Producing IPv6 traceroute results in HTML format using NMAP

I searched how we can display the IPv6 trace-route results to web in automated manner. There may be different PHP / perl modules but using nmap trace route option we can archive similar fashion.

we can have the list of hosts separated by space
nmap.org www.apnic.net he.net

we can use following command to create the XML output.

nmap -6 --traceroute -vv -iL TestList -sn -oX test.xml --stylesheet /usr/share/nmap/nmap.xsl

-6 to enable IPv6
-vv increase the verbosity of the oubput
--sn no port scan
-oX output XML
--stylesheet where to find { to translate from XML to HTML }

xsltproc test.xml --output test.html

PPTP Server as Cisco for Mikrotik Client

Following configuration explains the Cisco as PPTP server and connecting two sites:

Following Configuration needed to enable the VPDN and default server:

vpdn enable
!
vpdn-group Mtik
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1

interface Virtual-Template1
 ip unnumbered Loopback0
 peer default ip address pool IPPOOL1
 ppp encrypt mppe auto required
 ppp authentication ms-chap-v2 ms-chap pap

ip local pool IPPOOL1 192.168.150.10 192.168.150.224

Few more additional things we need to keep the same ip address for the user:

aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default local
!
aaa attribute list Gobi
 attribute type addr 192.168.150.13 service ppp protocol ip mandatory
 attribute type route "10.0.0.0 255.255.255.0 192.168.150.13"
 attribute type interface-config "description Gobi-test"

Finally apply the attribute list to the user:

username gobi password 0 test
username gobi aaa attribute list Gobi

Mikrotik Configurations:

/interface pptp-client
add add-default-route=no allow=mschap2 connect-to=192.168.16.2 \
    dial-on-demand=no disabled=no max-mru=1500 max-mtu=1500 mrru=1500 name=\
    gobi password=test profile=default-encryption user=gobi

[admin@HOST1] > ip add print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.10.2/30    192.168.10.0    ether1
 1   192.168.16.1/30    192.168.16.0    ether2
 2   10.0.0.1/24        10.0.0.0        ether1
 3 D 192.168.150.13/32  192.168.150.1   gobi

IP route placed in the mikrotik as static :

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=gobi scope=30 \
    target-scope=10

1500 df-bit ping test

R1#ping 10.0.0.254 size 1500 df-bit

Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 10.0.0.254, timeout is 2 seconds:
Packet sent with the DF bit set
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/124/152 ms

l2tpv3 configuration reference

Reference Comparing , Designing and Deploying VPNs chap - 02 :
L2TPv3 is the enhanced version of L2TPv2 protocol. Mikrotik uses L2TPv2 i suppose but it offer another similar tunneling mechanism as EOIP.
L2TPv3 in cisco provides Pseudo-wire services to the customer. L2TPv3 only require the IP connectivity between peers but it can transport Ethernet, 802.1Q , HDLC, PPP framerelay etc.

Advantage over MPLS is the customer having the full control of their routing domain.

L2TP depolyment methods having 3 topologies
LAC - LNS , LNS - LNS , LAC - LAC

Following Diagram explain simple LAC - LAC L2TPv3 setup.

It uses two types of messages:
control connection messages - used for signaling between LCEs
session data messages - Used to transport layer 2 protocols and connections

Data channel Message Header having Session ID & cookie to correctly associate with the tunnel
Deploying dynamic Pseudowires session
1) configure CEF - Its default in IOSs now.
2) configure a loopback interface to use as the pseduowire endpoint ( need to have the connectivity)
3) configure an L2TP class ( optional)
L2TPv3 Class enables to configure number of control channel configurations.
authentication , keepalive intervals , receive window size, retransmission parameters, timeouts
4) configure a pseudowire class
5) bind attachment circuits to pseudowires

R1:

l2tp-class digest_r1
 digest secret 7 096F673A3A2A hash SHA1

pseudowire-class R1toR2
 encapsulation l2tpv3
 sequencing both
 protocol l2tpv3 digest_r1
 ip local interface Loopback0

xconnect peer-address VCID ( should be unique) pw-class [name]

interface FastEthernet1/0
 no ip address
 duplex auto
 speed auto
 xconnect 172.16.0.2 100 pw-class R1toR2 sequencing both

R2:

l2tp-class digest_r2
 digest secret 7 062526126F61 hash SHA1

pseudowire-class R2toR1
 encapsulation l2tpv3
 sequencing both
 protocol l2tpv3 digest_r2
 ip local interface Loopback0

interface FastEthernet1/1
 no ip address
 duplex auto
 speed auto
 xconnect 172.16.0.1 100 pw-class R2toR1 sequencing both

Between Two Circuits

R6#ping 192.168.20.2 size 1500 repeat 2 df-bit

Type escape sequence to abort.
Sending 2, 1500-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:
Packet sent with the DF bit set
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 72/94/116 ms

CDP from remote devices :

R6#show cdp neighbors detail  | inc Device|IP|Int
Device ID: R1
  IP address: 172.16.0.1
Interface: FastEthernet1/0,  Port ID (outgoing port): FastEthernet1/0
Device ID: R7
  IP address: 192.168.20.2
Interface: FastEthernet1/0,  Port ID (outgoing port): FastEthernet1/0

R1#show l2tun session all

L2TP Session Information Total tunnels 1 sessions 1

Session id 56564 is up, tunnel id 23863
  Remote session id is 61449, remote tunnel id 53859
  Remotely initiated session
Call serial number is 10785
Remote tunnel name is R2
  Internet address is 172.16.0.2
Local tunnel name is R1
  Internet address is 172.16.0.1
IP protocol 115
  Session is L2TP signaled
  Session state is established, time since change 00:58:25
  DF bit off, ToS reflect disabled, ToS value 0, TTL value 255
  UDP checksums are disabled
  FS cached header information:
    encap size = 28 bytes
    45000014 00000000 FF736353 AC100001
    AC100002 0000F009 00000000
    881 Packets sent, 881 received
    744359 Bytes sent, 744061 received
  Last clearing of counters never
  Counters, ignoring last clear:
    881 Packets sent, 881 received
    744359 Bytes sent, 744061 received
    Receive packets dropped:
      out-of-order:             0
      total:                    0
    Send packets dropped:
      exceeded session MTU:     0
      total:                    0
  Sequencing is on
    Ns 872, Nr 872, 0 out of order packets received
    Packets switched/dropped by secondary path: Tx 0, Rx 0
  Conditional debugging is disabled
  Unique ID is 1
Session Layer 2 circuit, type is Ethernet, name is FastEthernet1/0
  Session vcid is 100
  Circuit state is UP
    Local circuit state is UP
    Remote circuit state is UP

Have to try the interoperability between cisco & mikrotik

Modifying the Wireshark Column.

Basically i had a packet capture file where i need to check the ICMP sequence number to check any packet drops. going each packet one by one and finding out the sequence number is a tedious job. So i was looking to find a way to add another column to display the icmp sequence number.
Its quite easy
1) Go to Edit -> Preference
2) Add a new column and select the field type as custom and give the filter as icmp.seq

3) You can see following result . According to our requirement we can modify the field type.

Cost Effective 1 Port Terminal Server Rs232 using mikrotik / 3G

out of band management is critical for the network operation. when searching solution for console access through rs232 and 3G i came across Mikrotik serial connection option. I haven't tested the 3G setup yet but quite impressive options available in 79$ Mikrotik router for RS232 access:
1st have to set the baud-rate and similar settings :

[admin@Console_Tik] > port export            
# jan/02/1970 00:32:05 by RouterOS 5.5
# software id = WE49-11I9
#
/port
set 0 baud-rate=9600 data-bits=8 flow-control=none name=serial0 parity=none \
stop-bits=1
/port firmware
set directory=firmware
[admin@Console_Tik] > 

2nd if we are using for console access we need to disable the console port option on mikrotik as follows :

[admin@Console_Tik] > system console print 
Flags: X - disabled, U - used, F - free 
#   PORT                                   TERM                                 
0 X serial0                                vt102    

From mikrotik we can directly access the console port of cisco as follows :

[admin@Console_Tik] > system serial-terminal serial0    
[Ctrl-A is the prefix key]
TEST>

or we can create separ te user account and divert the user directly to the serial access :
1) have to create separate user account :

[admin@Console_Tik] > u er print 
Flags: X - disabled 
#   NAME         GROUP        ADDRESS                                           
0   ;;; system default user
admin        fullZ       
1   terminal     full        

2) have to assign the user to the spcial-login option

admin@Console_Tik] > special-login print   
Flags: X - disabled 
#   USER                                      PORT                              
0   terminal                                  serial0   

if we telnet using the special user account directly redirected to serial access : 

MikroTik v5.5
Login: terminal
Password:

[Ctrl-A is the prefix key]



VOICE_TEST>

shorten the MPLS IOS commands

when it comes to mpls + vrf we can observe some lengthly commands..

R3#show bgp vpnv4 unicast vrf CusA
BGP table version is 7, local router ID is 192.168.254.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65001:100 (default for vrf CusA)
*> 192.168.200.0    192.168.100.1            0             0 65100 i
*>i192.168.210.0    192.168.254.8            0    100      0 65101 i

how to shorten these commands as usual we can use aliases

eg:

alias exec shbgpvrf show bgp vpnv4 unicast vrf

R3#shbgpvrf CusA
BGP table version is 7, local router ID is 192.168.254.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65001:100 (default for vrf CusA)
*> 192.168.200.0    192.168.100.1            0             0 65100 i
*>i192.168.210.0    192.168.254.8            0    100      0 65101 i

eg2: alias exec shvrf show ip route vrf

R3#shvrf CusA

Routing Table: CusA
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

      192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.100.0/30 is directly connected, Ethernet0/0
L        192.168.100.2/32 is directly connected, Ethernet0/0
B     192.168.200.0/24 [20/0] via 192.168.100.1, 00:10:08
B     192.168.210.0/24 [200/0] via 192.168.254.8, 00:08:42

MPLS LAB for experiment.

This is the lab prepared using the L2IOU (http://tinyurl.com/69j77ju )

NETMAP :
1:0/0 3:0/0
1:0/1 4:0/0
2:0/0 3:0/1
2:0/1 4:0/1
3:0/2 5:0/0
4:0/2 5:0/1
5:0/3 6:0/0
5:0/2 7:0/1
6:0/1 7:0/0
7:0/2 8:0/0
7:0/3 9:0/0
8:0/1 10:0/0
9:0/1 11:0/0

root@box:/home/tc# cat labstart_mpls 
#!/bin/sh

if [ "`pgrep i86bi`" ]
then
 echo ""
 echo ""
 echo "The lab is already loaded"
 echo ""
 echo ""
else
 echo ""
 echo ""
 echo please wait for the Lab to be loaded..
 echo ""
 ./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2001 -- -c configs/R1.cfg -e1 -s0 1 > /dev/null 2>&1 & sleep 5
 echo R1 loaded
 ./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2002 -- -c configs/R2.cfg -e1 -s0 2 > /dev/null 2>&1 & sleep 5
 echo R2 loaded
 ./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2003 -- -c configs/R3.cfg -e1 -s0  3 > /dev/null 2>&1 & sleep 5
 echo R3 loaded
 ./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2004 -- -c configs/R4.cfg -e1 -s0 4 > /dev/null 2>&1 & sleep 5
 echo R4 loaded
 ./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2005 -- -c configs/R5.cfg -e1 -s0 5 > /dev/null 2>&1 & sleep 5
 echo R5 loaded
 ./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2006 -- -c configs/R6.cfg -e1 -s0 6 > /dev/null 2>&1 & sleep 5
 echo R6 loaded
 ./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2007 -- -c configs/R7.cfg -e1 -s0 7 > /dev/null 2>&1 & sleep 5
echo R7 loaded 
./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2008 -- -c configs/R8.cfg -e1 -s0 8 > /dev/null 2>&1 & sleep 5  
echo R8 loaded
./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2009 -- -c configs/R9.cfg -e1 -s0 9 > /dev/null 2>&1 & sleep 5  
echo R9 loaded
./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2010 -- -c configs/R10.cfg -e1 -s0 10 > /dev/null 2>&1 & sleep 5  
echo R10 loaded
./wrapper -m ./i86bi_linuxl2-upk9-ms.M -p 2011 -- -c configs/R11.cfg -e1 -s0 11 > /dev/null 2>&1 & sleep 5  
echo R11 loaded
 echo ""
 echo ""
 nohup -g -Fa `pgrep i86bi` > /dev/null 2>&1
fi

Router configuration :