SLX data center routers like the 9540, 9640 and 9850 models do have special virtual 10-gigabit ethernet interfaces called “insight interfaces”, that are able to capture and display the passed-by traffic. The insight interfaces appear as a virtual ethernet device inside an isolated Ubuntu Linux 16.04 virtual machine, called short TPVM.

This makes it possible to run tools or services like tcpdump, p0f, snort or other tools directly on the router without any more environment or dedicated server.

The TPVM itself is a co-existing kernel-based virtual machine (KVM) to the management SLX-VM, running on one of the cores of the embedded Intel processor. Both virtual machines themself run on an Ubuntu Host operating system.

To start and get ready to rumble for the insight analytics path, we need to follow these steps:

Install and start TPVM from privileged mode

Add an insight interface from configuration mode

Add filter or mirror ACLs rules to the insight interface

Run applications inside TPVM, e.g. tcpdump

I will split the guide for readability into three single articles, starting today with the basic installation and configuration of TPVM itself.

TPVM

TPVM before SLXr18.2 was shipped within the SLX-OS image itself, but with the recent version changes, it has been decoupled and needs to be downloaded and copied in a separate process.

You can download and check the install instructions in the support panel, but basically you want to uninstall a previous installed TPVM version from the SLX first and then copy the Debian packages into the SLX-VM and the directory /tftpboot/SWBD2900.

The commands for the cleanup will look bit like this.

slx# tpvm stop

slx# tpvm uninstall

slx# start-shell

Entering Linux shell for the user: admin

[admin@slx]# rm -rf /tftpboot/SWBD2900/vm-swbd2900-*.deb

This will free up the current TPVM image, afterwards you can proceed to copy the new version to the SLX-VM with the help of scp or your favorite ssh tool.

~joerg$ scp tpvm-2.0.0–0.amd64 admin@slx:/tftpboot/SWBD2900/

Check the Extreme SLX-OS Management Config Guide for version 18.r2 in doubt.

Installation

We will first check the current status of the installation by running the show tpvm status — command from the SLX privileged prompt.

slx# show tpvm status

TPVM is not installed

In this case, nothing is pre-installed so we can continue to execute the install command, else we could uninstall a previous instance with tpvm uninstall.

slx# tpvm install

Installation starts. To check the status use ‘show tpvm status’ command

slx# show tpvm status

TPVM is being installed now

After a few moments, the TPVM installation is finished and we can check the status again and boot up things.

slx# show tpvm status

TPVM is installed but not running, and AutoStart is disabled on this host.

slx# tpvm start

start succeeds

slx# show tpvm status

TPVM is running, and AutoStart is disabled on this host.

Access TPVM

Now comes the confusing part and I don’t like the official documentation about this so much.

After you have booted TPVM, there are five possible ways to access its Linux shell through SSH or TTY with the default credentials admin/password.

TPVM tries to register an IPv4 address by DHCP on the bridged management ethernet interface and you can login with SSH. TPVM tries to send IPv6 router solicitation packets and tries to acquire a local IPv6 address with NDP and you can login with SSH. TPVM registers an IPv6 link-local address with NDP and also a login with SSH is possible. The “may not be supported way”: The TPVM login prompt is catchable by hijacking the terminal session directly from the HOST-OS (see Inside Extreme SLX architecture) Access TPVM by console serial port (I am not showing this way though), works similar like point 4.

Execute the show tpvm ip-address-command and decide which way you want to use:

show tpvm ip-address

IPv4:

eth0 192.168.2.249

docker0 172.17.0.1

IPv6:2a02:0000:c000:0:da80:00ff:f00b:8800

eth0: fe80::da80:00ff:f00b:8800

1.) and 2.) Access TPVM with DHCP or ND served addresses

If there is an IPv4 or a globally routed IPv6 address visible, you can call yourself happy and directly connect to TPVM with the internal SSH client by using the mgmt virtual router and forwarding instance.

slx# ssh 192.168.2.249 -l admin vrf mgmt-vrf

admin@192.168.2.249’s password:

Also if you have a routed IPv6 prefix on your management port:

slx# ssh 2a02:0000:c000:0:da00:00ff:f00b:8804 -l admin

admin@2a02:0000:c000:0:da00:00ff:f00b:’s password:

3.) Access TPVM with link-local IPv6 addresses

But if we are not running a local DHCP or not spanning IPv6 - router advertisements on our management devices, we may end up like this:

slx# show tpvm ip-address

IPv4:

docker0 172.17.0.1

IPv6:

eth0

eth0 fe80::da00:00ff:f00b:8800

The catch is to use the IPv6 link-local addresses to make the first login and alter the local network config inside the TPVM and set a static IPv4 or IPv6 address, that is much more easier reachable from the inside of the SLX-VM or even the global outside.

First, we note down the IPv6-address from the shell output, starting with fe80 and then try to ping it from the SLX command line using the mgmt-vrf as virtual router:

slx# ping ipv6 fe80::da00:00ff:f00b:8800 interface management vrf mgmt-vrf

Type Control-c to abort

64 bytes from fe80::da00: icmp_seq=0 ttl=64 time=3.239 ms

64 bytes from fe80::da00: icmp_seq=1 ttl=64 time=1.985 ms

In a perfect world a direct SSH connection with IPv6 from the SLX prompt would work, but there seems to be an error or bug in the current code. I have already submitted this as a bug to Extreme.

slx# ssh fe80::da84:66ff:feeb:8804 -l admin interface management vrf mgmt-vrf

Invalid Interface

So for a first connection to TPVM, we will first drop into the Linux shell of the SLX virtual machine with the start-shell-command and then execute the SSH client directly.

slx# start-shell

Entering Linux shell for the user: admin

[admin@slx]# ssh -6 fe80::da00:00ff:f00b:8800%eth0 -l admin

Welcome to Ubuntu 16.04.4 LTS (GNU/Linux 4.4.0–128-generic x86_64) Last login: Tue Apr 2 12:12:46 2019

admin@TPVM:~$

Please be sure to set the -6 parameter for IPv6 address parsing, and add the local interface %eth0 to the address, else the network stack can’t target the right outgoing interface for link-local schemes.

Also add the -l parameter and specify the username as admin .When asked for a password, simply type “password” like said before.

4.) The “not so supported way”

If all things break or you need to do some crash recovery, we can login via the attaching to a tmux session, created on startup of the Host OS. To do this, we first need to connect into the Host OS via the SLX prompt.

My other article “Inside Extreme Networks SLX” might come handy for this, but I will repeat the login procedure here.

From the SLX prompt we need to connect via telnet or ssh to the loopback address 127.2.0.1 and login with the default Brocade login: username: root , password: fibranne.

slx# telnet 127.2.0.1 vrf mgmt-vrf Trying 127.2.0.1…

Connected to 127.2.0.1.

Escape character is ‘^]’.

Ubuntu 14.04 LTS

HOST login: root

Password: Last login: Wed Jan 2 16:12:38 GMT 2019 from pb_vm1 on pts/6 Welcome to Ubuntu 14.04 LTS (GNU/Linux 4.4.7 x86_64)



root@HOST:~#

On boot up the SLX Host operating system will start a tmux session on the hardware console port and will span one virtual serial port for the TPVM.

So after you have logged into the host OS, you can just attach the existing tmux session and use the function keys F1, F2 or F3 to switch between the virtual serial port of the Ubuntu host OS, the SLX-VM and the TPVM prompt.

root@HOST:~# /fusion/sbin/tmux attach -t FUSION_KVM Ubuntu 14.04 LTS HOST ttyS0

HOST login:

Password:

PRESS F2 SLX-OS (slx)

slx login:

PRESS F3 Ubuntu 16.04.4 LTS TPVM ttyS0

TPVM login: admin

Password: password 122 packages can be updated.

70 updates are security updates. admin@TPVM:~$

With the F9 — button you can detach the tmux session again.

And finally logged in…

Inside TPVM we will open a root shell with the sudo command and entering the admin password once again.

admin@TPVM:~$ sudo -s

[sudo] password for admin:

root@TPVM:~# id

uid=0(root) gid=0(root) groups=0(root)

Regular Linux programs and commands will apply from this timepoint. With the ip program we can list all attached network interfaces.

Beside the docker- and the loopback interface, there is the eth0 interface for the management and eth1 for the insight interfaace, that is still running in down state. Eth1 will change its status to up, as soon it is activated from the SLX-VM command line.

root@TPVM:~# ip -4 link

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000

link/ether d8:00:00:00:00:04 brd ff:ff:ff:ff:ff:ff

3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000

link/ether d8:00:00:00:00:02 brd ff:ff:ff:ff:ff:ff

4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default

link/ether 02:42:28:2d:60:b9 brd ff:ff:ff:ff:ff:ff

To alter the network configuration in a persistent way, we need to change the file /etc/network/interfaces, that is read on startup by the ifupdown-scripts.

For example we can set the static ip address 192.168.1.5 within the range of a fictive management network of 192.168.1.0/24 by editing the file like this:

source /etc/network/interfaces.d/*

auto lo

iface lo inet loopback auto eth0

iface eth0 inet static

address 192.168.1.5

netmask 255.255.255.0

gateway 192.168.1.1 auto eth1

iface eth1 inet manual

Also you can apply this change instantly by typing ifdown eth0 && ifup eth0 inside the shell. You can read more about ifupdown-scripts in the Ubuntu Wiki.

From here on

So from this point on, we shall have a working TPVM, that is accessible directly from the SLX-VM or from a dedicated management network. In the future part two we will finally configure and activate the insight interface.