Gigamon Policy (Active Visibility)

gigamon-0200fd (config policy alias test3) # condition add ?
< condition > Add a condition to the policy
GsCpuUtilHigh
GsCpuUtilLow
GsHbStatusDown
GsHbStatusUp
GsPktBufThHigh
GsPktBufThLow
GsPktDropRateHigh
GsPktDropRateLow
GsRxPktErrorHigh
GsRxPktErrorLow
GsRxPktRateHigh
GsRxPktRateLow
InlineToolDown
InlineToolReady
InlineToolUp
PortDown
PortRxBufferHigh
PortRxBufferLow
PortRxDiscardsHigh
PortRxDiscardsLow
PortRxDropsHigh
PortRxDropsLow
PortRxErrorsHigh
PortRxErrorsLow
PortRxUtilHigh
PortRxUtilLow
PortTxBufferHigh
PortTxBufferLow
PortTxDiscardsHigh
PortTxDiscardsLow
PortTxDropsHigh
PortTxDropsLow
PortTxErrorsHigh
PortTxErrorsLow
PortTxUtilHigh
PortTxUtilLow
PortUp
TimeFriday
TimeMonday
TimeOfDay
TimeSaturday
TimeSunday
TimeThursday
TimeTuesday
TimeWednesday
TimeWeekday
TimeWeekend

gigamon-0200fd (config policy alias test3) # action add ?
< action > Add an action to the policy.
FlexInlineOOBAdd
FlexInlineOOBDelete
InlineNetTrafficPath
InlineToolDisable
InlineToolEnable
InlineToolRecover
MapDisable
MapEnable
MapGsRuleAdd
MapGsRuleDelete
MapRuleAdd
MapRuleDelete
PhysicalByPassDisable
PhysicalByPassEnable
PolicyDisable
PolicyEnable
PortDisable
PortEnable
PortFilterAdd
PortFilterDelete
PortFilterDeleteAll
WriteMemory

Controlled GigaStream Configuration

To configure a controlled tool GigaStream, specify hash size and hash bucket ID, using the prefix mode. Refer to the following example:

Step

Description

Command

1. Configure ports using type tool for controlled GigaStream.

(config) # port 1/3/q4..q6 type tool

2. Configure a controlled GigaStream. This uses the prefix mode to configure all parameters.

(config) # gigastream alias stream2
(config gigastream alias stream2) # hash-size 12
(config gigastream alias stream2) # hash-bucket-id 1..3 port 1/3/q4..q6
(config gigastream alias stream2) # comment “controlled gigastream”
(config gigastream alias stream2) # exit
(config) #

3. Display the configuration for this example.

(config) # show gigastream

IP Tunnel Receiving End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x1 ip 192.168.51.80/24 gateway 192.168.51.1 mtu 9600 port-list GS51

gsop alias Remote2HQtunnel tunnel-recap type grip portdst 8001 port-list GS51

map alias FieldCallCtrDB

# comment "Field Call Center database traffic received at HQ"
# use gsop Remote2HQTunnel
# rule add pass ipsrc 172.16.10.88
# from 1/1/x1
# to 1/1/x5
# exit

IP Tunnel Sending End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x5 ip 172.16.10.88/24 gateway 172.16.10.1 mtu 9600 port-list GS51

gsop alias Chicago2HQ tunnel-uncap type gmip porters 8000 protest 8001 ipdst 192.168.51.80 port-list GS51

map alias ChicagoDBtoHQ

# comment "Chicago Call Center Database traffic sent to HQ"
# use gsop Chcago2HQ
# rule add pass porters 1521 bidir
# from 1/1/x1
# to 1/1/x5
# exit

https://cultivo-hy.github.io/docker/image/usage/2019/03/14/Docker정리/

https://subicura.com/2017/02/10/docker-guide-for-beginners-create-image-and-deploy.html

https://javacan.tistory.com/entry/docker-start-6-docker-image-layer

https://ifuwanna.tistory.com/249

컨테이너 목록 확인하기 (ps)

docker ps [OPTIONS]
컨테이너 중지하기 (stop)

docker stop [OPTIONS] CONTAINER [CONTAINER...]
도커 ID의 전체 길이는 64자리 입니다. 하지만 명령어의 인자로 전달할 때는 전부 입력하지 않아도 됩니다. 예를 들어 ID가 abcdefgh…라면 abcd만 입력해도 됩니다. 앞부분이 겹치지 않는다면 1-2자만 입력해도 됩니다.
컨테이너 제거하기 (rm)

종료된 컨테이너를 완전히 제거하는 명령어는 다음과 같습니다.

docker rm [OPTIONS] CONTAINER [CONTAINER...]
중지된 컨테이너 ID를 가져와서 한번에 삭제 docker rm -v $(docker ps -a -q -f status=exited)
이미지 목록 확인하기 (images)

docker images [OPTIONS] [REPOSITORY[:TAG]]
이미지 다운로드하기 (pull)

docker pull [OPTIONS] NAME[:TAG|@DIGEST]
이미지 삭제하기 (rmi)

docker rmi [OPTIONS] IMAGE [IMAGE...]
images 명령어를 통해 얻은 이미지 목록에서 이미지 ID를 입력하면 삭제가 됩니다. 단, 컨테이너가 실행중인 이미지는 삭제되지 않습니다. 컨테이너는 이미지들의 레이어를 기반으로 실행중이므로 당연히 삭제할 수 없습니다.

컨테이너 로그 보기 (logs)

컨테이너가 정상적으로 동작하는지 확인하는 좋은 방법은 로그를 확인하는 것 입니다.

docker logs [OPTIONS] CONTAINER
컨테이너 명령어 실행하기 (exec)

실행중인 컨테이너에 들어가거나 컨테이너의 파일을 실행하고 싶을 때가 있습니다.

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
run은 새로 컨테이너를 만들어서 실행하고 exec은 실행중인 컨테이너에 명령어로 실행합니다.

Mac LaunchPad 사이즈 조절

defaults write com.apple.dock springboard-columns -int 11
defaults write com.apple.dock springboard-rows -int 9
killall Dock

배경화면 경로 보이기
defaults write com.apple.dock desktop-picture-show-debug-text -bool TRUE;killall Dock
defaults write com.apple.dock desktop-picture-show-debug-text -bool FALSE;killall Dock

http://egloos.zum.com/popfly/v/6035802

OS X El Capitan부터 OpenSSL이 애플의 SDK에서 제외되었다.
맥에서 OpenSSL 프로그래밍을 하려면 소스를 직접 받아 빌드를 해야 한다.
이런 불편함을 해소하고, 간편하게 OpenSSL 라이브러리를 얻기 위해 Homebrew를 이용한다.

Homebrew 설치하기

Homebrew를 설치한 후 터미널에서 아래의 커맨드를 입력한다.

$ brew doctor

Homebrew의 실행 환경이 잘 되었는지 검사한다.
이상이 없으면 경고 메시지가 나오지 않는다.
내 경우엔 아래처럼 경고가 나왔다.

이를 해결하려면 터미널에서 아래의 커맨드를 입력한다.
계정이름에는 맥에 로그인한 계정이름을 넣는다.

$ sudo chown -R 계정이름:admin /usr/local/

아래의 커맨드를 입력해 새로운 버전의 Homebrew를 가져온다. Homebrew 프로그램 자체를 새로운 버전으로 만든다.

$ brew update

아래의 커맨드를 입력해 설치된 패키지를 최신 버전으로 만든다,

$ brew upgrade

OpenSSL 설치를 위해 아래의 커맨드를 입력한다.

$ brew install openssl

OpenSSL이 설치되면 아래의 경로에 헤더 파일과 라이브러리 파일이 존재하게 된다.

/usr/local/opt/openssl/include
/usr/local/opt/openssl/lib

Brew Error 시

git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core" fetch
git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core" fetch --unshallow
git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask" fetch
git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask" fetch --unshallow

You can configure Gigamon Resiliency for inline protection on H Series nodes (GigaVUE-HC1, GigaVUE-HC2, and GigaVUE-HC3). Example 18 is an inline bypass solution for GRIP using TAP-HC1-G10040 modules on GigaVUE-HC1 with copper ports. The same instructions apply to GigaVUE-HC2 and GigaVUE-HC3.

Note: On the GigaVUE-HC2, the configuration steps will be the same as in this example, but the network ports and the TAP module will be different.

First, configure the GigaVUE-HC1 with the primary role, then configure the GigaVUE-HC1 with the secondary role. The configuration is the same (is synchronized) on both nodes, except for step 3, in which the protection role (primary or secondary) is specified.

Note that in this example, link fail propagation (LFP) is disabled to reduce inline network recovery time after failover. When a primary to secondary failover occurs and LFP is enabled for copper inline bypass links, network service recovery may take several seconds because of Ethernet link renegotiation. Optical links failover faster and typically recover service much faster. For inline networks where only one path is available, this is a consideration. When GRIP is deployed with high availability networks where a second path is present, it is a best practice to leave LFP enabled.

Configuring Primary Role GigaVUE-HC1

Step

Description

Command

1. Configure ports on the TAP-HC1-G10040 module as passive (in passive mode, relays are closed). Also configure ports, port type (inline-network).

(config) # port 1/3/g1..g8 params taptx passive
(config) # port 1/3/g1..g8 type inline-network

2. Configure stack port (for signaling port/link) and enable it.

(config) # port 1/1/x1 type stack
(config) # port 1/1/x1 params admin enable

3. Create the redundancy profile by giving it a name and configuring parameters for the redundancy profile such as the signaling port and protection role (primary).

(config) # redundancy-profile alias RP_001
(config redundancy-profile alias RP_001) # signaling-port 1/1/x1
(config redundancy-profile alias RP_001) # protection-role primary
(config redundancy-profile alias RP_001) # exit
(config) #

4. Configure inline network.

(config) # inline-network alias IN_001 pair net-a 1/3/g1 and net-b 1/3/g2

5. Associate the redundancy profile to the inline network. Also disable link fail propagation on the inline network.

(config) # inline-network alias IN_001 redundancy-profile RP_001
(config) # no inline-network alias IN_001 lfp enable

6. Configure inline tool ports, port type (inline-tool), and administratively enable them.

(config) # port 1/1/x11 type inline-tool
(config) # port 1/1/x11 params admin enable

(config) # port 1/1/x12 type inline-tool
(config) # port 1/1/x12 params admin enable

7. Configure inline tool and failover action. Then enable inline tool.

(config) # inline-tool alias IT_001 pair tool-a 1/1/x11 and tool-b 1/1/x12
(config) # inline-tool alias IT_001 failover-action network-bypass
(config) # inline-tool alias IT_001 enable

8. Configure map passall, from inline network to inline tool.

(config) # map-passall alias INtoIT
(config map-passall alias INtoIT) # from IN_001
(config map-passall alias INtoIT) # to IT_001
(config map-passall alias INtoIT) # exit
(config) #

9. Configure the path of the traffic to inline tool.

(config) # inline-network alias IN_001 traffic-path to-inline-tool