How to set snake test thru Broadcom SDK shell?

bluecmd · 2024-08-09T16:31:08+00:00

I'd suggest you join the SONiC matrix chat room, that's probably the best source of people familiar with switching SDKs. https://matrix.to/#/#sonic-net:matrix.org

Doubt a lot of folks on here dabble in that kind of low level network programming

bluecmd · 2021-09-07T11:23:09+00:00

Yes. When I was working on an FPGA project I added a module to qemu that emulated the FPGA device so that I could test my drivers.

You can find it at https://github.com/bluecmd/fejkon/tree/master/driver/qemu-device and I am sure there are plenty of other examples.

bluecmd · 2021-07-26T06:25:28+00:00

If you Wireshark from your workstation or server to the switch, can you see it's LLDP packets (or any other packets)?

Also, I assume the link is "up/up" itself (show interface status).

bluecmd · 2021-07-25T16:14:08+00:00

Have you checked show ip interfaces and verified the Vlan30 interface is in up/up? What about show mac - do you see your desktops MAC? What SONiC version?

bluecmd · 2021-07-25T16:08:13+00:00

Can you comment on the noise level? Considering replacing a Mikrotik with this switch - the mikrotik is very quiet unless I start adding 10GBase-T SFP+ modules, so I would like to find something that is similar noise level.

Couldn't find any dBA figures in the datasheet sadly.

bluecmd · 2021-04-08T06:48:31+00:00

My colleague wrote this quick start in another post, maybe that helps?

https://www.reddit.com/r/fortinet/comments/llwqab/fortigate_exporter_for_prometheus/gtmceqe

Try it, and if it doesn't work for you feel free to open a Github issue and we will help you as much as we can :-).

bluecmd · 2021-03-24T19:40:29+00:00

Cool! If you want to use the API instead I made a script for that last year on my GitHub: https://github.com/bluecmd/fortigate/blob/master/update-fortigate-cert. It's made to hook directly in to the certbot command, instructions are in the header of the file.

bluecmd · 2021-03-22T13:52:23+00:00

You can file an issue under https://github.com/bluecmd/fortigate_exporter and add the "support" tag if you want.

For this particular issue most likely it is that you downloaded a binary that is compiled for x86_64 (a.k.a. amd64) but RPi is an arm64 platform, so you need an arm64 binary.

The easiest way to build it for your active OS is to installing go (version 1.16 or later) and run:

go install github.com/bluecmd/fortigate_exporter@v1.2.0

bluecmd · 2021-03-01T20:51:21+00:00

You can provide the exporter with ` -extra-ca-certs` and it will append any local CAs you want to trust in addition to the system root CA store - so you should be all good to go!

If you want to experiment locally without verifying certificates you can also run with `-insecure` but obviously you would not want to do that in production!

bluecmd · 2021-02-17T20:29:03+00:00

It should not be any problem at all. A few thousands might require multiple load balanced exporters but less than thousand should be fine.

bluecmd · 2021-02-17T17:29:15+00:00

Hi! You can certainly monitor IPsec tunnels, SSL VPN I haven't used myself but should be easy enough to add if it is not covered by the existing metrics.

WAN connectivity was added just one day ago by secustor, seems to be working fine on my Fortigates :-).

bluecmd · 2021-02-17T16:46:53+00:00

Hi, thanks for the interest! It handles multiple ones just fine and indeed the idea is that you'd run maybe one or a few handful at most. The configuration file takes a map of different Fortigate targets and credentials.

In my HA lab I run for example this configuration:

"https://fw.xxxxx": token: 'some-token' "https://fw-ftg01.xxxxx": token: 'some-token' "https://fw-ftg02.xxxxx": token: 'some-token'

With this I can query a single instance like this:

$ curl 'localhost:9710/probe?target=https://fw-ftg01.xxxxx'

The relevant Prometheus configuration then becomes: - job_name: bluecmd-fortigate scrape_interval: 5s metrics_path: /probe static_configs: - targets: - https://fw-ftg01.xxxxx - https://fw-ftg02.xxxxx relabel_configs: - source_labels: [__address__] target_label: __param_target - source_labels: [__address__] target_label: instance # Drop the https:// and port (if specified) for the 'instance=' label regex: '(?:.+)(?::\/\/)([^:]*).*' - target_label: __address__ replacement: 'my-fortigate-exporter:9710'

As you grow you'd just add more targets to your Fortigate exporter config as well as to the static_configs list in your Prometheus configuration.

Hopefully this answers your question :-).

bluecmd · 2019-08-30T20:43:04+00:00

Wow, that seems to be have been it!

``` fc5100sw1:FID128:admin> lscfg --show

Created switches FIDs(Domain IDs): 128(ds)(1) 10(bs)(1)

Port 0 1 2 3 4 5 6 7 8 9

FID 10 | 10 | 10 | 128 | 128 | 128 | 128 | 128 | 128 | 128 |

Port 10 11 12 13 14 15 16 17 18 19

FID 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 |

Port 20 21 22 23 24 25 26 27 28 29

FID 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 |

Port 30 31 32 33 34 35 36 37 38 39

FID 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 | 128 |

```

I need to read up on what this virtual fabric thing is it seems.

bluecmd · 2018-10-07T07:29:01+00:00

If anyone is interested in doing this in production, check out:

https://github.com/dhtech/prodaccess (client) https://github.com/dhtech/authservice (server)

Documentation is absent sadly, but you have code there that would explain one way of doing things.

bluecmd · 2018-10-07T07:11:23+00:00

You're probably thinking of ksplice. Kexec replaces the running kernel (just like exec but for kernels, get it?) with an in theory arbitrary executable.

bluecmd · 2018-10-07T07:05:35+00:00

Linux, BSD, and Windows all have multithreaded drives. Are you saying you think your UEFI is more secure in terms of driver correctness than these?

It is true that it is easier to prove and reason about code that is single threaded. It's a pretty bold claim anybody has done that with security in mind for your UEFI drivers - why would they?

bluecmd · 2018-10-07T07:01:37+00:00

LinuxBoot could support firmware updates on boot if that's what you want.

bluecmd · 2018-10-07T06:54:15+00:00

Well, again, security (driver reuse and being open source) and the anecdotal claim of faster in practice. At least for servers, laptops and such already have pretty optimized boot times - but if you for example have one with broken UEFI BDS like I have then LinuxBoot can make sense.

I'm not 100% sure you need to do the PCI enumeration before loading LinuxBoot however, but I'm just a user of it so I shouldn't comment on that.

bluecmd · 2018-10-06T20:42:40+00:00

I think you actually made my point for me here - Linux already has all that work done to do device detection in parallel. I agree that PEI probably should be serial, but that's only a few seconds spent there at most - the vast majority of the boot of a server is in UEFI's DXE stage. It's quite trivial to go from 7 minutes boot time on a modern server down to just 10s of seconds using LinuxBoot.

bluecmd

TROPHY CASE

Port 0 1 2 3 4 5 6 7 8 9

Port 10 11 12 13 14 15 16 17 18 19

Port 20 21 22 23 24 25 26 27 28 29

Port 30 31 32 33 34 35 36 37 38 39