Cara Install Docker Pada Debian Buster 10

Hi All,
Kali ini saya akan menulis catatan cara install docker pada debian 10 / debian buster, kali ini saya gunakan untuk monitoring system, menggunakan sflow. 

# install dependensi yang diperlukan
apt install apt-transport-https ca-certificates curl software-properties-common -y
apt install gnupg gnupg2 -y

# tambahkan repository docker
curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"

# update repository
apt update -y

# install docker
apt install docker-ce -y

ok, kali ini docker telah terinstall, lalu kita set gimana caranya jalankan docker tanpa sudo

usermod -aG docker $USER

Selesai. 
Saat ini saya lanjutkan config sflow terlebih dahulu.

Continue

Clear log otomatis

sekarang coba lihat list file log :

find /var/log/ -type f -regex '.*\.[0-9]+\.gz$'

kl mau delete :

find /var/log/ -type f -regex '.*\.[0-9]+\.gz$' -delete

atur ulang journal :

journalctl --vacuum-time=2days
journalctl --vacuum-size=100M
journalctl --vacuum-files=5
systemctl daemon-reload

nano /etc/systemd/journald.conf

SystemMaxUse=100M

Kemudian reload

systemctl daemon-reload 

Continue

Create vlan di FREEBSD Tanpa Downtime

Kali ini saya akan bagi tips cara create vlan yg aman, tanpa down.
Seperti pada umumnya, kl mau tambah ip, edit, dll kan kita lakukan service netif restart
Itu impact nya adalah semua interface di-restart, maka ada downtime.
Supaya ngga terjadi downtime walau per sekian detik, caranya akan saya jelaskan di bawah. Ini khusus untuk penambahan vlan ya. Simak tips berikut :

Pastikan sudah ditambahkan value berikut ini di /boot/loader.conf

if_vlan_load="YES"

Kemudian, buatlah value di file /etc/rc.conf

cloned_interfaces="vlan605 vlan606 vlan607 vlan608"

#MX80

ifconfig_vlan605="inet 10.60.60.2 netmask 255.255.255.252 vlan 605 vlandev mlxen0"

#CCR1036

ifconfig_vlan605_alias0="inet 10.60.61.2 netmask 255.255.255.252"

#JKTIX

ifconfig_vlan606="inet 10.60.60.6 netmask 255.255.255.252 vlan 606 vlandev mlxen0"

#IIX

ifconfig_vlan607="inet 10.28.75.14 netmask 255.255.255.252 vlan 607 vlandev mlxen0"

#GGC

ifconfig_vlan608="inet 10.60.60.10 netmask 255.255.255.252 vlan 608 vlandev mlxen0"

ifconfig_mlxen0="up"

jika sudah, kemudian lakukan seperti berikut :

root@BSDRouter:~ # service netif start vlan608

Created clone interfaces: vlan608.

Starting Network: vlan608.

vlan608: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

        options=680703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>

        ether 00:02:c9:a3:0d:21

        inet 10.60.60.10 netmask 0xfffffffc broadcast 10.60.60.11

        groups: vlan

        vlan: 608 vlanpcp: 0 parent interface: mlxen0

        media: Ethernet autoselect (40Gbase-CR4 <full-duplex,rxpause,txpause>)

        status: active

        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Cukup mudah bukan ?
Semoga berguna :))

Continue

Bandwidth Traffic Monitoring on FREEBSD

 Ada banyak tool buat monitoring lalu-lintas trafik yg lewat router FreeBSD diantaranya :

systat -ifstat

tcpdump 

netstat 1

bmon

trafshow

trafshow3

iftop

vnstat

dll...

Semoga berguna :))

Continue

Create Loopback Interface FREEBSD

Interface loopback adalah interface internal dalam sebuah router, fungsinya sebagai pref-source untuk mendefinisikan atau mengidentifikasi router itu sendiri. Diantara manfaat penggunaan loopback ip public ini diantaranya :

• hemat ip public, karena point to point peer bgp bisa menggunakan ip private
• jika ada peer bgp yang multipath, dapat berganti ganti dengan tetap mengidentifikasi berdasarkan ip yang tertanam pada interface loopback tadi
• dapat digunakan untuk trobelshoting seperti ping / tracert dengan mencantumkan preference source
• dll.

root@BSDRouter:~ # ifconfig lo1
ifconfig: interface lo1 does not exist
root@BSDRouter:~ # ifconfig lo1 create
root@BSDRouter:~ # ifconfig lo1 up
root@BSDRouter:~ # service netif start lo1
Starting Network: lo1.
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 103.166.11.103 netmask 0xffffffff
        groups: lo
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

jangan lupa simpan biar permanen di /etc/rc.conf

ifconfig_lo1_alias1="inet 103.166.11.103/32"
ifconfig_lo1="up"

Continue

Catatan Bird Config (BIRD.CONF)

Berikut isi file /usr/local/etc/bird.conf 

# Configure logging
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
log stderr all;
#log "tmp" all;

# Override router ID
router id 10.60.60.2;
protocol kernel {

#       learn;                  # Learn all alien routes from the kernel
        persist;                # Don't remove routes on bird shutdown
        scan time 20;           # Scan kernel routing table every 20 seconds
#       import none;            # Default is import all
        export all;             # Default is export none
#       kernel table 5;         # Kernel table to synchronize with (default: main)
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
        scan time 10;           # Scan interfaces every 10 seconds
}

# Static routes (again, there can be multiple instances, so that you
# can disable/enable various groups of static routes on the fly).
protocol static {
#       disabled;               # Disable by default
#       table testable;         # Connect to a non-default table
#       preference 1000;        # Default preference of routes
#       debug { states, routes, filters, interfaces, events, packets };
#       debug all;
#       route 0.0.0.0/0 via 198.51.100.13;
#       route 198.51.100.0/25 unreachable;
#       route 10.0.0.0/8 unreachable;
#       route 10.1.1.0:255.255.255.0 via 198.51.100.3;
#       route 10.1.2.0:255.255.255.0 via 198.51.100.3;
#       route 10.1.3.0:255.255.255.0 via 198.51.100.4;
#       route 10.2.0.0/24 via "arc0";
        route 103.166.141.0/32 via 10.60.60.1;
}

protocol bgp CCR1036 {
        #disabled;
        description "BGP Peer to CCR1036";
        local as 65530;
        neighbor 10.60.60.1 as 139967;
        import filter {
        ##jika no label maka kasih label 65000:5678
        # bgp_community = -empty-; bgp_community = add(bgp_community,(65000,5678));

        ##jika terima aspath 7717 maka kasih tag 50310:7717
        if bgp_path ~ [= * 7717 * =] then
                bgp_community = add(bgp_community,(50310,7717));
        if bgp_path ~ [= * 7597 * =] then
                bgp_community = add(bgp_community,(50310,7597));
        ##jika origin AS7713 maka kasih tag 50310:7713
        if bgp_path ~ [= * 7713 =] then
                bgp_community = add(bgp_community,(50310,7713));
        ##contoh reject AS20940
        #if bgp_path ~ [= * 20940 * =] then reject;
        ##contoh reject prefix 45.126.184.0/22 saja
        #if net ~ [ 45.126.184.0/22 ] then reject;
        ##contoh reject prefix 45.126.184.0/22 sampai prefix terkecil
        #if net ~ [ 45.126.184.0/22+ ] then reject;
        ##contoh reject prefix 45.126.184.0/22 sampai prefix terkecil (cara lain)
        #if net ~ 45.126.184.0/22 then reject;
        ##contoh reject prefix 36.90.0.0/16 sampai prefix terkecil
        #if net ~ 36.90.0.0/16 then reject;
        ##yg matching bgp community 50310:17451 ditambahkan tag 39967:17451
        if (50310,17451) ~ bgp_community then bgp_community.add((39967,17451));
        ##selain diatas maka accept
        accept;
        };
}

Berikut CheatSet untuk trobelshoting masalah routing bgp

root@BSDRouter:~ # birdc
BIRD 1.6.8 ready.
bird> show protocols
name     proto    table    state  since       info
kernel1  Kernel   master   up     23:07:34
device1  Device   master   up     23:07:34
static1  Static   master   up     23:07:34
CCR1036  BGP      master   up     04:44:52    Established
bird>

bird> show protocols all CCR1036
name     proto    table    state  since       info
CCR1036  BGP      master   up     04:44:52    Established
  Description:    BGP Peer to CCR1036
  Preference:     100
  Input filter:   (unnamed)
  Output filter:  REJECT
  Routes:         20994 imported, 0 exported, 20994 preferred
  Route change stats:     received   rejected   filtered    ignored   accepted
    Import updates:         231033          0         18     206404      24611
    Import withdraws:         1430          0        ---       1408         40
    Export updates:          24612      24611          1        ---          0
    Export withdraws:           40        ---        ---        ---          0
  BGP state:          Established
    Neighbor address: 10.60.60.1
    Neighbor AS:      139967
    Neighbor ID:      103.146.185.254
    Neighbor caps:    refresh AS4
    Session:          external AS4
    Source address:   10.60.60.2
    Hold timer:       138/180
    Keepalive timer:  3/60

bird> show route where net ~ 45.126.184.0/22 all

45.126.185.0/24    via 10.60.60.1 on vlan605 [CCR1036 05:24:46] * (100) [AS17451i]
        Type: BGP unicast univ
        BGP.origin: IGP
        BGP.as_path: 139967 17451
        BGP.next_hop: 10.60.60.1
        BGP.local_pref: 100
        BGP.community: (0,32934) (17451,7033) (50310,17451) (39967,17451)
45.126.184.0/24    via 10.60.60.1 on vlan605 [CCR1036 05:24:45] * (100) [AS17451i]
        Type: BGP unicast univ
        BGP.origin: IGP
        BGP.as_path: 139967 17451
        BGP.next_hop: 10.60.60.1
        BGP.local_pref: 100
        BGP.community: (0,32934) (50310,17451) (39967,17451)
45.126.184.0/22    via 10.60.60.1 on vlan605 [CCR1036 05:24:46] * (100) [AS17451?]
        Type: BGP unicast univ
        BGP.origin: Incomplete
        BGP.as_path: 139967 17451
        BGP.next_hop: 10.60.60.1
        BGP.local_pref: 100
        BGP.atomic_aggr:
        BGP.aggregator: 182.253.99.245 AS17451
        BGP.community: (0,32934) (50310,17451) (39967,17451)

bonus aspath delete :

##bgp cut aspath 139967
if (bgp_path ~ [= 139967 * =]) && (bgp_path.last != 139967) then
bgp_path.delete(139967);

##bgp cut aspath 139967 dan 7717
if (bgp_path ~ [= 7717 * =]) then
bgp_path.delete(7717);

Semoga berguna :))

Continue

Create Delete VLAN FreeBSD 12.3-Stable

Sebelumnya, load dulu kernel buat vlan
vi /boot/loader.conf

if_vlan_load=YES

Setelah itu reboot. Sebelum create vlan, perhatikan root interface/ethernet nya apa, di sini saya kasih contoh mlxen0 (Mellanox ConectX-3) 2 Port 40Gbps, ini port manteb bgt buat deploy router. Oh iya, cara load driver nya begini :

kldload mlx4en

Itu hanya bersifat sementara, kalau mau permanen, tambahkan script di /boot/loader.conf lalu reboot

mlx4en_load="YES"

Sekarang tips buat vlan interface. Untuk freebsd versi terbaru, crate vlan lebih mudah, contoh :

root@BSDRouter:~ # ifconfig vlan605 create

root@BSDRouter:~ # ifconfig vlan605 vlan 605 vlandev mlxen0

root@BSDRouter:~ # ifconfig vlan605 inet 10.70.70.2 netmask 255.255.255.252

root@BSDRouter:~ # ifconfig vlan605

vlan605: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

        options=680703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>

        ether 00:02:c9:a3:0d:21

        inet 10.70.70.2 netmask 0xfffffffc broadcast 10.70.70.3

        groups: vlan

        vlan: 605 vlanpcp: 0 parent interface: mlxen0

        media: Ethernet autoselect (40Gbase-CR4 <full-duplex,rxpause,txpause>)

        status: active

        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

Lalu, kalau ingin destroy cukup ketikkan begini:

ifconfig vlan605 destroy

Kalau ingi disable vlan, ketikkan gini :

ifconfig vlan605 down

ok, itu hanya bersifat temporary. Kalau pengen kesimpen dan di load saat booting, pasang script di /etc/rc.conf

cloned_interfaces="vlan605"
ifconfig_vlan605="inet 10.60.60.2 netmask 255.255.255.252 vlan 605 vlandev mlxen0"
ifconfig_mlxen0="up"

setelah itu save, kemudian eksekusi :

service netif restart

Semoga Berguna :-)

Continue