Using TShark Filter for Packet Capture on Vyatta 5600

Vyatta 5600 provides Tshark as the packet capture tool. To capture your interested traffic and remove unnessary nosiy traffic, you need to use the capture filter when you perform the packet capture. Here I show you a few real world example for tshark capture filter, which hope can save you a bit of time. Capture …

Continue reading Using TShark Filter for Packet Capture on Vyatta 5600

Run scripts on Vyatta

Recently, I met an "issue" with running scripts on Vyatta. In one of my Softlayer solutions, I define "backup" and "master" run-transition-scripts to control the routing path selection for HA when Vyatta change VRRP role from "master" to "backup" or "backup" to "master" set interfaces ethernet eth1 vrrp vrrp-group 1 run-transition-scripts backup '/config/scripts/vrrpbackup'  set interfaces ethernet …

Continue reading Run scripts on Vyatta

eBGP running over GRE on Brocade Vyatta OS

On Softlayer, Vyatta 6.x Subscription Edition (64 bit) is offered. This subscription version Vyatta OS is provided by Brocade. The latest version of Brocade Vyatta OS is VSE6.7R5S1. Today, I just met another "difference" between Vyatta OS and other traditional vendors like Cisco and Juniper. The difference is on eBGP over GRE tunnel. Like Cisco and Juniper, …

Continue reading eBGP running over GRE on Brocade Vyatta OS

Vyatta VTI IPSec to Cisco IOS router

Today, I will show how to build site to site IPSec VPN between Vyatta and Cisco IOS router by use of Vyatta Virtual tunnel interface. Below is the network topology for our configuration. NOTE: we will use VTI IPSec on Cisco IOS router. Vyatta Cisco IOS Routter Ethernet Interface set interfaces ethernet eth0 address '192.168.107.88/24' set interfaces …

Continue reading Vyatta VTI IPSec to Cisco IOS router

Vyatta Virtuanl Tunnel Interface for Site to Site IPSec

In the newer version of Vyatta like 6.x, a new Virtuanl Tunnel Interface (VTI) is introduced for Site to Site IPSec. A virtual tunnel interface provides a termination point for a site-to-site IPsec VPN tunnel and allows it to behave like other routable interfaces. In addition to simplifying the IPsec configuration, it enables many common capabilities …

Continue reading Vyatta Virtuanl Tunnel Interface for Site to Site IPSec

Mostly used Vyatta CLI

Here, I list all of my mostly used Vyatta CLI here.   Firewall session table: show conntrack table ipv4 SNAT translation table: show nat source translations  DNAT translation table: show nat destination translations Interface information: show interfaces detail Packet capture: tshark -i eth1 IPSec VPN Phase1: show vpn ike sa IPSec VPN Phase2: show vpn ipsec sa Check Natting Log: show …

Continue reading Mostly used Vyatta CLI

How to upgrade Vyatta OS on Softlayer Vyatta gateway

Sometimes upgrading Vyatta OS to newer version is required for bug fix or security patch. Vyatta OS upgrading on Softlayer is quite straightforward.   Step 1: Log in Vyatta gateway SLI and issue the command below: $add system image http://mirrors.service.softlayer.com/brocade/vyatta-SL_VS6.7R6_amd64_vrrpFix.iso You can get the link from Softlayer After answer a few of quesions (Always Say …

Continue reading How to upgrade Vyatta OS on Softlayer Vyatta gateway