SLX insight architecture 1/3: TPVM

  • Install and start TPVM from privileged mode
  • Add an insight interface from configuration mode
  • Add filter or mirror ACLs rules to the insight interface
  • Run applications inside TPVM, e.g., tcpdump

TPVM

TPVM before SLXr18.2 was shipped within the SLX-OS image itself, but with the recent version changes, it has been decoupled and needs to be downloaded and copied in a separate process.

slx# tpvm stop
slx# tpvm uninstall
slx# start-shell
Entering Linux shell for the user: admin
[admin@slx]# rm -rf /tftpboot/SWBD2900/vm-swbd2900-*.deb
~joerg$ scp tpvm-2.0.0–0.amd64 admin@slx:/tftpboot/SWBD2900/

Installation

We will first check the current status of the installation by running the show tpvm status — command from the SLX privileged prompt.

slx# show tpvm status
TPVM is not installed
slx# tpvm install
Installation starts. To check the status use ‘show tpvm status’ command
slx# show tpvm status
TPVM is being installed now
slx# show tpvm status
TPVM is installed but not running, and AutoStart is disabled on this host.
slx# tpvm start
start succeeds
slx# show tpvm status
TPVM is running, and AutoStart is disabled on this host.

Access TPVM

Now comes the confusing part, and I don’t like the official documentation about this so much.

  1. TPVM tries to register an IPv4 address by DHCP on the bridged management ethernet interface, and you can log in with SSH.
  2. TPVM tries to send IPv6 router solicitation packets and tries to acquire a local IPv6 address with NDP, and you can log in with SSH.
  3. TPVM registers an IPv6 link-local address with NDP, and also, log in with SSH is possible.
  4. The “may not be supported way”: The TPVM login prompt is catchable by hijacking the terminal session directly from the HOST-OS (see Inside Extreme SLX architecture)
  5. Access TPVM by console serial port (I am not showing this way, though) works similarly to point 4.
show tpvm ip-address
IPv4:
eth0 192.168.2.249
docker0 172.17.0.1
IPv6:2a02:0000:c000:0:da80:00ff:f00b:8800
eth0: fe80::da80:00ff:f00b:8800

1.) and 2.) Access TPVM with DHCP or ND served addresses

If there is an IPv4 or a globally routed IPv6 address visible, you can call yourself happy and directly connect to TPVM with the internal SSH client using the mgmt virtual router and forwarding instance.

slx# ssh 192.168.2.249 -l admin vrf mgmt-vrf
admin@192.168.2.249’s password:
slx# ssh 2a02:0000:c000:0:da00:00ff:f00b:8804 -l admin
admin@2a02:0000:c000:0:da00:00ff:f00b:’s password:

3.) Access TPVM with link-local IPv6 addresses

But if we are not running a local DHCP or not spanning IPv6 - router advertisements on our management devices, we may end up like this:

slx# show tpvm ip-address
IPv4:
docker0 172.17.0.1
IPv6:
eth0
eth0 fe80::da00:00ff:f00b:8800
slx# ping ipv6 fe80::da00:00ff:f00b:8800 interface management vrf mgmt-vrf
Type Control-c to abort
64 bytes from fe80::da00: icmp_seq=0 ttl=64 time=3.239 ms
64 bytes from fe80::da00: icmp_seq=1 ttl=64 time=1.985 ms
slx# ssh fe80::da84:66ff:feeb:8804 -l admin interface management vrf mgmt-vrf
Invalid Interface
slx# start-shell
Entering Linux shell for the user: admin
[admin@slx]# ssh -6 fe80::da00:00ff:f00b:8800%eth0 -l admin
Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0–128-generic x86_64)
Last login: Tue Apr 2 12:12:46 2019
admin@TPVM:~$

4.) The “not so supported way.”

If all things break or you need to make some crash recovery, we can log in via the attaching to a tmux session, created on startup of the Host OS. To do this, we first need to connect to the Host OS via the SLX prompt.

slx# telnet 127.2.0.1 vrf mgmt-vrfTrying 127.2.0.1…
Connected to 127.2.0.1.
Escape character is ‘^]’.
Ubuntu 14.04 LTS
HOST login: root
Password:
Last login: Wed Jan 2 16:12:38 GMT 2019 from pb_vm1 on pts/6Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.7 x86_64)

root@HOST:~#
root@HOST:~# /fusion/sbin/tmux attach -t FUSION_KVMUbuntu 14.04 LTS HOST ttyS0
HOST login:
Password:
PRESS F2
SLX-OS (slx)
slx login:
PRESS F3
Ubuntu 16.04.4 LTS TPVM ttyS0
TPVM login: admin
Password: password
122 packages can be updated.
70 updates are security updates.
admin@TPVM:~$

And finally logged in…

Inside TPVM, we will open a root shell with the sudo command and entering the admin password once again.

admin@TPVM:~$ sudo -s
[sudo] password for admin:
root@TPVM:~# id
uid=0(root) gid=0(root) groups=0(root)
root@TPVM:~# ip -4 link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether d8:00:00:00:00:04 brd ff:ff:ff:ff:ff:ff
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
link/ether d8:00:00:00:00:02 brd ff:ff:ff:ff:ff:ff
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
link/ether 02:42:28:2d:60:b9 brd ff:ff:ff:ff:ff:ff
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.5
netmask 255.255.255.0
gateway 192.168.1.1
auto eth1
iface eth1 inet manual

From here on

So from this point on, we shall have a working TPVM accessible directly from the SLX-VM or a dedicated management network. In the future, part two, we will finally configure and activate the insight interface.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store