IP Tunnel Sending End Configuration

port 1/1/x1 type network

port 1/1/x5 type tool

gsgroup alias GS51 port-list 1/5/e1

tunneled-port 1/1/x5 ip 172.16.10.88/24 gateway 172.16.10.1 mtu 9600 port-list GS51

gsop alias Chicago2HQ tunnel-uncap type gmip porters 8000 protest 8001 ipdst 192.168.51.80 port-list GS51

map alias ChicagoDBtoHQ

# comment "Chicago Call Center Database traffic sent to HQ"
# use gsop Chcago2HQ
# rule add pass porters 1521 bidir
# from 1/1/x1
# to 1/1/x5
# exit

https://cultivo-hy.github.io/docker/image/usage/2019/03/14/Docker정리/

https://subicura.com/2017/02/10/docker-guide-for-beginners-create-image-and-deploy.html

https://javacan.tistory.com/entry/docker-start-6-docker-image-layer

https://ifuwanna.tistory.com/249

컨테이너 목록 확인하기 (ps)

docker ps [OPTIONS]
컨테이너 중지하기 (stop)

docker stop [OPTIONS] CONTAINER [CONTAINER...]
도커 ID의 전체 길이는 64자리 입니다. 하지만 명령어의 인자로 전달할 때는 전부 입력하지 않아도 됩니다. 예를 들어 ID가 abcdefgh…라면 abcd만 입력해도 됩니다. 앞부분이 겹치지 않는다면 1-2자만 입력해도 됩니다.
컨테이너 제거하기 (rm)

종료된 컨테이너를 완전히 제거하는 명령어는 다음과 같습니다.

docker rm [OPTIONS] CONTAINER [CONTAINER...]
중지된 컨테이너 ID를 가져와서 한번에 삭제 docker rm -v $(docker ps -a -q -f status=exited)
이미지 목록 확인하기 (images)

docker images [OPTIONS] [REPOSITORY[:TAG]]
이미지 다운로드하기 (pull)

docker pull [OPTIONS] NAME[:TAG|@DIGEST]
이미지 삭제하기 (rmi)

docker rmi [OPTIONS] IMAGE [IMAGE...]
images 명령어를 통해 얻은 이미지 목록에서 이미지 ID를 입력하면 삭제가 됩니다. 단, 컨테이너가 실행중인 이미지는 삭제되지 않습니다. 컨테이너는 이미지들의 레이어를 기반으로 실행중이므로 당연히 삭제할 수 없습니다.

컨테이너 로그 보기 (logs)

컨테이너가 정상적으로 동작하는지 확인하는 좋은 방법은 로그를 확인하는 것 입니다.

docker logs [OPTIONS] CONTAINER
컨테이너 명령어 실행하기 (exec)

실행중인 컨테이너에 들어가거나 컨테이너의 파일을 실행하고 싶을 때가 있습니다.

docker exec [OPTIONS] CONTAINER COMMAND [ARG...]
run은 새로 컨테이너를 만들어서 실행하고 exec은 실행중인 컨테이너에 명령어로 실행합니다.

Mac LaunchPad 사이즈 조절

defaults write com.apple.dock springboard-columns -int 11
defaults write com.apple.dock springboard-rows -int 9
killall Dock

배경화면 경로 보이기
defaults write com.apple.dock desktop-picture-show-debug-text -bool TRUE;killall Dock
defaults write com.apple.dock desktop-picture-show-debug-text -bool FALSE;killall Dock

http://egloos.zum.com/popfly/v/6035802

OS X El Capitan부터 OpenSSL이 애플의 SDK에서 제외되었다.
맥에서 OpenSSL 프로그래밍을 하려면 소스를 직접 받아 빌드를 해야 한다.
이런 불편함을 해소하고, 간편하게 OpenSSL 라이브러리를 얻기 위해 Homebrew를 이용한다.

Homebrew 설치하기

Homebrew를 설치한 후 터미널에서 아래의 커맨드를 입력한다.

$ brew doctor

Homebrew의 실행 환경이 잘 되었는지 검사한다.
이상이 없으면 경고 메시지가 나오지 않는다.
내 경우엔 아래처럼 경고가 나왔다.

이를 해결하려면 터미널에서 아래의 커맨드를 입력한다.
계정이름에는 맥에 로그인한 계정이름을 넣는다.

$ sudo chown -R 계정이름:admin /usr/local/

아래의 커맨드를 입력해 새로운 버전의 Homebrew를 가져온다. Homebrew 프로그램 자체를 새로운 버전으로 만든다.

$ brew update

아래의 커맨드를 입력해 설치된 패키지를 최신 버전으로 만든다,

$ brew upgrade

OpenSSL 설치를 위해 아래의 커맨드를 입력한다.

$ brew install openssl

OpenSSL이 설치되면 아래의 경로에 헤더 파일과 라이브러리 파일이 존재하게 된다.

/usr/local/opt/openssl/include
/usr/local/opt/openssl/lib

Brew Error 시

git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core" fetch
git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core" fetch --unshallow
git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask" fetch
git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-cask" fetch --unshallow

You can configure Gigamon Resiliency for inline protection on H Series nodes (GigaVUE-HC1, GigaVUE-HC2, and GigaVUE-HC3). Example 18 is an inline bypass solution for GRIP using TAP-HC1-G10040 modules on GigaVUE-HC1 with copper ports. The same instructions apply to GigaVUE-HC2 and GigaVUE-HC3.

Note: On the GigaVUE-HC2, the configuration steps will be the same as in this example, but the network ports and the TAP module will be different.

First, configure the GigaVUE-HC1 with the primary role, then configure the GigaVUE-HC1 with the secondary role. The configuration is the same (is synchronized) on both nodes, except for step 3, in which the protection role (primary or secondary) is specified.

Note that in this example, link fail propagation (LFP) is disabled to reduce inline network recovery time after failover. When a primary to secondary failover occurs and LFP is enabled for copper inline bypass links, network service recovery may take several seconds because of Ethernet link renegotiation. Optical links failover faster and typically recover service much faster. For inline networks where only one path is available, this is a consideration. When GRIP is deployed with high availability networks where a second path is present, it is a best practice to leave LFP enabled.

Configuring Primary Role GigaVUE-HC1

Step

Description

Command

1. Configure ports on the TAP-HC1-G10040 module as passive (in passive mode, relays are closed). Also configure ports, port type (inline-network).

(config) # port 1/3/g1..g8 params taptx passive
(config) # port 1/3/g1..g8 type inline-network

2. Configure stack port (for signaling port/link) and enable it.

(config) # port 1/1/x1 type stack
(config) # port 1/1/x1 params admin enable

3. Create the redundancy profile by giving it a name and configuring parameters for the redundancy profile such as the signaling port and protection role (primary).

(config) # redundancy-profile alias RP_001
(config redundancy-profile alias RP_001) # signaling-port 1/1/x1
(config redundancy-profile alias RP_001) # protection-role primary
(config redundancy-profile alias RP_001) # exit
(config) #

4. Configure inline network.

(config) # inline-network alias IN_001 pair net-a 1/3/g1 and net-b 1/3/g2

5. Associate the redundancy profile to the inline network. Also disable link fail propagation on the inline network.

(config) # inline-network alias IN_001 redundancy-profile RP_001
(config) # no inline-network alias IN_001 lfp enable

6. Configure inline tool ports, port type (inline-tool), and administratively enable them.

(config) # port 1/1/x11 type inline-tool
(config) # port 1/1/x11 params admin enable

(config) # port 1/1/x12 type inline-tool
(config) # port 1/1/x12 params admin enable

7. Configure inline tool and failover action. Then enable inline tool.

(config) # inline-tool alias IT_001 pair tool-a 1/1/x11 and tool-b 1/1/x12
(config) # inline-tool alias IT_001 failover-action network-bypass
(config) # inline-tool alias IT_001 enable

8. Configure map passall, from inline network to inline tool.

(config) # map-passall alias INtoIT
(config map-passall alias INtoIT) # from IN_001
(config map-passall alias INtoIT) # to IT_001
(config map-passall alias INtoIT) # exit
(config) #

9. Configure the path of the traffic to inline tool.

(config) # inline-network alias IN_001 traffic-path to-inline-tool

Example 17 is an inline bypass solution on GigaVUE-HC2 for an inline tool group with four tools. It is similar to Example 16: Asymmetrical Hashing in Inline Tool Group, but has four rule-based inline maps, one to each individual member of the inline tool group. In Example 17, asymmetrical hashing is used, but the hashing could also be symmetrical. The hashing only applies to the traffic sent to the shared collector.

Example 17 is different from Example 5: Inline Tool Group (N+1) Redundancy. In Example 5, all the traffic was sent to the inline tool group as a whole, using a map passall. Hashing distributed the traffic across the group.

With the multiple rule-based maps in Example 17, specific traffic is sent to specific tools in the inline tool group according to the rules. Each of the four inline maps directs traffic from one source IP address to a specific inline tool in the group.

A shared collector is configured from the inline network to the inline tool group. Traffic that does not match any of the map rules is sent to the shared collector and will be distributed according to the hashing value specified for the group.

Step

Description

Command

1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 1/2/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 1/2/x2 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

2. Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

3. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 1/2/x15 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 1/2/x16 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 1/2/x19 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 1/2/x20 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

(config) # port 1/2/x21 alias iT5
(config) # port iT5 type inline-tool
(config) # port iT5 params admin enable

(config) # port 1/2/x22 alias iT6
(config) # port iT6 type inline-tool
(config) # port iT6 params admin enable

(config) # port 1/2/x23 alias iT7
(config) # port iT7 type inline-tool
(config) # port iT7 params admin enable

(config) # port 1/2/x24 alias iT8
(config) # port iT8 type inline-tool
(config) # port iT8 params admin enable

4. Configure inline tools and enable them.

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4
(config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6
(config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable
(config) # inline-tool alias inTool3 enable
(config) # inline-tool alias inTool4 enable

5. Configure inline tool group and parameters. Enable it and then configure failover action.

(config) # inline-tool-group alias inToolGroup
(config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2,inTool3,inTool4
(config inline-tool-group alias inToolGroup) # hash a-srcip-b-dstip
(config inline-tool-group alias inToolGroup) # minimum-group-healthy-size 4
(config inline-tool-group alias inToolGroup) # enable
(config inline-tool-group alias inToolGroup) # failover-action network-bypass
(config inline-tool-group alias inToolGroup) # exit
(config) #

6. Configure rule-based map, from inline network to first tool in inline tool group, from the same source, inNet.

(config) # map alias inNet-to-inTool1
(config map alias inNet-to-inTool1) # type inline byRule
(config map alias inNet-to-inTool1) # from inNet
(config map alias inNet-to-inTool1) # to inTool1
(config map alias inNet-to-inTool1) # rule add pass ipsrc 10.10.10.101 /32
(config map alias inNet-to-inTool1) # exit
(config) #

7. Configure rule-based map, from inline network to second tool in inline tool group, from the same source, inNet.

(config) # map alias inNet-to-inTool2
(config map alias inNet-to-inTool2) # type inline byRule
(config map alias inNet-to-inTool2) # from inNet
(config map alias inNet-to-inTool2) # to inTool2
(config map alias inNet-to-inTool2) # rule add pass ipsrc 20.10.20.102 /32
(config map alias inNet-to-inTool2) # exit
(config) #

8. Configure rule-based map, from inline network to third tool in inline tool group, from the same source, inNet.

(config) # map alias inNet-to-inTool3
(config map alias inNet-to-inTool3) # type inline byRule
(config map alias inNet-to-inTool3) # from inNet
(config map alias inNet-to-inTool3) # to inTool3
(config map alias inNet-to-inTool3) # rule add pass ipsrc 31.11.31.103 /32
(config map alias inNet-to-inTool3) # exit
(config) #

9. Configure rule-based map, from inline network to fourth tool in inline tool group, from the same source, inNet.

(config) # map alias inNet-to-inTool4
(config map alias inNet-to-inTool4) # type inline byRule
(config map alias inNet-to-inTool4) # from inNet
(config map alias inNet-to-inTool4) # to inTool4
(config map alias inNet-to-inTool4) # rule add pass ipsrc 41.11.41.104 /32
(config map alias inNet-to-inTool4) # exit
(config) #

10. Add a shared collector for any unmatched data and send it to the inline tool group. Again, the source is the same, inNet.

(config) # map-scollector alias inNet-to-ITG
(config map-scollector alias inNet-to-ITG) # from inNet
(config map-scollector alias inNet-to-ITG) # collector inToolGroup
(config map-scollector alias inNet-to-ITG) # exit
(config) #

11. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

12. Display the configuration for this example.

(config) # show inline-tool-group
(config) # show map

Example 16 is an inline bypass solution on GigaVUE-HC2 for an inline tool group with four tools. The inline tool group uses asymmetrical hashing (unlike Example 5: Inline Tool Group (N+1) Redundancy which uses symmetrical hashing). The hashing is based on the source IP address for side A and the destination IP address for side B.

A rule-based map (vlan 200) is configured from the inline network to the inline tool group. Traffic that matches the map rule and has the same source IP on side A and destination IP on side B will be sent to the same inline tool in the inline tool group.

A shared collector is configured from the inline network to bypass. Traffic that does not match the map rule will be sent to the shared collector and bypassed.

Step

Description

Command

1. Configure inline network aliases, port type (inline-network), and administratively enable inline network ports.

(config) # port 1/2/x1 alias iN1
(config) # port iN1 type inline-network
(config) # port iN1 params admin enable

(config) # port 1/2/x2 alias iN2
(config) # port iN2 type inline-network
(config) # port iN2 params admin enable

2. Configure inline network.

(config) # inline-network alias inNet pair net-a iN1 and net-b iN2

3. Configure inline tool ports, port type (inline-tool), and administratively enable inline tool ports.

(config) # port 1/2/x15 alias iT1
(config) # port iT1 type inline-tool
(config) # port iT1 params admin enable

(config) # port 1/2/x16 alias iT2
(config) # port iT2 type inline-tool
(config) # port iT2 params admin enable

(config) # port 1/2/x19 alias iT3
(config) # port iT3 type inline-tool
(config) # port iT3 params admin enable

(config) # port 1/2/x20 alias iT4
(config) # port iT4 type inline-tool
(config) # port iT4 params admin enable

(config) # port 1/2/x21 alias iT5
(config) # port iT5 type inline-tool
(config) # port iT5 params admin enable

(config) # port 1/2/x22 alias iT6
(config) # port iT6 type inline-tool
(config) # port iT6 params admin enable

(config) # port 1/2/x23 alias iT7
(config) # port iT7 type inline-tool
(config) # port iT7 params admin enable

(config) # port 1/2/x24 alias iT8
(config) # port iT8 type inline-tool
(config) # port iT8 params admin enable

4. Configure inline tools and enable them.

(config) # inline-tool alias inTool1 pair tool-a iT1 and tool-b iT2
(config) # inline-tool alias inTool2 pair tool-a iT3 and tool-b iT4
(config) # inline-tool alias inTool3 pair tool-a iT5 and tool-b iT6
(config) # inline-tool alias inTool4 pair tool-a iT7 and tool-b iT8

(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool2 enable
(config) # inline-tool alias inTool3 enable
(config) # inline-tool alias inTool4 enable

5. Configure inline tool group and parameters. Enable it and then configure failover action.

(config) # inline-tool-group alias inToolGroup
(config inline-tool-group alias inToolGroup) # tool-list inTool1,inTool2,inTool3,inTool4
(config inline-tool-group alias inToolGroup) # hash a-srcip-b-dstip
(config inline-tool-group alias inToolGroup) # minimum-group-healthy-size 4
(config inline-tool-group alias inToolGroup) # enable
(config inline-tool-group alias inToolGroup) # failover-action tool-bypass
(config inline-tool-group alias inToolGroup) # exit
(config) #

6. Configure rule-based map, from inline network to inline tool group.

(config) # map alias inNet-to-ITG
(config map alias inNet-to-ITG) # type inline byRule
(config map alias inNet-to-ITG) # from inNet
(config map alias inNet-to-ITG) # to inToolGroup
(config map alias inNet-to-ITG) # rule add pass vlan 200
(config map alias inNet-to-ITG) # exit
(config) #

7. Add a shared collector for any unmatched data and send it to bypass.

(config) # map-scollector alias inNet-to-bypass
(config map-scollector alias inNet-to-bypass) # from inNet
(config map-scollector alias inNet-to-bypass) # collector bypass
(config map-scollector alias inNet-to-bypass) # exit
(config) #

8. Configure the path of the traffic to inline tool.

(config) # inline-network alias inNet traffic-path to-inline-tool

9. Display the configuration for this example.

(config) # show inline-tool-group
(config) # show map

Example 15 expands on Example 14 by combining out-of-band (OOB) maps with a map passall originating from an inline network group on GigaVUE-HC2.

When the source port of an OOB map is associated with an inline network group, only one port is supported in the port list. In this case, multiple OOB maps are needed because each OOB map only accepts one inline network port as the input (the from argument of the map command).

A protected inline network (which uses bypass combo modules) is included in Example 15. You do not need to configure inline network ports or the inline networks because they are created automatically. The port pairs in Example 15 are
1/1/x17 and 1/1/x18, as well as 1/1/x19 and 1/1/x20. The aliases of the default inline networks in Example 15 are default_inline_net_1_1_1 and default_inline_net_1_1_2.

In Example 15, two OOB maps send traffic from each inline network port (associated with default_inline_net_1_1_1) to the OOB tool. Two more maps would be needed to send traffic from each inline network port (associated with default_inline_net_1_1_2) to the OOB tool, but this is not included in Example 15.

On GigaVUE-HC3, protected inline bypass can be configured on the bypass combo module on ports c1..c4.

On GigaVUE-HC1, protected inline bypass can be configured on the bypass combo module, or on the TAP-HC1-G10040 module placed in either bay 2 or bay 3, so the ports will be 1/2/g1..g8 or 1/3/g1..g8. On the TAP module, you will need to configure inline network ports and the inline network because they are not created automatically (as they are on bypass combo modules).

Step

Description

Command

1. Configure an inline network group consisting of two protected inline networks.

(config) # inline-network-group alias inNetGroup
(config inline-network-group alias inNetGroup) # network-list default_inline_net_1_1_1,default_inline_net_1_1_2
(config inline-network-group alias inNetGroup) # exit
(config) #

2. Configure a regular tool port of port type (tool) and administratively enable it. This is the OOB tool.

(config) # port 1/1/x12 type tool
(config) # port 1/1/x12 params admin enable

3. Configure two inline tool ports of port type (inline-tool) and administratively enable them.

(config) # port 1/2/x23 type inline-tool
(config) # port 1/2/x23 params admin enable

(config) # port 1/2/x24 type inline-tool
(config) # port 1/2/x24 params admin enable

4. Configure inline tool and enable it. Also, specify that the inline tool is going to be shared by different sources. When shared is enabled (true), the inline tool can receive traffic from multiple sources (the inline networks in the inline network group).

(config) # inline-tool alias inTool1 pair tool-a 1/2/x23 and tool-b 1/2/x24
(config) # inline-tool alias inTool1 enable
(config) # inline-tool alias inTool1 shared true

5. Configure a map passall, from the inline network group to the inline tool. This sends all the traffic to the inline tool.

(config) # map-passall alias inline_map1
(config map-passall alias inline_map1) # from inNetGroup
(config map-passall alias inline_map1) # to inTool1
(config map-passall alias inline_map1) # exit
(config) #

6. Configure the first rule-based map. This is an OOB map from one inline network port (associated with default_inline_net_1_1_1) to the OOB tool.

(config) # map alias OoB_map1
(config map alias OoB_map1) # type regular byRule
(config map alias OoB_map1) # rule add pass ipver 4
(config map alias OoB_map1) # to 1/1/x12
(config map alias OoB_map1) # from 1/1/x17
(config map alias OoB_map1) # exit
(config) #

7. Configure a second rule-based map. This is an OOB map from the other inline network port (associated with default_inline_net_1_1_1) to the OOB tool.

(config) # map alias OoB_map2
(config map alias OoB_map2) # type regular byRule
(config map alias OoB_map2) # rule add pass ipver 4
(config map alias OoB_map2) # to 1/1/x12
(config map alias OoB_map2) # from 1/1/x18
(config map alias OoB_map2) # exit
(config) #

8. Configure a third rule-based map. This is an OOB map from a single inline tool port to the OOB tool.

(config) # map alias OoB_map3
(config map alias OoB_map3) # type inline byRule
(config map alias OoB_map3) # rule add pass ipver 4
(config map alias OoB_map3) # to 1/1/x12
(config map alias OoB_map3) # from 1/2/x23
(config map alias OoB_map3) # exit
(config) #

9. Configure the path of the traffic to inline tool.

(config) # inline-network alias default_inline_net_1_1_1 traffic-path to-inline-tool
(config) # inline-network alias default_inline_net_1_1_2 traffic-path to-inline-tool

10. Disable physical bypass on the default inline network aliases.

(config) # inline-network alias default_inline_net_1_1_1 physical-bypass disable
(config) # inline-network alias default_inline_net_1_1_2 physical-bypass disable

11. Display the configuration and statistics for this example.

(config) # show inline-network
(config) # show inline-network-group
(config) # show inline-tool
(config) # show map