You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org
Network cheat sheet: Difference between revisions
Jump to navigation
Jump to search
imported>Deepwaterdiver m (→Juniper) |
imported>Ema |
||
| Line 1: | Line 1: | ||
== | == SSH access to network equipment == | ||
WMF routers and switches follow the [[Infrastructure_naming_conventions]]. | |||
For example, the hostnames of eqiad core routers are cr1-eqiad.wikimedia.org | |||
and cr2-eqiad.wikimedia.org: | |||
<pre> | <pre> | ||
ssh cr1-eqiad.wikimedia.org | |||
</pre> | |||
Access switches are named asw-${rownum}-${dc}.mgmt.${dc}.wmnet. Hence, row b | |||
switches in eqiad and codfw can be accessed as follows: | |||
<pre> | |||
ssh asw-b-eqiad.mgmt.eqiad.wmnet | |||
ssh asw-b-codfw.mgmt.codfw.wmnet | |||
</pre> | |||
== Matching hosts with switches == | |||
To find out which cache hosts are connected on codfw's row c: | |||
show | <pre> | ||
ema@asw-c-codfw> show interfaces descriptions | match cp | |||
xe-2/0/3 up up cp2013 | |||
xe-2/0/4 up up cp2014 | |||
xe-2/0/5 up up cp2015 | |||
xe-7/0/3 up up cp2016 | |||
xe-7/0/4 up up cp2017 | |||
xe-7/0/5 up up cp2018 | |||
</pre> | |||
Interfaces names, reported in the first column, follow [https://www.juniper.net/documentation/en_US/junos14.1/topics/concept/interfaces-naming-conventions.html Juniper's interfaces naming convention]. The first part of the interface name, '''xe''' in the examples above, is the media type. '''xe''' stands for 10 Gigabit Ethernet interface, other options would have been '''ge''' for Gigabit Ethernet and '''et''' for 40 Gigabit Ethernet. The second part is the FPC, which allows us to find out the specific switch to with the host is connected. The first three hosts (cp2013, cp2014 and cp2015) are on c2 (xe-2), while cp2016, cp2017 and cp2018 are on c7 (xe-7). The last number represents the port number. | |||
[https://racktables.wikimedia.org/index.php?page=rackspace Racktables] also allows to check the mapping between switches and hostnames. | |||
== Juniper == | == Juniper == | ||
| Line 79: | Line 73: | ||
* top - takes you to the top level of config mode | * top - takes you to the top level of config mode | ||
* show - shows you configuration below that level | * show - shows you configuration below that level | ||
== Foundry == | |||
Unlike juniper all operational (like show) commands work in configuration mode. | |||
Foundries don't take ssh keys and need passwords. boo! | |||
<pre> | |||
show interfaces brief - shows interfaces with status, speed, and description (port-name) | |||
Port Link L2 State Dupl Speed Trunk Tag Priori MAC Name | |||
1/1 Up Forward Full 1G None No level0 0012.f2c5.5600 db63 | |||
1/2 Up Forward Full 1G None No level0 0012.f2c5.5600 db64 | |||
| include - grep | |||
sh mac-address - shows mac addresses | |||
sh mac-address ethernet x/x - shows mac for interface x/x | |||
conf t - configuration mode | |||
SSH@csw1-sdtpa(config)# | |||
show run - shows configuration | |||
int ether 12/1 - go into configuration for that interface | |||
port-name - assigns description | |||
disable - turns port off | |||
enable - turns port on | |||
exit - moves you up a level | |||
after configuration - ALWAYS type "write mem" | |||
must do write mem OUT of config mode | |||
write mem - saves to hard drive the config, incase the box reboots | |||
in conf mode - | |||
Foundries configure immediately - when you've typed the command, it's live! | |||
vlan 2 - moves into vlan 2's configuration mode | |||
unt eth X/X - puts X/X into that vlan as untagged | |||
no unt eth X/x - takes X/X out of vlan | |||
</pre> | |||
if you get the error "error - port ethe 1/25 do not belong to default vlan" that means the port is in another vlan and must be removed first | |||
[[Category:Network]] | |||
Revision as of 21:27, 21 January 2017
SSH access to network equipment
WMF routers and switches follow the Infrastructure_naming_conventions.
For example, the hostnames of eqiad core routers are cr1-eqiad.wikimedia.org and cr2-eqiad.wikimedia.org:
ssh cr1-eqiad.wikimedia.org
Access switches are named asw-${rownum}-${dc}.mgmt.${dc}.wmnet. Hence, row b switches in eqiad and codfw can be accessed as follows:
ssh asw-b-eqiad.mgmt.eqiad.wmnet ssh asw-b-codfw.mgmt.codfw.wmnet
Matching hosts with switches
To find out which cache hosts are connected on codfw's row c:
ema@asw-c-codfw> show interfaces descriptions | match cp xe-2/0/3 up up cp2013 xe-2/0/4 up up cp2014 xe-2/0/5 up up cp2015 xe-7/0/3 up up cp2016 xe-7/0/4 up up cp2017 xe-7/0/5 up up cp2018
Interfaces names, reported in the first column, follow Juniper's interfaces naming convention. The first part of the interface name, xe in the examples above, is the media type. xe stands for 10 Gigabit Ethernet interface, other options would have been ge for Gigabit Ethernet and et for 40 Gigabit Ethernet. The second part is the FPC, which allows us to find out the specific switch to with the host is connected. The first three hosts (cp2013, cp2014 and cp2015) are on c2 (xe-2), while cp2016, cp2017 and cp2018 are on c7 (xe-7). The last number represents the port number.
Racktables also allows to check the mapping between switches and hostnames.
Juniper
Junipers take ssh keys. huzzah!
Juniper has operational mode and configuration mode.
operational mode -
{master:8}
lcarr@asw-a-eqiad>
configuration mode -
{master:8}[edit]
lcarr@asw-a-eqiad#
Operational commands
show ethernet-switching table - shows mac addresses show ethernet-switching table interface - shows mac addresses for that interface show ethernet-switching table vlan - shows mac addresses for vlan show interfaces descriptions - Interface Admin Link Description ge-1/0/0 up up ms1001 show interfaces terse - shows interfaces with ip's in a very short format show interface ge-1/0/0 (extensive)- shows interfaces in more detail monitor interface xe-1/1/0 - shows interface in a real-time updating mode (errors, bits, etc) show log messages | last 20 - shows log with info
Config commands
Junipers configure after you confirm - you can configure and then double check
- configure - puts you in config mode
- exit - takes you up one level (or out of) config mode
- top - takes you to the top level of config mode
- show - shows you configuration below that level
Foundry
Unlike juniper all operational (like show) commands work in configuration mode.
Foundries don't take ssh keys and need passwords. boo!
show interfaces brief - shows interfaces with status, speed, and description (port-name) Port Link L2 State Dupl Speed Trunk Tag Priori MAC Name 1/1 Up Forward Full 1G None No level0 0012.f2c5.5600 db63 1/2 Up Forward Full 1G None No level0 0012.f2c5.5600 db64 | include - grep sh mac-address - shows mac addresses sh mac-address ethernet x/x - shows mac for interface x/x conf t - configuration mode SSH@csw1-sdtpa(config)# show run - shows configuration int ether 12/1 - go into configuration for that interface port-name - assigns description disable - turns port off enable - turns port on exit - moves you up a level after configuration - ALWAYS type "write mem" must do write mem OUT of config mode write mem - saves to hard drive the config, incase the box reboots in conf mode - Foundries configure immediately - when you've typed the command, it's live! vlan 2 - moves into vlan 2's configuration mode unt eth X/X - puts X/X into that vlan as untagged no unt eth X/x - takes X/X out of vlan
if you get the error "error - port ethe 1/25 do not belong to default vlan" that means the port is in another vlan and must be removed first