Arnaud Fenioux 's Personal Home Page

Disclaimer

The opinions expressed here are my personal opinions. My current or past employers are not responsible for what I write here or the comments left by site visitors.

My presentation at #AfPIF15

August 27, 2015 - Arnaud
Categorie: Miscellaneous

I made this presentation the 27 August 2015 in Maputo during the AfPIF : www.internetsociety.org/afpif-2015/

This presentation is about Interconnecting two IXP togethers (Internet Exchange Points). It covers the mains goals, pros & cons and 2 different technical ways of interconnection.

link : http://www.afenioux.fr/doc/presentations/AfPIF-2015-EN.pdf

IS-IS tuning

July 3, 2015 - Arnaud
Categorie: Technical
Tags: cisco

Here is a sample configuration of ISIS for Cisco routers. This example is a level2 only zone (like a backbone area 0 in OSPF).

Note : Loopback addresses are (or should be) always configured with /32 netmask.
It's a good practice to dedicate a contiguous range for all your loopback addresses, this range is most of time the first of your supernet (i.e. your "big" network allocation), or the one with a zero.

Let's begin to create an loopback interface and annonce this IP (In this example we will use the first /24 of our "big" range for loopbacks) :

OpenBGPd

June 13, 2015 - Arnaud
Categorie: Technical
Tags: BSD

pkg install openbgpd
touch /usr/local/etc/bgpd.conf
chmod 0600 /usr/local/etc/bgpd.conf

echo 'bgpd_flags=""' >> /etc/rc.conf

edit your config :
vi /usr/local/etc/bgpd.conf

service bgpd start

Some useful commands :

List the sessions and states :
bgpctl show summary

Detailed informations on your neighbors:
bgpctl show neighbor

Your configured/announced net :
bgpctl show network

FreeBSD10 Ezjail and OpenVPN

February 13, 2015 - Arnaud
Categorie: Technical
Tags: BSD

WARNING : This is probably a bad idea to use OpenVPN in a Jail (you will lose *a lot* of time to configure it) but it work's.

I really recommand to read the sources a the bottom of this articles, they were great help.

First things, prepare the host :

ifconfig tun create
echo 'cloned_interfaces="tun"' >> /etc/rc.conf

FreeBSD Jails

February 10, 2015 - Arnaud
Categorie: Technical
Tags: BSD

We will use ezjail to make it easier :

pkg install ezjail
ezjail-admin install

service ezjail start

Create your first jail and connect to it (we will NAT the jail in this example):

ezjail-admin create myjailname 'lo1|10.11.12.1'
ezjail-admin start myjailname
ezjail-admin list
ezjail-admin console myjailname

Allow raw sockets (needed for ping, but not recommanded) by editing /usr/local/etc/ezjail/myjailname:

export jail_myjailname_parameters="allow.raw_sockets=1"

FreeBSD Basics

February 10, 2015 - Arnaud
Categorie: Technical
Tags: BSD

If you choose to Install FreeBSD 10 on Proxmox, you MUST set CPU to QEMU64 or it won't boot (yes, it will be ok for install, but not for boot!)

If you choosed to install ssh and ntp, check they are enabled in  /etc/rc.conf :

sshd_enable="YES"
ntpd_enable="YES"

remember to modify theses lines in /etc/ntp.conf to avoid beeing a bot in a DDoS amplification attack :

SSH configuration for MLX

January 16, 2015 - Arnaud
Categorie: Technical
Tags: Brocade

Enable SSH

crypto key generate rsa modulus 2048
write mem
sync-standby

 

My presentation at NetSecure Day 2014

December 8, 2014 - Arnaud
Categorie: Miscellaneous
http://www.afenioux.fr/doc/presentations/NSD-2014.pdf is the presentation I made (in french) for the #NetSecureDay 2014 conference (http://www.netsecure-day.fr/) the 4th december.
 
The presentation is more about "How is made Internet" than pure security... but the public was mostly composed of students and I didn't want to bore them :)
 
keywords are : #BGP #IXP #cables #basics

Super SCP

September 18, 2014 - Arnaud
Categorie: Technical
Tags: Linux
I use this script to scp files as root to the distant server, so that I don't need to type "root@"
eg : arnaud@local:~$./scp file srv:/root
 
#!/bin/bash
 
# we check the last argument
if [ `echo ${!#} | grep ":"` ] ; then
        # we pop $@
        # sed s,a,b is same as sed s/a/b
        # but no need to escape / :-)
        list=$(echo $@ | sed s,\ ${!#},,)
        scp -r $list root@${!#}
else

Linux and routing tables

September 12, 2014 - Arnaud
Categorie: Technical
Tags: Linux

To add another default gateway to a dedicated interface, in this example I want 2 interfaces and one default GW for each IP (my 2nd interface has IP 10.10.10.10)

Pages

Subscribe to afenioux.fr RSS RSS Feed