You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Network cheat sheet

From Wikitech-static
Revision as of 21:27, 21 January 2017 by imported>Ema (→‎Matching hosts with switches)
Jump to navigation Jump to search

SSH access to network equipment

WMF routers and switches follow the Infrastructure_naming_conventions.

For example, the hostnames of eqiad core routers are cr1-eqiad.wikimedia.org and cr2-eqiad.wikimedia.org:

ssh cr1-eqiad.wikimedia.org

Access switches are named asw-${rownum}-${dc}.mgmt.${dc}.wmnet. Hence, row b switches in eqiad and codfw can be accessed as follows:

ssh asw-b-eqiad.mgmt.eqiad.wmnet
ssh asw-b-codfw.mgmt.codfw.wmnet

Matching hosts with switches

To find out which cache hosts are connected on codfw's row c:

ema@asw-c-codfw> show interfaces descriptions | match cp 
xe-2/0/3        up    up   cp2013
xe-2/0/4        up    up   cp2014
xe-2/0/5        up    up   cp2015
xe-7/0/3        up    up   cp2016
xe-7/0/4        up    up   cp2017
xe-7/0/5        up    up   cp2018

Interfaces names, reported in the first column, follow Juniper's interfaces naming convention. The first part of the interface name, xe in the examples above, is the media type. xe stands for 10 Gigabit Ethernet interface, other options would have been ge for Gigabit Ethernet and et for 40 Gigabit Ethernet. The second part is the FPC, which allows us to find out the specific switch to with the host is connected. The first three hosts (cp2013, cp2014 and cp2015) are on c2 (xe-2), while cp2016, cp2017 and cp2018 are on c7 (xe-7). The last number represents the port number.

Racktables also allows to check the mapping between switches and hostnames.

Juniper

Junipers take ssh keys. huzzah!

Juniper has operational mode and configuration mode.

operational mode - 
{master:8}       
lcarr@asw-a-eqiad> 
configuration mode - 
{master:8}[edit]
lcarr@asw-a-eqiad# 

Operational commands

show ethernet-switching table  - shows mac addresses
show ethernet-switching table interface - shows mac addresses for that interface
show ethernet-switching table vlan  - shows mac addresses for vlan
show interfaces descriptions - 
Interface       Admin Link Description
ge-1/0/0        up    up   ms1001

show interfaces terse - shows interfaces with ip's in a very short format

show interface ge-1/0/0 (extensive)- shows interfaces in more detail

monitor interface xe-1/1/0 - shows interface in a real-time updating mode (errors, bits, etc)

show log messages | last 20 - shows log with info

Config commands

Junipers configure after you confirm - you can configure and then double check

  • configure - puts you in config mode
  • exit - takes you up one level (or out of) config mode
  • top - takes you to the top level of config mode
  • show - shows you configuration below that level

Foundry

Unlike juniper all operational (like show) commands work in configuration mode.

Foundries don't take ssh keys and need passwords. boo!

show interfaces brief - shows interfaces with status, speed, and description (port-name)
Port  Link    L2 State  Dupl Speed Trunk Tag Priori MAC            Name           
1/1   Up      Forward   Full 1G    None  No  level0 0012.f2c5.5600 db63           
1/2   Up      Forward   Full 1G    None  No  level0 0012.f2c5.5600 db64   

| include - grep

sh mac-address - shows mac addresses
sh mac-address ethernet x/x - shows mac for interface x/x

conf t - configuration mode
SSH@csw1-sdtpa(config)#

show run - shows configuration

int ether 12/1 - go into configuration for that interface

port-name - assigns description
disable - turns port off
enable - turns port on
exit - moves you up a level

after configuration - ALWAYS type "write mem" 
must do write mem OUT of config mode
write mem - saves to hard drive the config, incase the box reboots

in conf mode - 
Foundries configure immediately - when you've typed the command, it's live!
vlan 2 - moves into vlan 2's configuration mode
unt eth X/X - puts X/X into that vlan as untagged
no unt eth X/x - takes X/X out of vlan
 

if you get the error "error - port ethe 1/25 do not belong to default vlan" that means the port is in another vlan and must be removed first