> sudo hostname turtle
shell> sudo vim /etc/hostname

    • Add

    • Change Hosts File

shell> sudo vim /etc/hosts

      • From        debian

      • To

  • Restart hostname

shell> sudo /etc/init.d/

  • Install Postfix, cacti, smokeping

shell> sudo apt-get install postfix
shell> sudo apt-get install sendmail
shell> sudo apt-get install smokeping

  • Install TCPPing

shell> apt-get install tcptraceroute
shell> cd /usr/bin/
shell> wget
shell> chmod 755 tcpping

  • Configured Apache for Smokeping support

shell> cd /etc/apache2/conf-available
shell> sudo ln -s ../../smokeping/apache2.conf smokeping.conf
shell> sudo a2enconf smokeping
shell> sudo a2enmod cgid
shell> service apache2 reload

  • Configure Smokeping

shell> sudo vim /etc/smokeping/config.d/General

cgiurl   =


Monitoring in the Cloud as a Network Admin

I’ve been perplexed with a problem lately as a network engineer. Obviously the use of Public/Hybrid clouds from third party providers causes a lack of any sort of visibility for a network engineers.

The question is…how do we…as network engineers gain the visibility necessary to see the health of the cloud and performance within the network.

Here are a few ideas that one can utilize to start gaining more visibility for an engineer to help with performance metrics and troubleshooting:

  1. Monitor all server equipment nic cards.
  2. Smokeping between different servers
  3. Monitor local bandwidth going out to the cloud
  4. Trending reports will tell you if the cloud has issues
  5. Have a Network Host in the cloud that is dedicated to running latency, jitter numbers utilizing smokeping
Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Multiple Ports, Port-Mirror on Juniper MX80 going to a directly connected TAP port

The Setup:

  • You have an MX80 with three ISP connections out to the internet.
  • Ports ge-1/0/0, ge-1/0/1, ge-1/0/2, and ge-1/0/3 all need to have their traffic mirrored
    • Bandwidth for all ports combined is 300 Mbps…so it will not be a problem with utilization another Gig Port to dump all data to
  • Port ge-1/0/4 is the port on the MX80 connecting directly to the Security Appliance
  • You have a security appliance with a TAP port configured to sniff all data transiting the MX 80
    • NO IP Address is assigned
    • You can obtain the MAC address which in this case is: 00:1b:17:37:17:24
MX80 Port Mirror(1)

The Problem:

On Cisco NX-OS it’s very simple to accomplish:
monitor session 1 

  source interface ge-1/0/0,ge-1/0/1,ge-1/0/2,ge-1/0/3 both
  destination interface ge-1/0/4
But…how do we achieve it on a Juniper MX80 Running Code that is applicable in the year 2012/2013?

The Solution:

Step #1: Setup the Port Forwarding
set forwarding-options port-mirroring input rate 1
set forwarding-options port-mirroring input run-length 1
set forwarding-options port-mirroring family inet output interface ge-1/0/4.0 next-hop
set forwarding-options port-mirroring family inet output no-filter-check

Note: See Step #4 in terms of why we choose the next hop to be 1.1.12

Step #2: Setup a firewall to mirror the port traffic
set firewall family inet filter port-mirror term 1 then port-mirror
set firewall family inet filter port-mirror term 1 then accept
set firewall family inet filter port-mirror term 2 then accept

NOTE: If you have a filter applied to the interface it’s important that you put in the “then port-mirror” command on that filter.

Step #3: Map The Ports you want to mirror with the firewall filter

set interfaces ge-1/0/0 unit 0 family inet filter input port-mirror
set interfaces ge-1/0/0 unit 0 family inet filter output port-mirror

set interfaces ge-1/0/1 unit 0 family inet filter input port-mirror
set interfaces ge-1/0/1 unit 0 family inet filter output port-mirror
set interfaces ge-1/0/2 unit 0 family inet filter input port-mirror
set interfaces ge-1/0/2 unit 0 family inet filter output port-mirror
set interfaces ge-1/0/3 unit 0 family inet filter input port-mirror
set interfaces ge-1/0/3 unit 0 family inet filter output port-mirror

Step #4: Create a Private IP address and subnet range and map it to the dump port and create an ARP entry with another address to map the TAP port
set interfaces ge-1/0/4 unit 0 family inet address arp mac 00:1b:17:37:17:24
Notice: We are creating a fake IP address on ge-1/0/3 and giving it one particular address then we are creating an ARP entry with a completely different address in the same subset to map the TAP port for.

Juniper SRX management routing-instance limitations

Having utilized routing-instances in the MX series to segregate management functions/protocols away from insecure internet sources I ran into an instance that’s quite unique to the SRX platform only.

Normally for management items on an MX series one would create a separate routing instance away from the routing instance (see image below). This allows for segregation and reduces potential security holes in your design.

Design Main Points:
Create a MGMT routing-instance and import/export ribs between the the main and mgmt inet.0 routing tables, NAT and re-route certain management protocols/functions (NTP, netconf, syslog, snmp, etc…) from the main routing table (inet.0) to mgmt.inet.0.

Note: This assumes that your company is very strict on opening ports and doing NAT device cross talk between your outside region. Valid in corporations with standards…not so much within smaller companies that don’t care for security of course.


Underlying Problem:
While most items can be re-routed and transferred over, one particular item is not doable on the SRX systems themselves.

If you want to use an internal ntp client to maintain and manage time for all of your server equipment SRX series routers simply cannot route ntp over any instance but the main one (IE. inet.0).

So why doesn’t it work on the SRX Series?
It’s the way the SRX bootup procedures are setup. It will always use the main routing table (inet.0).

KB Article:;=KB22499&actp;=RSS

The little things and difference are usually annoying so hopefully somebody will find this article in case they have similar designs and requirements.