DOCSLIB.ORG

Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers First Published: 2016-11-01 Last Modified: 2021-07-30 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. All printed copies and duplicate soft copies of this document are considered uncontrolled. See the current online version for the latest version. Cisco has more than 200 offices worldwide. Addresses and phone numbers are listed on the Cisco website at www.cisco.com/go/offices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R) © 2016–2021 Cisco Systems, Inc. All rights reserved. Changes to This Document This table lists the technical changes made to this document since it was first released. Table 1: Changes to This Document Date Summary July 2021 Republished for Cisco IOS XR Release 7.4.1 August 2019 Republished for Cisco IOS XR Release 7.0.1 March 2018 Republished for Cisco IOS XR Releases 6.4.1 and 6.3.2. September 2017 Republished for Cisco IOS XR Release 6.3.1. July 2017 Republished for Cisco IOS XR Release 6.2.2. November 2016 Republished for Cisco IOS XR Release 6.1.2. December 2015 First release for Cisco IOS XR Release 6.0.0. • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager. • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services. • To submit a service request, visit Cisco Support. • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace. • To obtain general networking, training, and certification titles, visit Cisco Press. • To find warranty information for a specific product or product family, access Cisco Warranty Finder. Cisco Bug Search Tool Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software. © 2016–2021 Cisco Systems, Inc. All rights reserved. CONTENTS Changes to This Document vii CHAPTER 1 New and Changed Feature Information 1 New and Changed Application Hosting Features 1 CHAPTER 2 Getting Started with Application Hosting 3 Need for Application Hosting 3 Deep Dive Into Application Hosting 4 Application Hosting on the Cisco IOS XR Linux Shell 5 Accessing the Third-Party Network Namespace on Cisco IOS XR Linux Shell 6 Accessing Global VRF on the Cisco IOS XR Linux Shell 11 Getting Started with Using Vagrant for Application Hosting 15 Accessing Global VRF on the Cisco IOS XR Linux Shell by Using a Vagrant Box 16 Applying Bootstrap Configuration to Cisco IOS XR by Using a Vagrant Box 20 CHAPTER 3 Accessing the Networking Stack 27 Communication Outside Cisco IOS XR 27 East-West Communication for Third-Party Applications 29 CHAPTER 4 Hosting Applications on IOS XR 31 Types of Application Hosting 31 Native Application Hosting 32 Setting Up the Build Environment 34 Creating a Native Build Environment Using QEMU Hypervisor 34 Creating a Cross-Build Environment Using the SDK Shell Script 34 Building Native RPMs 36 Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers v Contents Running iPerf as a Native Application 38 Container Application Hosting 40 Running iPerf as a Container Application 42 Using Docker for Hosting Applications on Cisco IOS XR 44 Using Vagrant for Hosting Applications 45 Setting up an Application Development Topology By Using Vagrant 46 Deploying an Application Development Topology by Using Vagrant 48 Hosting a Wind River Linux (WRL7) Application Natively By Using Vagrant 52 Hosting an Application within a Linux Container (LXC) by Using Vagrant 58 Installing Docker on Cisco IOS XR By Using Vagrant 72 CHAPTER 5 Hosting Applications Using Configuration Management Tools 75 Using Chef for Configuring Cisco IOS XR 75 Installing and Configuring the Chef Client 76 Creating a Chef Cookbook with Recipes 78 Using Puppet for Configuring Cisco IOS XR 79 Installing and Configuring the Puppet Agent 81 Creating a Puppet Manifest 82 CHAPTER 6 Use Cases: Application Hosting 85 Running a Telemetry Receiver in a Linux Container (LXC) 85 Use Cases on Vagrant: Container Application Hosting 89 OSPF Path Failover by Running iPerf with Netconf on Vagrant 90 Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers vi Changes to This Document This table lists the technical changes made to this document since it was first released. Table 2: Changes to This Document Date Summary July 2021 Republished for Cisco IOS XR Release 7.4.1 August 2019 Republished for Cisco IOS XR Release 7.0.1 March 2018 Republished for Cisco IOS XR Releases 6.4.1 and 6.3.2. September 2017 Republished for Cisco IOS XR Release 6.3.1. July 2017 Republished for Cisco IOS XR Release 6.2.2. November 2016 Republished for Cisco IOS XR Release 6.1.2. December 2015 First release for Cisco IOS XR Release 6.0.0. Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers vii Changes to This Document Changes to This Document Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers viii CHAPTER 1 New and Changed Feature Information This section lists all the new and changed features for the Application Hosting Configuration Guide. • New and Changed Application Hosting Features, on page 1 New and Changed Application Hosting Features This section describes the new and changed application hosting features for Cisco IOS XR. Application Hosting Features Added or Modified Table 3: New and Changed Features Feature Description Introduced/Changed in Where Documented Release No new features were None Release 6.5.2 NA added. No new features were None Release 6.6.2 NA added. No new features were None Release 7.0.1 NA added. No new features were None Release 7.4.1 NA added. Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers 1 New and Changed Feature Information New and Changed Application Hosting Features Application Hosting Configuration Guide for Cisco ASR 9000 Series Routers 2 CHAPTER 2 Getting Started with Application Hosting This section introduces application hosting and the Linux environment used for hosting applications on the Cisco IOS XR Operating System. • Need for Application Hosting, on page 3 • Deep Dive Into Application Hosting, on page 4 • Application Hosting on the Cisco IOS XR Linux Shell, on page 5 • Getting Started with Using Vagrant for Application Hosting, on page 15 Need for Application Hosting Over the last decade, there has been a need for a network operating system that supports operational agility and efficiency through seamless integration with existing tool chains. Service providers have been looking for shorter product cycles, agile workflows, and modular software delivery; all of these can be automated efficiently. The 64-bit Cisco IOS XR that replaces the older 32-bit QNX version meets these requirements. It does that by providing an environment that simplifies the integration of applications, configuration management tools, and industry-standard zero touch provisioning mechanisms. The 64-bit IOS XR matches the DevOps style workflows for service providers, and it has an open internal data storage system that can be used to automate the configuration and operation of the device hosting an application.
Recommended publications
  • Cisco Router Block Wan Request

    Cisco Router Block Wan Request

    Cisco Router Block Wan Request Equalitarian Fletcher sometimes daggled any aftershock unchurch conceptually. Computational Felix never personifies so proficiently or blame any pub-crawl untunably. Precedential and unsupervised Scott outspoke while cephalic Ronny snag her midlands weak-mindedly and kotows unsafely. Can you help me? Sometime this edge can become corrupted and needs to be cleared out and recreated. Install and Tuning Squid Proxy Server for Windows. Developed powerful partnerships with each physical network address on wan request. Lot we need to wan request to establish a banner for each nic ip blocks java applets that you find yourself having different. Proxy will obscure any wan cisco require a banner for yourself inside network address in its child and password: select os of attacks? Authorized or https, follow instructions below and see if a cisco and share your isp and sends vrrp advertisements, surf a traveling businesswoman connects after migration done on. Iax trunk on vpn for ospf network devices and how will have three profiles to be found over time a routing towards internet security profile. Pfsense box blocks as your wan cisco router request cisco router block wan requests specifically for commenting. Centralize VLAN, outbound policy, firewall rules, configuration profiles and more in minutes. Uncheck block cisco router wan request check box displays detailed statistics: wan request through our go. Fragmentation is choppy and asa would be the cisco request to content; back of connect wan rules for outside world? Is to configure static content on the result in theory this may block cisco wan router request check out ping requests.
  • AWS Site-To-Site VPN User Guide AWS Site-To-Site VPN User Guide

    AWS Site-To-Site VPN User Guide AWS Site-To-Site VPN User Guide

    AWS Site-to-Site VPN User Guide AWS Site-to-Site VPN User Guide AWS Site-to-Site VPN: User Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon. AWS Site-to-Site VPN User Guide Table of Contents What is Site-to-Site VPN ..................................................................................................................... 1 Concepts ................................................................................................................................... 1 Working with Site-to-Site VPN ..................................................................................................... 1 Site-to-Site VPN limitations ......................................................................................................... 2 Pricing ...................................................................................................................................... 2 How AWS Site-to-Site VPN works ........................................................................................................ 3 Site-to-Site VPN Components .....................................................................................................
  • IOS XR Attestation Trust Me, Or Trust Me Not?

    IOS XR Attestation Trust Me, Or Trust Me Not?

    IOS XR Attestation Trust me, or Trust me not? Dan Backman, Portfolio Architect @jonahsfo BRKSPG-1768 Cisco Webex Teams Questions? Use Cisco Webex Teams to chat with the speaker after the session How 1 Find this session in the Cisco Events Mobile App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Agenda • Risks to the Network Infrastructure • Measuring and Validating Trust in Cisco IOS-XR routers • New commands for Trust Integrity Measurement in IOS XR • Building a Service to Report on Trust Evidence • Conclusion BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4 Trusted Platform “Integrity, not just security.” © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public “Network devices are ideal targets. Most or all organizational and customer traffic must traverse these critical devices.” Source: US-CERT Alert (TA18-106A) Original release date: April 16, 2018 “The Increasing Threat to Network Infrastructure Devices and Recommended Mitigations.” Source: US-CERT Alert (TA16-250A) Original release date: Sep 6, 2016 BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 Growing Concerns for Service Providers Targeted attacks on Critical Infrastructure Impact on Economy Untrusted Locations Complex to Manage BRKSPG-2415 © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 7 How do I know my device has not been compromised? What is Trustworthy and Why Does It Matter? To build a trustworthy platform The network infrastructure must be constructed on a platform of trustworthy technologies to ensure devices operating are authentic and can create verifiable evidence that they have not been altered.
  • Glossaire Des Protocoles Réseau

    Glossaire Des Protocoles Réseau

    Glossaire des protocoles réseau - EDITION LIVRES POUR TOUS - http://www.livrespourtous.com/ Mai 2009 A ALOHAnet ALOHAnet, également connu sous le nom ALOHA, est le premier réseau de transmission de données faisant appel à un média unique. Il a été développé par l'université d'Hawaii. Il a été mis en service en 1970 pour permettre les transmissions de données par radio entre les îles. Bien que ce réseau ne soit plus utilisé, ses concepts ont été repris par l'Ethernet. Histoire C'est Norman Abramson qui est à l'origine du projet. L'un des buts était de créer un réseau à faible coût d'exploitation pour permettre la réservation des chambres d'hôtels dispersés dans l'archipel d'Hawaï. Pour pallier l'absence de lignes de transmissions, l'idée fut d'utiliser les ondes radiofréquences. Au lieu d'attribuer une fréquence à chaque transmission comme on le faisait avec les technologies de l'époque, tout le monde utiliserait la même fréquence. Un seul support (l'éther) et une seule fréquence allaient donner des collisions entre paquets de données. Le but était de mettre au point des protocoles permettant de résoudre les collisions qui se comportent comme des perturbations analogues à des parasites. Les techniques de réémission permettent ainsi d'obtenir un réseau fiable sur un support qui ne l'est pas. APIPA APIPA (Automatic Private Internet Protocol Addressing) ou IPv4LL est un processus qui permet à un système d'exploitation de s'attribuer automatiquement une adresse IP, lorsque le serveur DHCP est hors service. APIPA utilise la plage d'adresses IP 169.254.0.0/16 (qu'on peut également noter 169.254.0.0/255.255.0.0), c'est-à-dire la plage dont les adresses vont de 169.254.0.0 à 169.254.255.255.
  • Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide, Release 6.X First Published: 2013-11-20 Last Modified: 2014-09-26

    Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide, Release 6.X First Published: 2013-11-20 Last Modified: 2014-09-26

    Cisco Nexus 9000 Series NX-OS Fundamentals Configuration Guide, Release 6.x First Published: 2013-11-20 Last Modified: 2014-09-26 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • Cisco IOS XR Software Release

    Cisco IOS XR Software Release

    CISCO CRAFT WORKS INTERFACE QUICK START GUIDE Cisco IOS XR Software Release 3.5 1 Introduction 2 About CWI 3 Prerequisites 4 Configuring the Router and CWI Client 5 Installing, Launching, and Uninstalling CWI 6 Getting Started with CWI 7 Reference Information 8 Obtaining Documentation, Obtaining Support, and Security Guidelines 1 Introduction This document introduces Craft Works Interface (CWI) that supports Cisco IOS XR Software Release 3.5. Note This document refers to CWI managing devices. For Cisco IOS XR software, the devices can be any or all of the secure domain routers (SDRs) of which your Cisco IOS XR system is composed. Related Documentation See the following list for related documents that may be useful: • Cisco Craft Works Interface User Guide • Cisco Craft Works Interface Online Help Intended Audience This document is intended for experienced service provider administrators, Cisco telecommunication management engineers, and third-party field service technicians who have completed the required Cisco router training sessions. 2 About CWI CWI is a powerful, session-based tool that allows you to manage, monitor, and configure a single device or a network of devices. CWI is designed to operate in as many situations as possible. Using CWI you can: • Connect to the devices in several ways through a serial port, a terminal server, or an IP-based method, such as Telnet, SSH, or CORBA. • Run Windows, Macintosh, and Linux clients. • Connect to devices with or without XML or command-line interface (CLI) capabilities. • Display both the administrative (admin) plane and device plane for Cisco IOS XR devices. CWI offers a selection of CLI- and graphic-based tools from which you can perform management tasks.
  • Cisco CRS-1 SIP and SPA Configuration Guide Cisco IOS XR Software Release 3.3

    Cisco CRS-1 SIP and SPA Configuration Guide Cisco IOS XR Software Release 3.3

    R3.3 Beta Draft—Cisco Confidential Information Cisco CRS-1 SIP and SPA Configuration Guide Cisco IOS XR Software Release 3.3 Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 526-4100 Text Part Number: OL-7110-03 R3.3 Beta Draft—Cisco Confidential Information THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
  • Cisco IOS XR Memory Forensics Analysis

    Cisco IOS XR Memory Forensics Analysis

    Cisco IOS XR memory forensics analysis Solal Jacob Agence Nationale de la Sécurité des Systèmes d’Information 2019 TOC I I- IOS XR internals & forensics analysis I II - Attack simulation I III - Detection ANSSI Cisco IOS XR memory forensics analysis 2/33 I- IOS XR internals & forensics analysis I We would like to be able to analyze a router to know if it was compromised I For that we want to develop memory forensics tools to detect advanced attack I IOS XR is an exotic system used on core routers ANSSI Cisco IOS XR memory forensics analysis 3/33 IOS XR I Used in Cisco routers (12000, ASR9000, ...) I 32 bits version only I Based on QNX 6.4 ANSSI Cisco IOS XR memory forensics analysis 4/33 QNX I Microkernel released in 1982, now part of Blackberry I Used in embedded system : Routers, Infotainment, Telematics (Westing House, AECL, Air traffic Control, General Electric) I Source was released then closed again ANSSI Cisco IOS XR memory forensics analysis 5/33 QNX architecture I Fault tolerant I Reduced kernel attack surface I Conforms to posix standard I Customizable by OEM ANSSI Cisco IOS XR memory forensics analysis 6/33 QNX Security & Forensics I Some CVEs I No hardening before 6.6 I Troopers 2016, QNX : ”99 Problems but a Microkernel ain’t one !” (Vuln in message passing & IPC) I Recon 2018, ”Dissecting QNX” (Mitigation & PRNG) I No forensics papers or presentations ANSSI Cisco IOS XR memory forensics analysis 7/33 QNX startup I The IPL, Inital Program Loader, initializes the hardware, configures the memory controller, loads the system image
  • System Management Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 7.3.X

    System Management Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 7.3.X

    System Management Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 7.3.x First Published: 2021-02-26 Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  • IOS XR Software CRS-1 and C12000

    IOS XR Software CRS-1 and C12000

    IOS XR Software CRS-1 and C12000 Martin Winter Technical Leader Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1 Agenda High Level IOS XR Strategy IOS XR Software Architecture IOS XR CLI Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2 High level IOS XR Strategy Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3 High End Routing Portfolio Next Generation Core 40G Routing Day 1 CRS-1 Multi-Chassis Scale Foundation for Core Consolidation Next Generation Core & Edge • Builds on 12000 Series Technology • PRP, 2.5G ISE, 10G ISE Cisco XR 12000 • Edge interface breadth/density • 4/6/10/16 Slot Form Factor • Foundation for Multi-Service Edge consolidation Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4 Cisco High End Routing Strategy IOS XR: Foundation of Cisco HER Technology Convergence HighHigh EndEnd RoutingRouting PlatformsPlatforms Systems Silicon Services (Single and Multi- (Forwarding (High Touch Deep Chassis / 2.5G to 40G+) Engines) Packet Inspection) Services CRS 40G ISE Blade (X-Blade) 12000 10G ISE 2.5G ISE vFW, SBC IOS XR Software • IOS XR is the ‘glue’, delivering HA, scale, core+edge services with common management and user interface Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5 IOS XR Software Architecture Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6 Modular IOS != IOS XR Modular IOS: Ships today on Catalyst 6500 with Sup720 and Sup32 Based on the same IOS code with added Microkernel and IOS split into multiple processes. Not everything as it’s own process (ie all Routing as one process), optimized for performance on existing hardware IOS XR: Ships today on CRS-1 and C12000 (PRP only) Complete rewrite of the code Very modular, split into multiple processes and built for multiterabit scaling and distributed operation Features targeted for SP NGN router Presentation_ID © 2006 Cisco Systems, Inc.
  • Diseño E Implementación De Actualizaciones Over the Air (OTA) Para Redes De Sensores Inalámbricas

    Diseño E Implementación De Actualizaciones Over the Air (OTA) Para Redes De Sensores Inalámbricas

    Diseño e implementación de actualizaciones Over The Air (OTA) para redes de sensores inalámbricas David García Fernández GRADO EN INGENIERÍA INFORMÁTICA FACULTAD DE INFORMÁTICA UNIVERSIDAD COMPLUTENSE DE MADRID Trabajo Fin de Grado en Ingeniería Informática Curso 2018-2019 Director: Joaquín Recas Resumen en castellano El objeto de este trabajo es el estudio de la viabilidad de las actualizaciones de firmware Over The Air (OTA) utilizando una red LPWAN, en concreto LoRaWAN. Dar soporte para actualizaciones de firmware OTA a día de hoy resulta fundamental y más todavía cuando estos nodos se encuentran en lugares remotos o sitios donde el acceso es muy limitado o peligroso. Tener implementada la funcionalidad para actualizaciones vía OTA permite corregir errores o añadir nuevas funcionalidades a distancia. Uno de los objetivos prioritarios consiste en que la misma actualización pueda llegar a un conjunto de nodos a la vez evitando tener que actualizar los nodos uno por uno, ya que esto supondría el envío de gran cantidad de información duplicada. Para llevar a cabo esta tarea, se ha realizado un estudio en profundidad sobre las características y el funcionamiento de la red LoRaWAN teniendo en cuenta que las redes LPWAN en general dificultan llevar a cabo este tipo de actualizaciones debido a sus conocidas limitaciones en cuanto a tamaño de payload y elevada latencia. Finalmente, este trabajo demuestra la viabilidad de las OTA mediante la aplicación de parches de actualización de firmware a conjuntos de nodos. Palabras clave OTA Over The Air Pycom Lopy STM32L475 LoRa LoRaWAN Bajo consumo Firmware OTA LoRa Server Red de sensores Abstract The aim of this work is the study of the feasibility of firmware updates Over The Air (OTA) using an LPWAN network, specifically LoRaWAN.
  • Cisco IOS XR Security

    Cisco IOS XR Security

    07_1587052717_ch06.qxp 5/15/09 11:21 AM Page 159 CHAPTER 6 Cisco IOS XR Security It is important to control access to the router to prevent unauthorized or malicious use that might take the router offline or use it to launch an attack on the rest of the network. Cisco IOS XR provides the authentication, authorization, and accounting (AAA) frame- work that helps provide secure access via the logical vty and the physical tty ports. Fur- thermore, ensuing sections in this chapter discuss the concepts of task-based authorization and familiarize the user with IOS XR concepts such as admin and SDR planes as well as the uniqueness of user groups and task group configuration. Forwarding plane refers to the components involved in the various stages during packet forwarding. Forwarding plane refers not only to the flow of a packet through the router but also to the packets destined to the router. Protection of forwarding plane is important and necessitates controlling the type of traffic that traverses the router, and limiting the amount of traffic that’s destined to the router itself so that the router does not become a victim of a denial of service (DoS) attack. You might well be familiar with access control lists (ACL) and Unicast Reverse Path Forwarding (uRPF) as popular forwarding plane secu- rity features. Additionally, IOS XR has a concept of Local Packet Transport Service (LPTS). LPTS provides protection against traffic destined to the router. This type of traffic is usually related to routing protocols that typically run on the route processor (RP) of the router, though Telnet, SNMP, NTP, ping, traceroute, and various other services create traf- fic that can be destined to a router’s line card or RP CPU.