005-rare-hello-fod: : containerlab-fod-freertr.sh updated

lab/005-rare-hello-fod/containerlab-fod-freertr.sh

@@ -210,19 +210,19 @@ echo 1>&2
 
 echo1 "$0: 1.b. test0: unblocked ping: attacker $attacker_ip -> victim $victim_ip (FoD's exabgp not yet connected to freertr)" 1>&2
 
-echo1 "$0: 1.b.0. check freetrtr flowspec status/statistics (before unblocked ping):" 1>&2
+echo1 "$0: 1.b.0. check freetrtr flowspec peerings/DB/counters (before unblocked ping):" 1>&2
 #docker exec -ti clab-rtr005-rtr1 sh -c 'apt-get update && apt-get install netcat-traditional'
 #docker exec -ti clab-rtr005-rtr1 sh -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | netcat 127.1 2323'
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks "drp=[0-9]"
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks "drp=[0-9]"
 
 
 echo1 "$0: 1.b.1 unblocked ping (FoD's exabgp not yet connected to freertr)" 1>&2
 #docker exec -d -ti clab-rtr005-host1 ping -c 1 10.2.10.2
 (set -x; docker exec -ti clab-rtr005-host1 ping -c 5 10.2.10.2) | output_with_specific_colormarks "packets transmitted, .* received, .* packet loss"
 #(set -x; docker exec -ti clab-rtr005-host2 ping -c 5 10.1.10.1)
 
-echo1 "$0: 1.b.2. check freetrtr flowspec status/statistics (after blocked ping):" 1>&2
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks "drp=[0-9]"
+echo1 "$0: 1.b.2. check freetrtr flowspec peerings/DB/counters (after blocked ping):" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks "drp=[0-9]"
 
 if [ "$wait1" != 0 ]; then
   waitdelay1 
@@ -243,6 +243,9 @@ show_container_overview
 #to check the exabgp stdout: 
 sleep 10 && (set -x; docker exec -ti clab-rtr005-fod1 tail log/exabgp-stdout.log)
 
+echo1 "$0:    show freertr bgp peerings:" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') #| output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+
 #
 
 if [ "$wait1" != 0 ]; then
@@ -273,9 +276,9 @@ echo1 "$0: 3.a.1.a. show exabgp current exported rules/routes (before adding the
 #(set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | output_with_specific_colormarks .
 ((set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | grep . || echo "no rules in exabgp DB") | output_with_specific_colormarks .
 
-echo1 "$0: 3.a.1.b. show freertr flowspec status/statistics (before adding the blocking rule):" 1>&2
+echo1 "$0: 3.a.1.b. show freertr flowspec peerings/DB/counters (before adding the blocking rule):" 1>&2
 #(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks "drp=[0-9]"
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 echo1 "$0: 3.a.2. proper adding of blocking rule:" 1>&2
 (set -x; docker exec -ti clab-rtr005-fod1 ./inst/helpers/enable_rule.sh 10.1.10.1/32 10.2.10.2/32 1 1 "" 0) # first parameter: src IP prefix; second parameter: dst IP prefix; third parameter: 1=icmp ; 4-th parameter: 1=enable rule on router, i.e., push it now
@@ -287,9 +290,9 @@ echo1 "$0: 3.a.3.a. show exabgp current exported rules/routes (after adding the
 #(set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | output_with_specific_colormarks .
 ((set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | grep . || echo "no rules in exabgp DB") | output_with_specific_colormarks .
 
-echo1 "$0: 3.a.3.b. show freertr flowspec status/statistics (after adding the blocking rule):" 1>&2
+echo1 "$0: 3.a.3.b. show freertr flowspec peerings/DB/counters (after adding the blocking rule):" 1>&2
 #(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks "drp=[0-9]"
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 #
 
@@ -311,16 +314,16 @@ echo1 "$0: 3.b.1. show exabgp current exported rules/routes:" 1>&2
 #(set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | output_with_specific_colormarks .
 ((set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | grep . || echo "no rules in exabgp DB") | output_with_specific_colormarks .
 
-echo1 "$0: 3.b.2. show freertr flowspec status/statistics (before ping to be blocked):" 1>&2
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+echo1 "$0: 3.b.2. show freertr flowspec peerings/DB/counters (before ping to be blocked):" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 
 echo1 "$0: 3.b.3. perform proper ping to be blocked (attacker $attacker_ip -> victim $victim_ip):" 1>&2
 (set -x; ! docker exec -ti clab-rtr005-host1 ping -c 5 10.2.10.2) | output_with_specific_colormarks "packets transmitted, .* received, .* packet loss"
 #(set -x; ! docker exec -ti clab-rtr005-host2 ping -c 5 10.1.10.1)
 
-echo1 "$0: 3.b.4. show freertr flowspec status/statistics (after ping to be blocked):" 1>&2
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+echo1 "$0: 3.b.4. show freertr flowspec peerings/DB/counters (after ping to be blocked):" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 #
 
@@ -343,8 +346,8 @@ echo1 "$0: 4.a. test2.a: remove blocking rule via BGP" 1>&2
 echo1 "$0: 4.a.1.a. show exabgp current exported rules/routes (before removing the blocking rule):" 1>&2
 ((set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | grep . || echo "no rules in exabgp DB") | output_with_specific_colormarks .
 
-echo1 "$0: 4.a.1.b. show freertr flowspec status/statistics (before removing the blocking rule):" 1>&2
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+echo1 "$0: 4.a.1.b. show freertr flowspec peerings/DB/counters (before removing the blocking rule):" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 echo1 "$0: 4.a.2. proper removing of the blocking rule via BGP:" 1>&2
 (set -x; docker exec -ti clab-rtr005-fod1 ./inst/helpers/enable_rule.sh 10.1.10.1/32 10.2.10.2/32 1 0 "" 0) # first parameter: src IP prefix; second parameter: dst IP prefix; 3-rd parameter: 1=icmp ; 4-th parameter: 0=disable rule on router if it exists and is active or just create rule in INACTIVE state in FoD DB 
@@ -355,8 +358,8 @@ echo1 "$0:        list demo rules in FoD:" 1>&2
 echo1 "$0: 4.a.3.a. show exabgp current exported rules/routes (after removing the blocking rule):" 1>&2
 ((set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | grep . || echo "no rules in exabgp DB") | output_with_specific_colormarks .
 
-echo1 "$0: 4.a.3.b. show freertr flowspec status/statistics (after removing the blocking rule):" 1>&2
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+echo1 "$0: 4.a.3.b. show freertr flowspec peerings/DB/counters (after removing the blocking rule):" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 #
 
@@ -377,14 +380,14 @@ show_container_overview
 echo1 "$0: 4.b.1. show exabgp current exported rules/routes:" 1>&2
 ((set -x; docker exec -ti clab-rtr005-fod1 sh -c '. ./venv/bin/activate && exabgpcli show adj-rib out extensive') | grep . || echo "no rules in exabgp DB") | output_with_specific_colormarks .
 
-echo1 "$0: 4.b.2. show freertr flowspec status/statistics (before ping NOT to be blocked):" 1>&2
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+echo1 "$0: 4.b.2. show freertr flowspec peerings/DB/counters (before ping NOT to be blocked):" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 echo1 "$0: 4.b.3. proper ping NOT to be blocked (attacker $attacker_ip -> victim $victim_ip):" 1>&2
 (set -x; docker exec -ti clab-rtr005-host1 ping -c 5 10.2.10.2) | output_with_specific_colormarks "packets transmitted, .* received, .* packet loss"
 
-echo1 "$0: 4.b.4. show freertr flowspec status/statistics (after ping NOT to be blocked):" 1>&2
-(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
+echo1 "$0: 4.b.4. show freertr flowspec peerings/DB/counters (after ping NOT to be blocked):" 1>&2
+(set -x; docker exec -ti clab-rtr005-rtr1 bash -c '{ echo "show ipv4 bgp 1 flowspec summary"; echo "show ipv4 bgp 1 flowspec database"; echo "show policy-map flowspec CORE ipv4"; echo exit; } | (exec 3<>/dev/tcp/127.0.0.1/2323; cat >&3; cat <&3; exec 3<&-)') | output_with_specific_colormarks '(f01:200a:20a:202:200a:10a:103:8101)|(drp=[0-9])'
 
 ##