Archive

Category Archives for "Brezular’s Blog"

Remotely Triggered Black Hole Filtering

Remotely triggered black hole (RTBH) filtering is a technique that provides the ability to drop undesirable traffic before it enters a protected network. It is used for the mitigation of distributed-denial-of-service (DDoS) and DoS attacks. We will show configuration of destination and source RTBH for Cisco IOS-XR in a network depicted on the Picture 1. […]
Continue reading...

BGP FlowSpec on Arista vEOS

BGP FlowSpec is an another Multiptocol-BGP extension with SAFI 133. Created for the purpose of DoS and DDoS attacks mitigation, it brings a new NLRI that collects 12 types of L3 and L4 information. These information creates a flow which defines criteria used for matching DDoS parameters. For instance, a flow can match victim's IP, […]
Continue reading...

Hosting KVM Apps Inside IOS XE Virtual Service Container

Service Containers are applications that can be hosted directly on Cisco IOS XE routing platforms. Service containers are either Linux Virtual Containers (LXC) or Kernel Virtual Machine( KVM) based virtual machines. A typical Cisco service container carries a digital signature that verifies it as an authentic application from Cisco. An open service (unsigned) container is […]
Continue reading...

Urban Terror Server on Cisco CSR1000v

We have discussed the configuration of Guest Shell on Cisco CSR 1000v platform in a previous tutorial. The guest shell is a built-in Linux container with CentOS 7 installed, which can be activated on the fly when Linux applications are needed. Our lives are currently affected by SARS-CoV-2 and long-standing quarantine, so why not do […]
Continue reading...

Legacy Open Switch 0.4.0 Image

The Open Switch 0.4.0 is the legacy Open Switch version with Cisco like CLI that I used to use in my tutorials. As it can be downloaded anymore, I share the VMDK image below. Please, use the image for learning or demonstration purpose only because this Open Switch version is discontinued. Instead, use the Open Switch […]
Continue reading...

Virtual eXtensible LANs -VXLANs

The tutorial discusses configuration of VXLANs on Arista vEOS and Openvswitch virtual machines. The VXLANs extend an L2 network by connecting VLANs from multiple hosts through UDP tunnels called VXLAN segments. VXLANs use Internet Protocol (both unicast and multicast) as the transport medium. VXLAN segments are identified by a 24-bit Virtual Network Identifier (VNI). Within […]
Continue reading...

Virtual eXtensible LANs – VXLANs

The tutorial discusses configuration of VXLANs on Arista vEOS and Openvswitch virtual machines. The VXLANs extend an L2 network by connecting VLANs from multiple hosts through UDP tunnels called VXLAN segments. VXLANs use Internet Protocol (both unicast and multicast) as the transport medium. VXLAN segments are identified by a 24-bit Virtual Network Identifier (VNI). Within […]
Continue reading...

Cloning Remote Linux Machines

I would like to share the second version (1.1) of the Bash script backup_images-1.1.sh which you can use for cloning disks of remote Linux machines. The script reads IP addresses of the hosts from a file and copy the disks with dd command over SSH connection. The disks are stored on a local machine, compressed […]
Continue reading...

Use TheGreenBow VPN Client to Connect with VyOS

The site-to-site Virtual Private Networks (VPN) connect two or more remote locations. Thanks to it, computers located inside locations can communicate securely over the public Internet as they were located on the same private network. This is accomplished by tunnels that interconnect remote locations. Tunnels add extra layer security, encrypting user traffic carried inside tunnels. […]
Continue reading...

Cuckoo Installation and Configuration on Debian 10 Buster

The tutorial covers installation and configuration of Cuckoo Malware Sandbox on Debian 10 Buster. Once you complete successfully all steps, your Cuckoo installation will be ready to perform analysis of malware uploaded to guest VM. It is Windows 7 x64 SP1 VM running on Oracle VirtualBox. The tutorial is based on an excellent YouTube videos […]
Continue reading...

How to Configure BurpSuite to use Tor as Proxy

BurpSuite is a manual toolkit for investigating web security. Burp Proxy allows manual testers to intercept all requests and responses between the browser and the target application, even when HTTPS is being used. The tutorial discusses configuration of Burp to use connection over Tor network. 1. BurpSuite Community Edition We can find BurpSuite Community Edition […]
Continue reading...

DPDK and Open vSwitch Installation on Debian 10

DPDK stands for Data Plane Development Kit. The DPDK project consists of libraries to accelerate packet processing workloads running on a wide variety of CPU architectures. Open vSwitch can use the DPDK library to operate entirely in userspace. Thanks to it, performance of Open vSwitch increases. The tutorial help you to build and install Open vSwitch using DPDK datapah on Debian 10 Buster. The second part discuses DPDK and Open vSwitch configuration and compare performance of Open vSwitch applicance with enabled/disabled DPDK.

Note: You can download my Debian 10 Buster VMDK image with installed DPDK 18.11.2 and Open vSwitch 2.11.1 for quick testiing of Open vSwitch/DPDK functionality. If you do so, you can skip the tutorial and continue with Part 2 - DPDK/Open vSwitch Configuration.

Login/password: debian/debian

Host
Software:
- x86_64 GNU/Linux Debian 10 Buster, 4.19.0-5-amd64
- QEMU emulator version 3.1.0
Hardware:
- RAM Memory 2x Kingston 8192 MB DDRIII
- CPU - Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz, 4 cores

Qemu Guest
Software:
- x86_64 GNU/Linux Debian 10 Buster, 4.19.0-6-amd64
- Open vSwitch - 2.11.1
- DPDK - 18.11.2
Hardware:
- 4 X Continue reading

Site-to-Site OpenVPN on VyOS

The tutorial discusses configuration of site-to-site VPN on VyOS using preshared-key. Static key configuration offers the simplest setup, and is ideal for point-to-point VPNs or proof-of-concept testing. The advantages of using static key are simple setup and no X509 PKI (Public Key Infrastructure) to maintain. The disadvantages are limited scalability - one client, one server setup and the lack of perfect forward secrecy - key compromise results in a total disclosure of previous sessions. Also, a secret key must exist in plain-text form on each VPN peer and it must be exchanged using a pre-existing secure channel.

Our lab consists of two remote sites (Picture 1). The router running network OS - VyOS is presented on each side, connecting computers PC and PC2 to to a particular LAN network. The both VyOS routers are configured forOpenVPN site-to-site mode and the routers also perform NAT (PAT) and firewall services.

Picture 1 - Network Topology

1. VyOS Site1 Configuration

1.1 Hostname, IP addresses, SSH

vyos@vyos:~$ configure
vyos@vyos# set system host-name Site1

yos@vyos# commit
vyos@vyos# save

vyos@Site1# set interfaces ethernet eth1 address 10.0.0.254/24
vyos@Site1# set interfaces ethernet eth0 address 11.0.2.1/24

vyos@Site1# set service ssh

vyos@Site1# commit
Continue reading

Testing Open vSwitch-DPDK

In a previous tutorial we have built DPDK 18.11.2 and Open vSwitch 2.11.1 on Linux Debian 10.1 VM (buster). We have created a L3 Open vSwitch QEMU appliance that we will use to compare performance of Open vSwitch with enabled/disabled DPDK. A network topology is depicted on the Picture 1.

The lab is created as GNS3 project which consists of a single Debian Open vSwitch appliance. Two Linux Core 6.3 hosts PC1 and PC2 are connected to the switchports Ethernet0 and Ethernet1, respectively. Firstly, we are going to bind the both ports to DPDK-compatible driver and create a bridge with the DPDK ports attached to the bridge. As a last step, we will measure maximum achievable bandwidth with iPerf3 tool. The host PC1 will be be acting as a iPerf3 client connecting to the iPerf3 server running on the host PC2.

Note: Open vSwitch 2.11.1 appliance built on Debian 10 buster and DPDK 18.11.2 is available in Download-> Appliance Section. The Linux Core 6.3 image is available there, as well.

Picture 1 - Debian Open vSwitch/DPSK Appliance with Connected Host

1. GNS3 Configuration

Check GNS3 settings for Open Continue reading

Debian Open vSwitch Appliance with DPDK

Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license.  It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (e.g. NetFlow, sFlow, IPFIX, RSPAN, CLI, LACP, 802.1ag).

DPDK is the Data Plane Development Kit that consists of libraries to accelerate packet processing workloads running on a wide variety of CPU architectures.

Note: Open vSwitch images are customized with my after install script  and they are ready for use in GNS3.

Username is debian with the password debian.

Debian Linux 10 (buster) VMDK Appliance with DPDK 18.11.2 and Open vSwitch 2.11.1 [997,2MB]
https://drive.google.com/file/d/1ZuVVP2POUnFjySt0YpFwPeSG5Rtw_6Gj/view?usp=sharing

 

ClearOS Gateway on GNS3

In a previous tutorial we have successfully installed ClearOS on QEMU VM in a gateway mode. At the end of the tutorial we have installed several apps from ClearOS marketplace. These apps enhance gateway functionality, however  we have not tested  them yet. Therefore, this tutorial goes further and we are going to test some services offered by ClearOS apps. In order to do it, we will connect ClearOS QEMU appliance into a GNS3 topology.

Our ClearOS QEMU instance is configured with two guest network cards (Picture 1). The first guest interface ens3 has assigned the LAN role and it is configured with the IP address 192.168.1.254/24. This is the IP address a web server is listening on, the port 81. The entire ClearOS management will be done via web browser using the url https://192.168.1.254:81.

Picture 1 - Network Interfaces Configuration During ClearOS Installation

The second guest interface ens4 has assigned External role and its IP address is assigned from DHCP server. DHCP server is running on SOHO router with the IP address 172.17.100.1/16 (Picture 2).

Picture 2 - Network Topology

GNS3 itself connects the second guest interface ens4 of ClearOS gateway Continue reading