K3S ISP Deployment – MetalLB

Problem definition: As an ISP multiple services are run to offer to customers (DNS, NTP, etc.). A simple docker compose of this is available at https://github.com/dmcken/docker-composer-templates/blob/main/dns-ntp/docker-compose.yml. We have multiple PoPs and usually anycast these addresses throughout the network to spread load / provide redundancy. The anycasting monitoring can be done via custom scripts (ExaBGP, FRR) … Read More

Docker for an ISP

How to build an entire ISP management system on a single docker host? Mandatory Services: NTP: Docker container: DNS: DHCP: Netbox – Network Documentation: Optional Services: Netflow: Management services: Random management scripts / connectors. Done Local Docker Cache: https://docs.docker.com/registry/recipes/mirror/ full list of daemon.json options can be found here https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-configuration-file Disabling DNS daemon on Ubuntu: https://www.linuxuprising.com/2020/07/ubuntu-how-to-free-up-port-53-used-by.html

Mikrotik OSPF Redistribution

Problem definition: The Mikrotik OSPF software allows you to specify that you wish to redistribute certain types of routes (e.g. connected or static). What may not be easily obvious is controlling said redistribution (similar to route-maps in Cisco and export policies in Juniper). We will create an out filter to control the redistribution of these … Read More

Juniper IRR ASN route-filters

Problem definition: We need to define routing policies for filtering received from BGP peers for our Juniper routers. Most ISPs publish their prefixes and routing policies via IRRs. We can use bgpq4 to read this information and produce the config snippets. Lets try for Google IPv4: Now lets repeat for IPv6: Now lets go load … Read More

Wrong gateway set on a device

Problem definition: You have a device with the wrong gateway set on it and its a bit far to just walk up to it and login to fix. This assumes you can’t temporarily get a device to act like the gateway and other tricks don’t work. So if from your router you can ping the … Read More

NetCat proxy

Problem definition: You are locked out of a device for some reason but can get to it from your router which for some reason has netcat installed (in my case EdgeRouter) So while this works with some systems at least to view the device config, some devices like Ubiquiti’s SolarSwitch seem to do some “weird … Read More

Random Python one liner – #1

Problem definition: Looking at https://wiki.mikrotik.com/wiki/Manual:Spanning_Tree_Protocol I wanted to see the hex values for the list of priority values 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 Output: Building it didn’t take much.

Juniper logical systems

My notes on how to work with logical systems on JunOS. Base config: Setting and clearing default logical system: You now no longer need to keep specifying the logical-system and use commands as if there was no logical system in use. Thus far most commands seem to lose the logical-system option while you have a … Read More