InfluxDB IfHCInOctets Query


Some basic SQL for InfluxDB to fetch the SNMP ifHCInOctets from a table and show them as per minute Mbit/S, hope it helps you make beautiful graphs

select (8*derivative(mean(ifHCInOctets)) / 60)/1024 as value  from ifHCInOctets where time > now() - 1d and host = '172.16.1.13' and instance = 'pppoe0' GROUP BY time(1m)

172.16.1.13 is some router of course (we poll VyOS devices) and ‘pppoe0’ is an interface (could be eth0,eth1 etc etc)

Cheers

J

Screenshot from 2016-03-26 18:03:54

VyOS Backup


Want to make backups of your VyOS router/firewall, This little script might help, It takes the config and converts it into set commands for easy restore on another box. We push it to an RSYNC on a ZFS/Nexenta server, but you put it anywhere as you like. Schedule it through Cron or better through the system task scheduler.

Don’t forget to use the commit archive to record your changes for the audit trails, like so :

set system config-management commit-archive location 'scp://admin:<password>@x.x.x.x/volumes/pool1/backup/vyos'

VyOS backup.sh Script: (store in /config/scripts/backup/ and do not forget to make it executable : chmod +x /config/scripts/backup/backup.sh)

# Vyos (1.6) Backup Script (jkool@integrative.it)
# Fetch me with scp root@x.x.x.x:/volumes/pool1/backup/vyos/backup.sh /config/scripts/backup/backup.sh
# Keep 5 versions local 
#
# Schedule with:
#
# set system task-scheduler task backup executable path '/config/scripts/backup/backup.sh'
# set system task-scheduler task backup interval '8h'

h=$(hostname)
d=$(date +"%Y%m%d%H%M")
dest=192.168.1.200::pool1_backup/vyos
scripts=/config/scripts/backup

cd $scripts

tar -czf $scripts/backup-auth-$h-$d.tar.gz /config/auth
/opt/vyatta/sbin/vyatta-config-gen-sets.pl > $scripts"/backup-config-"$h"-"$d".txt"

ls -F backup-config-$h*.txt | head -n -5 | xargs rm
ls -F backup-auth-$h*.tar.gz | head -n -5 | xargs rm

rsync $scripts/backup-config-$h-$d.txt $dest/$h
rsync $scripts/backup-auth-$h-$d.tar.gz $dest/$h



VyOS on a PCCW PPPoE link


Man am I annoyed!, when moving some internet connections off WharfTT to PCCW (as they promised us better site to site connectivity between Macau and Hong Kong) We got their stupendous PPPoE type connections instead of just a plain old Ethernet link.

What does that matter you might think, but with these PPPoE connections you need to screw your MTU down to 1492 to allow for the PPP overhead, and even worse, if you are using VyOS (or any other Linux Kernel based router/firewall for that matter) like we are, you would need to Clamp your MSS. And of course you will only find out how to do that when emails stop flowing in and internet connections crawl to halt.

So to save you some time,.. for VyOS (My favorite flavor of opensource routers) you do the following

Edit the file:

/config/scripts/vyatta-postconfig-bootup.script

And add the following line

iptables -t mangle -I POSTROUTING 1 -p tcp -o pppoe0 --tcp-flags SYN SYN -j TCPMSS --set-mss 1412

You would need to hack this since VyOS (using 1.6 now) does still not come with a modify (mangle) class in the firewall configuration.

For good measure, your VyOS firewalls are of course bound to the PPPoE interface like so.

ethernet eth1 {
 duplex auto
 hw-id 00:1c:c0:f1:d2:c5
 pppoe 0 {
 default-route auto
 firewall {
 in {
 name pppoe-in
 }
 local {
 name pppoe-local
}
out {
name pppoe-out
}