4.4 Using Neo
| The following sections discuss Neo commands and syntax in detail. 4.4.1 The Command PromptNeo presents you with its own command prompt, which is the word "neo" followed by a colon . From this prompt, you can type commands for Neo to execute. If upon startup Neo did not print a warning about the readline library, you will have full command line editing available from the prompt. Figure 4.2 lists some of the common command line editing features; for a more detailed reference, consult http://www.gnu.org/directory/readline.html. Figure 4.2. Basic Readline Editing Keys.
At any time while Neo is executing a command, you can type Control-C to interrupt the running command and return to the Neo prompt. The Neo command prompt also allows a limited amount of command abbreviation. For example, the device command can be abbreviated dev , and the port enable command can be abbreviated port ena . 4.4.2 The Location SyntaxOne of Neo's strengths is its flexible location syntax. The location syntax is the format Neo uses to describe a device, a number of devices, or particular ports on a device. Generically, the location syntax takes the form port @ device . That is, a port designator and a device designator separated by an at sign. In a simple example, this may be 5@switch.example.com , representing port five on switch.example.com. However, either the port designator or the device designator may use more exotic options. The Device DesignatorIn the simplest case, a location may be just a single device with no associated ports. For this, use an at sign followed by the host name : @switch.example.com Or in just this example alone, you can abbreviate it to the host name with no at sign: switch.example.com Sometimes you will want a location to represent more than one device, which you can accomplish several different ways. First, you can list device names separated by commas: @switch1.example.com,switch2.example.com,router.example.com Make sure there are no spaces in the location or Neo will interpret it as multiple arguments to a command instead of as a single location. Often you will want to refer to so many devices that separating them all by commas would be cumbersome. One option is to reference a file that contains a list of host names and use the syntax @f: filename . For example, if you have a file /var/tmp/switches with a list of hosts , one per line, use the location syntax: @f:/var/tmp/switches You can check yourself by asking Neo to describe which devices are present in a location using the location print command: neo: location print @f:/var/tmp/switches Devices (4) are: SWITCH1.EXAMPLE.COM SWITCH2.EXAMPLE.COM SWITCH3.EXAMPLE.COM SWITCH4.EXAMPLE.COM On a large network, there may be so many devices that it's useful to divide them into smaller groups of devices. For example, you may wish to be able to refer to all the devices on one particular network or broadcast domain. Neo supports this through the use of a keyfile . The keyfile is a text file that looks something like this: 10.115M5-201T-SWITCH-ENTRY.EXAMPLE.COM 10.115M5-201T-SWITCH-1.EXAMPLE.COM 10.115M5-201T-SWITCH-2.EXAMPLE.COM 10.115M5-201T-SWITCH-3.EXAMPLE.COM 10.115M5-201T-SWITCH-4.EXAMPLE.COM 10.115M5-301T-SWITCH-1.EXAMPLE.COM 10.116M6-332T-SWITCH-ENTRY.EXAMPLE.COM 10.116M6-332T-SWITCH-1.EXAMPLE.COM 10.116M6-332T-SWITCH-2.EXAMPLE.COM 10.116M6-332T-SWITCH-3.EXAMPLE.COM 10.116M6-432T-SWITCH-1.EXAMPLE.COM 10.116M6-432T-SWITCH-2.EXAMPLE.COM Each line contains a key string, followed a vertical bar, and then a value string. In Neo location syntax, we can refer to all of the devices whose key is 10.116 with the syntax: @k:10.116 The k stands for key, of course. If you ask Neo for details on that location, you will find: neo: location print @k:10.116 Devices (6) are: M6-332T-SWITCH-ENTRY.EXAMPLE.COM M6-332T-SWITCH-1.EXAMPLE.COM M6-332T-SWITCH-2.EXAMPLE.COM M6-332T-SWITCH-3.EXAMPLE.COM M6-432T-SWITCH-1.EXAMPLE.COM M6-432T-SWITCH-2.EXAMPLE.COM At MIT we find it useful to organize the keyfile by network number because of the addressing scheme we use. But the key can really be any text string. You may choose to create a keyfile more like: eastwingSWITCH1.EXAMPLE.COM eastwingSWITCH2.EXAMPLE.COM eastwingSWITCH3.EXAMPLE.COM northannexSWITCH4.EXAMPLE.COM northannexSWITCH5.EXAMPLE.COM northannexSWITCH6.EXAMPLE.COM coreSWITCH7.EXAMPLE.COM coreSWITCH8.EXAMPLE.COM core SWITCH9.EXAMPLE.COM and then refer to groups of devices as @k:core or @k:northannex . There is also no rule that says the same device can't belong to multiple key groups if that suits your needs. By default, Neo expects the keyfile to be named /usr/local/etc/neo.keyfile . You can modify this by changing one of Neo's built-in variables , described in Section 4.4.3, or by using the -k command line option, described in Section 4.4.11. The Port SyntaxA port designator, if present in a location, always precedes the at sign. If the location is to refer to an entire device, the port is left off entirely. If we do wish to specify a port, the format will depend on the design of the device. Many devices have a simple notion of numbered ports; the first port on the device is port one, the next one is port two, and so on. The physical ports on the device may be labeled with this number. From a management point of view, there will typically be one or two more ports available via SNMP than are physically present on the device. These are loopback ports or ports otherwise intended for internal use. For a straightforward device like this, the port syntax is simply the number of the port. So port twelve on switch1.example.com would be: 12@switch1.example.com Other devices, particularly devices with removable modules, have a notion of a port being numbered by a board number and port number on that board. For example, a Cisco Catalyst switch may have six slots, each one capable of holding a board with 24 ports. Instead of numbering each port on the device with a unique integer, we'd like to refer to a port as the board number the port is on and then the port number on that board. The notation for this is board / port . So port five on board three on switch5.example.com would be: 3/5@switch5.example.com Note that this means the appropriate syntax depends on the type of device Neo is talking to. Most of the time, you will know the layout of the device before you wish to specify a particular port, but if you do use the wrong port syntax for a device, Neo will print a warning about the mistake. In Section 4.4.7, there is information on using the Neo device command to ask a device for its layout so that you will definitively know the correct syntax. Also be aware that some devices that do not physically have boards do have an internal notion of boards . The Cisco Catalyst 2948 has 50 static, numbered ports with no modular components , but internally, the Cisco software considers these ports to be on board two, while a phantom board one is the management board. Occasionally, you may wish to refer to a board itself with no particular port. You might want to ask a device about the status of board three, for example. The syntax for this is board /@ device , as in: 3/@switch5.example.com Just as you may wish to specify many devices in a single location, it is also useful to be able to specify many ports in a single location. You can use an asterisk in the port designator to represent multiple ports. By example: *@switch1.example.com refers to all ports on switch1.example.com, and this switch must be a switch without boards. If you wish to refer to all ports on a device that does have boards, use: */*@switch5.example.com Similarly, you could refer to all ports on a particular board with: 4/*@switch5.example.com Neo also allows you to use a period in place of an asterisk, for convenience in using wildcards on a shell command line. The following two examples are then identical: *@switch1.example.com .@switch1.example.com Note that wildcards like these can be used on only the left side of the at sign. Figure 4.3 summarizes the different forms of location syntax. Figure 4.3. Summary of Neo Location Syntax.
4.4.3 VariablesNeo has a number of built-in variables it uses for controlling user configuration options. Figure 4.4 lists the variables currently in use. You can list the value of all variables by typing the print command with no arguments: neo: print writecom = 'public' readcom = 'public' keyfile = '/usr/local/etc/neo.keyfile' statsdelay = 5 timeout = 8 macmode = 'standard' version = '1.2.12 (Atropine)' burst = 1 Figure 4.4. All Neo Variables.
You can change the value of a variable with the set command, and you can view the value with the print command: neo: set writecom mysecret neo: print writecom writecom = 'mysecret' The above example sets the SNMP community used for SNMP writes to mysecret . When setting the writecom and readcom variables only, you may leave off the final argument and Neo will prompt you to enter the community name without echoing the keystrokes you type to the terminal. This allows an operator to enter a secret string without others being able to see it. The timeout variable controls how long Neo should wait for an SNMP response from a device. The value is in seconds and the default is eight seconds. If for some reason this is not a long enough timeout, you can change the value. The burst variable can be used to force SNMP to send multiple copies of packets in the event that network conditions are degraded and packets are being dropped. This is discussed later in the chapter, as are the statsdelay and macmode variables. 4.4.4 The Arpfind CommandThe arpfind command queries a device's ARP cache in order to translate an IP address to a hardware address. The syntax is simply: arpfind hostname devicelocation . For example: neo: arpfind myhost.example.com router.example.com router.example.com says 10.5.1.2 is 00:03:BA:09:1F:36 Or if you wish to search multiple devices, you can use a more interesting location syntax: neo: arpfind otherhost.example.com @k:routers router-east.example.com says 10.6.0.12 is 08:00:20:9A:D3:5F 4.4.5 The Locate CommandAs described earlier, the locate command searches a switch's forwarding table for a particular hardware address. The syntax for the locate command is locate [-v] [-u] address devicelocation . Typical use would be: neo: locate 00:03:BA:09:1F:36 @k:northannex Found on 6@switch13.example.com There is an important subtlety to notice here. If we run the locate command again with the -v option, it tells us about all the devices being searched: neo: locate -v 00:03:BA:09:1F:36 @k:northannex Probing devices ... Searching switch11 ... Searching switch12 ... Searching switch13 ... Found on 6@switch13 ... Searching switch14 ... Searching switch15 ... Searching switch16 ... 1 locations found In this particular example, all the switches are on the same physical network. But then why doesn't this MAC address appear on the other switches as well? The answer is that Neo employs some trickery to try to ignore ports that are the uplink to the device. If you use the -u option to the locate command, Neo will print every location found, without filtering uplink ports: neo: locate -u 00:03:BA:09:1F:36 @k:northannex Found on 25@switch10 Found on 25@switch11 Found on 25@switch12 Found on 6@switch13 Found on 25@switch14 Found on 25@switch15 Found on 25@switch16 Here we see that port 25 is the uplink to these switches and that Neo filtered those answers for us. 4.4.6 The Port CommandThe port command has four different subcommands used to perform functions on a port:
These are all self-explanatory and examples follow. Do note that the port enable and port disable commands use an SNMP write. Assuming you do not have the write community for your devices set to "public," you will need to set the Neo SNMP write community first with the set writecom command. neo: port disable 22@switch.example.com 22@switch.example.com disabled neo: port enable 22@switch.example.com 22@switch.example.com enabled neo: port status 22@switch.example.com 22@switch.example.com enabled neo: port search 2/5@switch5.example.com 00:04:76:CB:B1:CD 00:05:02:4B:C6:50 00:06:5B:1D:68:43 00:06:5B:1D:68:46 00:50:8B:AD:FE:8E 00:E0:63:2B:D7:C4 00:E0:63:2B:D7:DC When you use the port search command, the macmode variable controls the format of the hardware addresses returned. Figure 4.5 provides examples of the different settings for the macmode variable and the hardware address format that each setting corresponds to. You may wish to change the format to "cisco" if you will be feeding the results to a Cisco command prompt, thereby saving you the effort of converting each address format yourself. Figure 4.5. Settings for the macmode Variable.
4.4.7 The Device Summary CommandThe device command has three subcommands:
The first command, device summary , provides a useful summary of the layout of a device. For a simple device without boards, this prints a summary of all ports: neo: dev sum switch1.example.com Port summary: p type u lnk adm ap ------------------------------ 1 100TX 100 On 2 100TX 100 On 3 100TX 10 On 4 100TX - On 5 100TX - On 6 100TX 100 On 7 100TX 10 On 8 100TX 100 On 9 100TX 100 On 10 100TX - On 11 100TX 100 On 12 100TX 100 On 13 100TX 100 On 14 100TX 100 On 15 100TX 100 On 16 100TX 100 On 17 100TX 100 On 18 100TX - On 19 100TX 100 On 20 100TX - On 21 100TX - On 22 100TX 100 On 23 100TX - On 24 100TX - On 25 100?X * 100 On 26 100?X * - On 27 loop 10 On The first column indicates the port number. The "type" column denotes the media type of the port. The "u" column contains an asterisk if Neo believes this port is an uplink. The "lnk" column is the link speed of the port, or a hyphen if no link is present. Finally, the "adm" column tells us whether the port is administratively on or off. The column marked "ap" is not often used, but it can indicate that a port has been automatically disabled by the device for some particular reason. On a device with boards, the device summary command is particularly useful because it shows us the board layout of the device: neo: dev sum switch5.example.com Board summary: b type sg ul ultype ----------------------------------------- 1 Mgmt2 2 1000X 0 2 24 10/100/1000T 0 3 24 10/100/1000T 0 4 Empty 5 Empty 6 24 100FX (mm) 0 The first column is the board number and the second is a description of the board. On this device, board three has 24 ports, each 10/100/1000T. The remaining columns are used occasionally for certain kinds of repeaters and indicate what segment the board is on and whether it has a modular uplink. The most important aspect of the device summary command is that it can be used on a device without your knowing what the layout of the device is ahead of time. If you're starting cold with just a host name for a device, the device summary command is a good way to get your bearings before proceeding with commands that expect you to know its layout. Once you do know that a device has boards, you can also use the device summary command to generate a port summary, just as for a device without boards. Simply use the location syntax for accessing all ports on a board: neo: dev sum 3/*@switch5.example.com Port summary: p type u lnk adm ap ------------------------------ 1 1000T - On 2 1000T - On 3 1000T - On 4 1000T - On 5 1000T - On 6 1000T - On 7 1000T - On 8 1000T - On 9 1000T - On 10 1000T - On 11 1000T - On 12 1000T - On 13 1000T - On 14 1000T - On 15 1000T - On 16 1000T - On 17 1000T - On 18 1000T 1000 On 19 1000T 1000 On 20 1000T 1000 On 21 1000T 1000 On 22 1000T 100 On 23 1000T 1000 On 24 1000T 1000 On 4.4.8 The Device Info CommandIn its simplest form, the device info command prints the system information from a device: neo: dev info switch.example.com switch.example.com Device type: C2200 Contact : admin@example.com Name : switch.example.com Location : 5-142T Uptime : 92 days 22:07:20 ObjectID : .1.3.6.1.4.1.52.3.9.3.4.84 Descr : Cabletron Systems, Inc. 2H253-25R Rev 04.00.... There are also subcommands that provide additional information. When possible, the device weather command will print information about the environmental conditions of the device: neo: dev info weather router.example.com Intake temp: 25C / 77F Hotpoint : 35C / 95F Exhaust : 32C / 89F The power subcommand will print information about the power status of the device. This may be the status of the power supplies on a piece of network hardware or detailed information about the condition of a UPS: neo: dev info power ups.example.com Type : Symmetra Name : # Alarms Present : <unsupported> Status : Normal Battery Capacity : 100% Battery Run Time : 0 d 02:44:00 Time On Battery : 0 d 00:00:00 Battery Voltage : <unsupported> Battery Current : <unsupported> Input 1 Voltage : 199 V Input 1 Current : <unsupported> Input 1 Freq. : 60 Hz Output 1 Voltage : 213 V Output 1 Current : 13 A Output 1 Freq. : 60 Hz Output 1 Load : 20% (device specific section) Battery Status : All batteries OK Last Fail Cause : Self Test If power or environmental information is not available for the device, Neo will print a warning message: neo: dev info power switch3.example.com Power info is not yet supported on this device 4.4.9 The Stats CommandThe stats command is another extremely useful Neo command. It prints per-port traffic statistics: neo: stats *@switch1.example.com Probing devices ... Getting first set of stats... Getting second set of stats... Port statistics: p type u lnk adm ap kbs ikbs okbs pps ipps opps ierps oerps --------------------------------------------------------------- 1 100TX 100 On 20 0 20 26 0 26 0 0 2 100TX 100 On 19 0 19 26 0 26 0 0 3 100TX 10 On 20 0 20 27 0 27 0 0 4 100TX - On 0 0 0 0 0 0 0 0 5 100TX - On 0 0 0 0 0 0 0 0 6 100TX 100 On 455 42 413 157 51 106 0 0 7 100TX 10 On 19 0 19 26 0 26 0 0 8 100TX 100 On 19 0 19 26 0 26 0 0 9 100TX 100 On 19 0 19 26 0 26 0 0 10 100TX - On 0 0 0 0 0 0 0 0 11 100TX 100 On 19 0 19 26 0 26 0 0 12 100TX 100 On 19 0 19 27 0 27 0 0 13 100?X * 100 On 382 368 14 84 71 13 0 0 14 100?X * - On 0 0 0 0 0 0 0 0 15 loop 10 On 59 28 31 80 40 40 0 0 Note that this is a device without boards. If we wanted port statistics on a device with boards, we would use: neo: stats 2/*@switch5.example.com Probing devices ... Getting device summary ... Getting first set of stats... Getting second set of stats... Port statistics: p type u lnk adm ap kbs ikbs okbs pps ipps opps ierps oerps ----------------------------------------------------------------- 1 1000T 1000 On 11 0 11 13 0 13 0 0 2 1000T 1000 On 235 78 157 191 90 101 0 0 3 1000T 1000 On 13 1 12 14 2 12 0 0 4 1000T 1000 On 36 12 24 43 15 28 0 0 5 1000T 100 On 287 253 34 54 27 27 0 0 6 1000T 1000 On 12 0 12 11 0 11 0 0 7 1000T 1000 On 11 0 11 10 0 10 0 0 8 1000T 1000 On 11 0 11 10 0 10 0 0 9 1000T 1000 On 11 0 11 10 0 10 0 0 10 1000T 1000 On 2200 2126 74 288 176 112 0 0 11 1000T 1000 On 2276 68 2208 306 106 200 0 0 12 1000T 1000 On 24 5 19 21 4 17 0 0 13 1000T 1000 On 14 0 14 14 0 14 0 0 14 1000T 1000 On 13 0 13 15 1 14 0 0 15 1000T 1000 On 13 1 12 13 2 11 0 0 16 1000T - On 0 0 0 0 0 0 0 0 17 1000T - On 0 0 0 0 0 0 0 0 18 1000T - On 0 0 0 0 0 0 0 0 19 1000T - On 0 0 0 0 0 0 0 0 20 1000T - On 0 0 0 0 0 0 0 0 21 1000T 1000 On 13 1 12 12 1 11 0 0 22 1000T 1000 On 12 1 11 10 0 10 0 0 23 1000T 1000 On 13 0 13 11 0 11 0 0 24 1000T 1000 On 12 0 12 10 0 10 0 0 which would give us port statistics for all ports on board two. Some devices support board statistics; that is, statistics on how much traffic is being handled by a particular board. If a device is capable of this, you can retrieve the information with stats */@ device or just stats device . In the above examples, the first few columns are labeled the same as for the device summary command. The latter columns denote, in order:
In the last example, we can see 2.2Mb/s of traffic on board two, ports 10 and 11. Looking more closely, we can see that 2.1Mb/s of traffic is coming from port 10 (into the port) and 2.2Mb/s of traffic is being sent to port 11 (out of the port). Our intuition tells us this is probably data being sent from a machine on port 10 to a machine on port 11, though it is entirely possible that the two machines are independently speaking to other machines on a different board. When running the stats command, you will usually notice a short delay between the text "Getting first set of stats..." and "Getting second set of stats...". This delay is present so that Neo can gather statistics over a reasonably average period of time. The default is five seconds, but you can change this by setting the statsdelay variable to another value. Note that Neo will allow there to be more time between data runs than the value specified in statsdelay , but it will always allow at least that much time. If for some reason Neo requires a long time to gather the first set of data, the second set may not begin until after the statsdelay time has elapsed. 4.4.10 Online HelpNeo has a complete online help system, which you can access by typing the help command with no arguments. Neo will print a list of help topics and the name of each command. If you give the topic or command name as an argument to the help command, Neo will print detailed information on the subject. For example, help locate will print information on using the locate command, and help syntax will print help on Neo's location syntax. 4.4.11 Command Line ArgumentsYou can use Neo in scripts by providing the commands you wish to execute as arguments to the program. For example: Solaris% neo arpfind host.example.com router.example.com 10.5.0.1 says 10.5.1.2 is 00:03:BA:09:1F:36 For convenience, Neo has four command line options. From help args : -k <keyfile> Set the kefyile to <keyfile>. -w <community> Set the write community to <community>. -r <community> Set the read community to <community>. -c <community> Set both the read and write communities to <community> This allows you to set private community names without requiring an extra command: Solaris% neo -w mysecret port dis 10@switch1.example.com 10@switch1.example.com disabled Be aware that this is a security risk. If you run Neo on a system that others can log into, and you place a secret community string on the command line, other users will be able to read it by looking at a list of running processes. 4.4.12 Other CommandsNeo has a few other commands that you may find useful. The hostinfo command performs DNS lookups, using built-in code: neo: hostinfo host.example.com Official name: HOST.EXAMPLE.COM Host address: 10.5.1.2 Host CPU: SUN/ULTRA-10 Host OS: SOLARIS The location print command, as illustrated earlier, can be used to print information about the devices present in a Neo location. The exec command can be used to exec a shell command from the Neo prompt. 4.4.13 Using Neo in Degraded Network ConditionsOne of the times we use Neo most is when a network is having an operational problem. Unfortunately, when a network is in trouble, it may be hard to get SNMP packets to the necessary devices on the network. Imagine a host on your network that has been broken into by a malicious cracker. The cracker runs a denial of service attack program that sends as much network traffic as possible to some distant host on another network. The traffic flooding the connection to your devices may make it difficult for your SNMP management packets to get through. In an effort to remedy this situation Neo has a variable called burst , whose default value is one. In this state Neo will send out one SNMP packet when it needs to make a request. If no response is received and the SNMP timeout is close to expiring, Neo will try sending a second packet. If the burst value is set to two, however, Neo will send out two packets each time instead of one. If the burst value is 10 Neo will send 10 identical SNMP requests each time. The hope is that one or more of the packets will make it through the noise and reach the device and that one of the responses will make it back to your management station. Use some care, even in very adverse network conditions, that you do not set the burst value too high. There is a tradeoff between ensuring reliability and adding to the congestion by sending multiple packets. Additionally, with a high burst rate, Neo has to work harder to process all the extra information sent and received. Generally, it's a good idea to try a burst setting between two and four before using anything higher. Larger values may be used, but they work better for queries that require only a few packets, such as disabling a port. Trying to gather statistics with a high burst rate can be difficult, for example. In general, there is probably never a reason to use a burst rate higher than 10 or 20, and those rates would be used only in the most extreme circumstances.  |
EAN: 2147483647
Pages: 85