From 42b67205ce597b2b7f6262e3aaf19d95231f2bc0 Mon Sep 17 00:00:00 2001 From: DeadFire Date: Mon, 2 Feb 2015 16:36:42 +0800 Subject: [PATCH] =?UTF-8?q?20150202-1=20=E9=80=89=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...entation from the command line on Linux.md | 186 ++++++++++++++++ ... filter BGP routes in Quagga BGP router.md | 201 ++++++++++++++++++ 2 files changed, 387 insertions(+) create mode 100644 sources/tech/20150202 How to create and show a presentation from the command line on Linux.md create mode 100644 sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md diff --git a/sources/tech/20150202 How to create and show a presentation from the command line on Linux.md b/sources/tech/20150202 How to create and show a presentation from the command line on Linux.md new file mode 100644 index 0000000000..d80b385544 --- /dev/null +++ b/sources/tech/20150202 How to create and show a presentation from the command line on Linux.md @@ -0,0 +1,186 @@ +How to create and show a presentation from the command line on Linux +================================================================================ +When you prepare a talk for audience, the first thing that will probably come to your mind is shiny presentation charts filled with fancy diagrams, graphics and animation effects. Fine. No one can deny the power of visually charming presentation. However, not all presentations need to be Ted talk quality. Often times, the purpose of a presentation is to convey specific information, which can easily be done with textual messages. In such cases, your time can be better spent on gathering information and checking facts, rather than searching for good-looking graphics from Google Image. + +In the world of Linux, you can do presentation in several different ways, e.g., Impress for multimedia-rich content, [Impress.js][1] for stunning visualization, Beamer for hardcore LaTex users, and so on. If you are looking for a simple means to create and show a textual presentation, look no further. [mdp][2] can get the job done for you. + +### What is Mdp? ### + +mdp is an ncurses-based command-line presentation tool for Linux. What I like about mdp is its [markdown][3] support, which makes it easy to create slides with familiar markdown format. Naturally, it becomes painless to publish the slides in HTML format as well. Another plus is its support for UTF-8 character encoding, which comes in handy when showing non-English characters (e.g., Greek or Cyrillic alphabets). + +### Install Mdp on Linux ### + +Installation of mdp is mostly painless due to its light dependency requirement (i.e., ncursesw). + +#### Debian, Ubuntu or their derivatives #### + + $ sudo apt-get install git gcc make libncursesw5-dev + $ git clone https://github.com/visit1985/mdp.git + $ cd mdp + $ make + $ sudo make install + +#### Fedora or CentOS/RHEL #### + + $ sudo yum install git gcc make ncurses-devel + $ git clone https://github.com/visit1985/mdp.git + $ cd mdp + $ make + $ sudo make install + +#### Arch Linux #### + +On Arch Linux, you can easily install mdp from [AUR][4]. + +### Create a Presentation from the Command Line ### + +Once you installed mdp, you can easily create a presentation by using your favorite text editor. If you are familiar with markdown, it will take no time to master mdp. For those of you who are not familiar with markdown, starting with an example is the best way to learn mdp. + +Here is a 6-page sample presentation for your reference. + + %title: Sample Presentation made with mdp (Xmodulo.com) + %author: Dan Nanni + %date: 2015-01-28 + + -> This is a slide title <- + ========= + + -> mdp is a command-line based presentation tool with markdown support. <- + + *_Features_* + + * Multi-level headers + * Code block formatting + * Nested quotes + * Nested list + * Text highlight and underline + * Citation + * UTF-8 special characters + + ------------------------------------------------- + + -> # Example of nested list <- + + This is an example of multi-level headers and a nested list. + + # first-level title + + second-level + ------------ + + - *item 1* + - sub-item 1 + - sub-sub-item 1 + - sub-sub-item 2 + - sub-sub-item 3 + - sub-item 2 + + ------------------------------------------------- + + -> # Example of code block formatting <- + + This example shows how to format a code snippet. + + 1 /* Hello World program */ + 2 + 3 #include + 4 + 5 int main() + 6 { + 7 printf("Hello World"); + 8 return 0; + 9 } + + This example shows inline code: `sudo reboot` + + ------------------------------------------------- + + -> # Example of nested quotes <- + + This is an example of nested quotes. + + # three-level nested quotes + + > This is the first-level quote. + >> This is the second-level quote + >> and continues. + >>> *This is the third-level quote, and so on.* + + ------------------------------------------------- + + -> # Example of citations <- + + This example shows how to place a citation inside a presentation. + + This tutorial is published at [Xmodulo](http://xmodulo.com) + + You are welcome to connect with me at [LinkedIn](http://www.linkedin.com/in/xmodulo) + + Pretty cool, huh? + + ------------------------------------------------- + + -> # Example of UTF-8 special characters <- + + This example shows UTF-8 special characters. + + ae = ä, oe = ö, ue = ü, ss = ß + alpha = ?, beta = ?, upsilon = ?, phi = ? + Omega = ?, Delta = ?, Sigma = ? + + ??????????? + ?rectangle? + ??????????? + +### Show a Presentation from the Command Line ### + +Once you save the above code as slide.md text file, you can show the presentation by simply running: + + $ mdp slide.md + +You can navigate the presentation by pressing Enter/Space/Page-Down/Down-Arrow (next slide), Backspace/Page-Up/Up-Arrow (previous slide), Home (first slide), End (last slide), or numeric-N (N-th slide). + +The title of the presentation appears on top of each slide, and your name and page number are shown at the bottom. + +![](https://farm9.staticflickr.com/8637/16392457702_ec732d0094_c.jpg) + +This is an example of a nested list and multi-level headers. + +![](https://farm9.staticflickr.com/8567/16367397606_29be7df633_c.jpg) + +This is an example of a code snippet and inline code. + +![](https://farm9.staticflickr.com/8682/15770926144_0f982b0863_b.jpg) + +This is an example of nested quotes. + +![](https://farm9.staticflickr.com/8587/16393383115_0865c8b89b_c.jpg) + +This is an example of placing citations. + +![](https://farm8.staticflickr.com/7409/16392457712_ed36c14bc2_c.jpg) + +This is an example of UTF-8 special characters. + +![](https://farm9.staticflickr.com/8648/16205981560_7fa3debc75_c.jpg) + +### Summary ### + +In this tutorial, I showed you how to use mdp to create and show a presentation from the command line. Its markdown compatibility saves us the trouble and hassle of having to learn any new formatting, which is an advantage compared to [tpp][5], another command-line presentation tool. Due to its limitations, mdp may not qualify as your default presentation tool, but there should be definitely a use case for that. What do you think of mdp? Do you prefer something else? + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/presentation-command-line-linux.html + +作者:[Dan Nanni][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/nanni +[1]:http://bartaz.github.io/impress.js/ +[2]:https://github.com/visit1985/mdp +[3]:http://daringfireball.net/projects/markdown/ +[4]:https://aur.archlinux.org/packages/mdp-git/ +[5]:http://www.ngolde.de/tpp.html \ No newline at end of file diff --git a/sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md b/sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md new file mode 100644 index 0000000000..d92c47c774 --- /dev/null +++ b/sources/tech/20150202 How to filter BGP routes in Quagga BGP router.md @@ -0,0 +1,201 @@ +How to filter BGP routes in Quagga BGP router +================================================================================ +In the [previous tutorial][1], we demonstrated how to turn a CentOS box into a BGP router using Quagga. We also covered basic BGP peering and prefix exchange setup. In this tutorial, we will focus on how we can control incoming and outgoing BGP prefixes by using **prefix-list** and **route-map**. + +As described in earlier tutorials, BGP routing decisions are made based on the prefixes received/advertised. To ensure error-free routing, it is recommended that you use some sort of filtering mechanism to control these incoming and outgoing prefixes. For example, if one of your BGP neighbors starts advertising prefixes which do not belong to them, and you accept such bogus prefixes by mistake, your traffic can be sent to that wrong neighbor, and end up going nowhere (so-called "getting blackholed"). To make sure that such prefixes are not received or advertised to any neighbor, you can use prefix-list and route-map. The former is a prefix-based filtering mechanism, while the latter is a more general prefix-based policy mechanism used to fine-tune actions. + +We will show you how to use prefix-list and route-map in Quagga. + +### Topology and Requirement ### + +In this tutorial, we assume the following topology. + +![](https://farm8.staticflickr.com/7394/16407625405_4f7d24d1f6_c.jpg) + +Service provider A has already established an eBGP peering with service provider B, and they are exchanging routing information between them. The AS and prefix details are as stated below. + +- **Peering block**: 192.168.1.0/24 +- **Service provider A**: AS 100, prefix 10.10.0.0/16 +- **Service provider B**: AS 200, prefix 10.20.0.0/16 + +In this scenario, service provider B wants to receive only prefixes 10.10.10.0/23, 10.10.10.0/24 and 10.10.11.0/24 from provider A. + +### Quagga Installation and BGP Peering ### + +In the [previous tutorial][1], we have already covered the method of installing Quagga and setting up BGP peering. So we will not go through the details here. Nonetheless, I am providing a summary of BGP configuration and prefix advertisements: + +![](https://farm8.staticflickr.com/7428/16219986668_97cb193b15_c.jpg) + +The above output indicates that the BGP peering is up. Router-A is advertising multiple prefixes towards router-B. Router-B, on the other hand, is advertising a single prefix 10.20.0.0/16 to router-A. Both routers are receiving the prefixes without any problems. + +### Creating Prefix-List ### + +In a router, a prefix can be blocked with either an ACL or prefix-list. Using prefix-list is often preferred to ACLs since prefix-list is less processor intensive than ACLs. Also, prefix-list is easier to create and maintain. + + ip prefix-list DEMO-PRFX permit 192.168.0.0/23 + +The above command creates prefix-list called 'DEMO-FRFX' that allows only 192.168.0.0/23. + +Another great feature of prefix-list is that we can specify a range of subnet mask(s). Take a look at the following example: + + ip prefix-list DEMO-PRFX permit 192.168.0.0/23 le 24 + +The above command creates prefix-list called 'DEMO-PRFX' that permits prefixes between 192.168.0.0/23 and /24, which are 192.168.0.0/23, 192.168.0.0/24 and 192.168.1.0/24. The 'le' operator means less than or equal to. You can also use 'ge' operator for greater than or equal to. + +A single prefix-list statement can have multiple permit/deny actions. Each statement is assigned a sequence number which can be determined automatically or specified manually. + +Multiple prefix-list statements are parsed one by one in the increasing order of sequence numbers. When configuring prefix-list, we should keep in mind that there is always an **implicit deny** at the end of all prefix-list statements. This means that anything that is not explicitly allowed will be denied. + +To allow everything, we can use the following prefix-list statement which allows any prefix starting from 0.0.0.0/0 up to anything with subnet mask /32. + + ip prefix-list DEMO-PRFX permit 0.0.0.0/0 le 32 + +Now that we know how to create prefix-list statements, we will create prefix-list called 'PRFX-LST' that will allow prefixes required in our scenario. + + router-b# conf t + router-b(config)# ip prefix-list PRFX-LST permit 10.10.10.0/23 le 24 + +### Creating Route-Map ### + +Besides prefix-list and ACLs, there is yet another mechanism called route-map, which can control prefixes in a BGP router. In fact, route-map can fine-tune possible actions more flexibly on the prefixes matched with an ACL or prefix-list. + +Similar to prefix-list, a route-map statement specifies permit or deny action, followed by a sequence number. Each route-map statement can have multiple permit/deny actions with it. For example: + + route-map DEMO-RMAP permit 10 + +The above statement creates route-map called 'DEMO-RMAP', and adds permit action with sequence 10. Now we will use match command under sequence 10. + + router-a(config-route-map)# match (press ? in the keyboard) + +---------- + + as-path Match BGP AS path list + community Match BGP community list + extcommunity Match BGP/VPN extended community list + interface match first hop interface of route + ip IP information + ipv6 IPv6 information + metric Match metric of route + origin BGP origin code + peer Match peer address + probability Match portion of routes defined by percentage value + tag Match tag of route + +As we can see, route-map can match many attributes. We will match a prefix in this tutorial. + + route-map DEMO-RMAP permit 10 + match ip address prefix-list DEMO-PRFX + +The match command will match the IP addresses permitted by the prefix-list 'DEMO-PRFX' created earlier (i.e., prefixes 192.168.0.0/23, 192.168.0.0/24 and 192.168.1.0/24). + +Next, we can modify the attributes by using the set command. The following example shows possible use cases of set. + + route-map DEMO-RMAP permit 10 + match ip address prefix-list DEMO-PRFX + set (press ? in keyboard) + +---------- + + aggregator BGP aggregator attribute + as-path Transform BGP AS-path attribute + atomic-aggregate BGP atomic aggregate attribute + comm-list set BGP community list (for deletion) + community BGP community attribute + extcommunity BGP extended community attribute + forwarding-address Forwarding Address + ip IP information + ipv6 IPv6 information + local-preference BGP local preference path attribute + metric Metric value for destination routing protocol + metric-type Type of metric + origin BGP origin code + originator-id BGP originator ID attribute + src src address for route + tag Tag value for routing protocol + vpnv4 VPNv4 information + weight BGP weight for routing table + +As we can see, the set command can be used to change many attributes. For a demonstration purpose, we will set BGP local preference. + + route-map DEMO-RMAP permit 10 + match ip address prefix-list DEMO-PRFX + set local-preference 500 + +Just like prefix-list, there is an implicit deny at the end of all route-map statements. So we will add another permit statement in sequence number 20 to permit everything. + + route-map DEMO-RMAP permit 10 + match ip address prefix-list DEMO-PRFX + set local-preference 500 + ! + route-map DEMO-RMAP permit 20 + +The sequence number 20 does not have a specific match command, so it will, by default, match everything. Since the decision is permit, everything will be permitted by this route-map statement. + +If you recall, our requirement is to only allow/deny some prefixes. So in our scenario, the set command is not necessary. We will just use one permit statement as follows. + + router-b# conf t + router-b(config)# route-map RMAP permit 10 + router-b(config-route-map)# match ip address prefix-list PRFX-LST + +This route-map statement should do the trick. + +### Applying Route-Map ### + +Keep in mind that ACLs, prefix-list and route-map are not effective unless they are applied to an interface or a BGP neighbor. Just like ACLs or prefix-list, a single route-map statement can be used with any number of interfaces or neighbors. However, any one interface or a neighbor can support only one route-map statement for inbound, and one for outbound traffic. + +We will apply the created route-map to the BGP configuration of router-B for neighbor 192.168.1.1 with incoming prefix advertisement. + + router-b# conf terminal + router-b(config)# router bgp 200 + router-b(config-router)# neighbor 192.168.1.1 route-map RMAP in + +Now, we check the routes advertised and received by using the following commands. + +For advertised routes: + + show ip bgp neighbor-IP advertised-routes + +For received routes: + + show ip bgp neighbor-IP routes + +![](https://farm8.staticflickr.com/7424/16221405429_4d86119548_c.jpg) + +You can see that while router-A is advertising four prefixes towards router-B, router-B is accepting only three prefixes. If we check the range, we can see that only the prefixes that are allowed by route-map are visible on router-B. All other prefixes are discarded. + +**Tip**: If there is no change in the received prefixes, try resetting the BGP session using the command: "clear ip bgp neighbor-IP". In our case: + + clear ip bgp 192.168.1.1 + +As we can see, the requirement has been met. We can create similar prefix-list and route-map statements in routers A and B to further control inbound and outbound prefixes. + +I am summarizing the configuration in one place so you can see it all at a glance. + + router bgp 200 + network 10.20.0.0/16 + neighbor 192.168.1.1 remote-as 100 + neighbor 192.168.1.1 route-map RMAP in + ! + ip prefix-list PRFX-LST seq 5 permit 10.10.10.0/23 le 24 + ! + route-map RMAP permit 10 + match ip address prefix-list PRFX-LST + +### Summary ### + +In this tutorial, we showed how we can filter BGP routes in Quagga by defining prefix-list and route-map. We also demonstrated how we can combine prefix-list with route-map to fine-control incoming prefixes. You can create your own prefix-list and route-map in a similar way to match your network requirements. These tools are one of the most effective ways to protect the production network from route poisoning and advertisement of bogon routes. + +Hope this helps. + +-------------------------------------------------------------------------------- + +via: http://xmodulo.com/filter-bgp-routes-quagga-bgp-router.html + +作者:[Sarmed Rahman][a] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出 + +[a]:http://xmodulo.com/author/sarmed +[1]:http://xmodulo.com/centos-bgp-router-quagga.html \ No newline at end of file