2017 on Rickyhttps://9855cc0f.linzeyan.pages.dev/posts/2017/Recent content in 2017 on RickyHugo -- gohugo.ioenFri, 15 Dec 2017 15:33:14 +0800Representative HTTP Status Codeshttps://9855cc0f.linzeyan.pages.dev/posts/2017/20171215-6844903519447678990/Fri, 15 Dec 2017 15:33:14 +0800https://9855cc0f.linzeyan.pages.dev/posts/2017/20171215-6844903519447678990/<ul> <li><a href="https://juejin.cn/post/6844903519447678990" target="_blank" rel="noopener">Representative HTTP Status Codes</a></li> </ul>Switch noteshttps://9855cc0f.linzeyan.pages.dev/posts/2017/20171125-cisco/Sat, 25 Nov 2017 11:47:37 +0800https://9855cc0f.linzeyan.pages.dev/posts/2017/20171125-cisco/<h4 id="switch">Switch</h4> <p><strong><em>Switches are usually L2 devices</em></strong></p> <ul> <li>They forward packets only to the destination host (based on the MAC table), which reduces collisions and eavesdropping. Switches can also handle packets arriving at the same time, while hubs cannot.</li> </ul> <p><strong><em>Hubs are L1 devices</em></strong></p> <ul> <li>They forward packets from any host to all connected hosts, so collisions happen and cause random retries.</li> </ul> <p><strong><em>MAC Table</em></strong></p> <ol> <li>Learning <ul> <li>A packet arrives on some port (network A) from MAC X destined for MAC Y. The switch records that MAC X is on network A. This is called learning.</li> </ul> </li> <li>Flooding <ul> <li>The switch does not yet know where MAC Y is, so it forwards the packet to all networks except A. This is called flooding.</li> </ul> </li> <li>Forwarding <ul> <li>The host with MAC Y receives the packet and sends an ACK to MAC X. The switch records that MAC Y is on that network, then forwards the ACK to MAC X. This is forwarding.</li> </ul> </li> <li>Filtering <ul> <li>The switch receives a packet and finds that the source and destination MACs are on the same network, so it drops the packet. This is filtering.</li> </ul> </li> <li>Aging <ul> <li>Each MAC-table entry has a timestamp of last access. Entries older than a threshold (configurable) are removed. This is aging.</li> </ul> </li> </ol> <h5 id="vlan">Vlan</h5> <p>Switch interfaces must support 802.1Q</p>Juniper noteshttps://9855cc0f.linzeyan.pages.dev/posts/2017/20171123-juniper/Thu, 23 Nov 2017 16:00:00 +0800https://9855cc0f.linzeyan.pages.dev/posts/2017/20171123-juniper/<h4 id="juniper-firewall-tunnel">[Juniper Firewall] tunnel</h4> <p><strong><em>ACG</em></strong> <code>icare@TWCHIJF01# show | compare rollback 4</code></p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-diff" data-lang="diff"><span style="display:flex;"><span>[edit security policies] </span></span><span style="display:flex;"><span> from-zone DB_12 to-zone TCT_Office { ... } </span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ from-zone DB_12 to-zone JC32 { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ policy For_Backup { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ match { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ source-address DB_10.11.12.0/24; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ destination-address BACKUP_10.32.32.130; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ application any; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ then { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ permit; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e"></span>[edit security zones security-zone DB_12 address-book] </span></span><span style="display:flex;"><span> address DB_10.11.12.57 { ... } </span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ address DB_10.11.12.0/24 10.11.12.0/24; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e"></span>[edit security zones] </span></span><span style="display:flex;"><span> security-zone ESB_15 { ... } </span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ security-zone JC32 { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ address-book { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ address BACKUP_10.32.32.130 10.32.32.130/32; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ host-inbound-traffic { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ system-services { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ ping; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ interfaces { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ gr-0/0/0.32; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e"></span>[edit interfaces gr-0/0/0] </span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ unit 32 { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ description To_JC32_DBBackup; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ tunnel { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ source 202.168.193.128; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ destination 218.253.210.8; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ family inet { </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ address 10.32.0.101/30; </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ } </span></span></span><span style="display:flex;"><span><span style="color:#a6e22e"></span>[edit routing-options static] </span></span><span style="display:flex;"><span> route 0.0.0.0/0 { ... } </span></span><span style="display:flex;"><span><span style="color:#a6e22e">+ route 10.32.32.130/32 next-hop 10.32.0.102; </span></span></span></code></pre></div><pre tabindex="0"><code>set security policies from-zone DB_12 to-zone JC32 policy For_Backup match source-address DB_10.11.12.0/24 set security policies from-zone DB_12 to-zone JC32 policy For_Backup match destination-address BACKUP_10.32.32.130 set security policies from-zone DB_12 to-zone JC32 policy For_Backup match application any set security policies from-zone DB_12 to-zone JC32 policy For_Backup then permit set security zones security-zone DB_12 address-book address DB_10.11.12.0/24 10.11.12.0/24 set security zones security-zone JC32 address-book address BACKUP_10.32.32.130 10.32.32.130/32 set security zones security-zone JC32 host-inbound-traffic system-services ping set security zones security-zone JC32 interfaces gr-0/0/0.32 set interfaces gr-0/0/0 unit 32 description To_JC32_DBBackup set interfaces gr-0/0/0 unit 32 tunnel source 202.168.193.128 set interfaces gr-0/0/0 unit 32 tunnel destination 218.253.210.8 set interfaces gr-0/0/0 unit 32 family inet address 10.32.0.101/30 set routing-options static route 10.32.32.130/32 next-hop 10.32.0.102 </code></pre><p><code>icare@TWCHIJF01&gt; show configuration | compare rollback 1</code></p>Data Center Noteshttps://9855cc0f.linzeyan.pages.dev/posts/2017/20171024-data-center/Tue, 24 Oct 2017 23:17:33 +0800https://9855cc0f.linzeyan.pages.dev/posts/2017/20171024-data-center/<p>First NIC - blue cable</p> <p>Second NIC - green cable</p> <p>Switch interconnect - white cable</p> <p>Yellow, red</p> <p>Storage has disk arrays and heavy data transfer, so it uses fiber connections and fiber switches.</p> <p>Fiber colors:</p> <p>Multi-mode or single-mode fiber</p> <p>Single-mode fiber is yellow. Multi-mode fiber (50μm or 62.5μm) is usually orange. 10GB multi-mode fiber is usually aqua.</p> <p>Common spec distinctions:</p> <ul> <li>OS1, OS2, 9µm, 9/125 = single-mode fiber</li> <li>OM1, 62.5µm, 62.5/125 = 62.5 multi-mode fiber</li> <li>OM2, 50µ, 50/125 = 50 multi-mode fiber</li> <li>OM3, 10GB, 50µm, 50/125 = 10GB multi-mode fiber</li> <li>OM4, 100GB, 50µm, 50/125 = 100GB multi-mode fiber</li> </ul> <p>Fiber structure</p>Route noteshttps://9855cc0f.linzeyan.pages.dev/posts/2017/20170916-route/Sat, 16 Sep 2017 15:00:00 +0800https://9855cc0f.linzeyan.pages.dev/posts/2017/20170916-route/<p>Router - a device that is good at computing routing tables, an L3 device.</p> <p>Routing Table</p> <ul> <li>A NIC with one IP naturally has two routes and they cannot be changed. 192.168.1.1/24 <ul> <li>Itself. Local route / Host route: 192.168.1.1/32</li> <li>The whole subnet. Direct route / Connect route: 192.168.1.0/24</li> </ul> </li> <li>You can add as many static routes as you want. <ul> <li>172.10.10.10/24 -&gt; 192.168.1.2</li> <li>2.2.2.2/26 -&gt; 192.168.1.9</li> <li>&hellip;</li> </ul> </li> <li>Default route - only one gateway. <ul> <li>0.0.0.0/0 -&gt; 192.168.1.10</li> </ul> </li> <li>More specific routes take precedence.</li> <li>BGPv4</li> </ul>Arp noteshttps://9855cc0f.linzeyan.pages.dev/posts/2017/20170903-arp/Sun, 03 Sep 2017 15:00:00 +0800https://9855cc0f.linzeyan.pages.dev/posts/2017/20170903-arp/<p>Before a packet is sent</p> <ul> <li>Look up the MAC for the IP in the ARP table <ul> <li>MAC found - encapsulate</li> <li>No MAC - broadcast <ul> <li>Same subnet - OK</li> <li>Different subnet - look up the router MAC in the ARP table <ul> <li>Found - OK</li> <li>Not found - broadcast</li> </ul> </li> </ul> </li> </ul> </li> </ul>