Advanced Networking
+Routing & Switching:
+ Connecting Networks
+ Chapter 9:
+ Troubleshooting the Network
+
Connecting Networks
+Chapter 9:
+Troubleshooting the Network
++ Hacklab Cosenza / Centro di Ricerca su Tecnologia e Innovazione +
+Documentation
+Network Configuration Files
+-
+
- As a record of informations on network HW and SW +
- Informations can be about: +
- Type of device +
- IOS image name +
- Device network hostname +
- Location of the device (building, floor, room, rack, panel) +
- If it is a modular device +
- Data link layer addresses +
- Network layer addresses +
- Any additional important information about physical aspects of the device +
-
+
Documentation
+End-System Configuration Files
+-
+
- A record of information on HW and SW used in end-system device as servers, network management consoles, and user workstations +
- Informations can be about: +
- Device name +
- Operating system and version +
- IPv4 and IPv6 addresses +
- Subnet mask and prefix length +
- Default gateway, DNS server, and WINS server addresses +
- Any high-bandwidth network applications that the end system runs +
-
+
Network Topology Diagrams
+Best practice is create 2 diagrams with network topology.
+A Physical diagram that include (Physical Connections):
+-
+
- Device type, Model and manufacturer, Operating system version, Cable type and identifier, Cable specification, Connector type, Cabling endpoints. +
A logical diagram that include(Logical Connections):
+-
+
- Device identifiers, IP address and prefix lengths, Interface identifiers, Connection type, DLCI for virtual circuits, Site-to-site VPNs, Routing protocols, Static routes, Data-link protocols, WAN technologies used. +
Topology Example: Physical
+
+ Topology Example: Logical
+
+ Network Baselines
+It's best practice to measure the initial network’s performance in different conditions: this is the baseline.
+The baseline is used to assess the performance of the network and to prevent possible problems. The analysis of the baseline in exercise help to discover hidden problems when the network is operational.
+The measuring process of the first baseline can be performed using this step:
+-
+
- Determine what types of data to collect. - Good starting measures can be interface utilization and CPU utilization +
- Identify devices and ports of interest - identify those devices and ports for which performance data should be measured. +
- Determine the baseline duration +
Commands to collect data
+-
+
show version
+ show ip interface [brief]
+ show ipv6 inteface [brief]
+ show intefaces [interface_type interface_num]
+ show ip route
+ show ipv6 route
+ show arp
+ show ipv6 neighbors
+ show running-config
+ show vlan
+ show tech-support
+
Troubleshooting Process
+
+ Gathering Symptoms
+
+ Questioning End Users
+ +| Guidelines | +Example End-User Questions | +
| Determine the sequence of events that took place before the problem happened | +When exactly does the problem occur? | +
| Ask the user when the problem was first noticed | +When was the problme first noticed? | +
| Ask questions that are pertinent the problem | +What does not work? | +
| Use each question as a means to either eliminate or discover possible problems. | +Are the things that do work and the things that do not work reated? | +
| Ask the user to recreate the problem, if possible. | +Can you reproduce the problem? | +
| Speak at a technical level the user can understand | +Did the things that does not work ever work? | +
| Did anything unusual happen since the last time it worked? | +What has changed since the last time it did work? | +
Using Layered Model for Troubleshooting
+
+ Troubleshooting Methods
+-
+
- Bottom-up +
- Start troubleshooting process by physical layer to application layer. +
- Works well if suspected physical problem, not so great if problem is too up in the iso-osi model. +
- Top-down +
- Start troubleshooting process by Application layer to application layer. +
- Work well for simple application problems, at a disadvantage if there's a physical problem. +
- Divide-and-conquer +
- Net administrator knowledge +
-
+
-
+
Selecting a Troubleshooting Method
+
+ Troubleshooting Tools
+-
+
- Software +
- Network Management System Tools (solarwind, Spiceworks, Nagios, etc.) +
- Knowledge Bases +
- Host-Based Protocol Analyzers (e.g. Wireshark) +
- Cisco IOS Embedded Packet Capture +
- Hardware +
- Network Analysis Module +
- Digital Multimeters +
- Cable Testers +
- Cable Analyzers +
- Portable Network Analyzers +
-
+
-
+
Syslog Server
+syslog is a widely used standard for message logging. It permits separation of the software generating messages, the system storing them, and the software doing the reporting and analysis.
+Designers can use syslog for system management and security auditing as well as general informational, analysis, and debugging messages. A wide variety of devices use the syslog standard.
+Because of this, system designers can use syslog to integrate log data from different types of systems in a central repository. Implementations of syslog exist for many operating systems.
+Messages can be sent on: console, terminal line, buffered logging...
+R1(config)# logging host ***.***.***.***
+R1(config)# logging trap notifications
+R1(config)# logging onSyslog Levels
+
+ Physical Layer Troubleshooting
+Common Symptoms:
+-
+
- Performance lower than baseline +
- Loss of connectivity +
- Network bottlenecks or congestion +
- High CPU utilization rates +
- Console error messages +
Common Causes:
+-
+
- Power-related +
- Hardware faults +
- Cabling faults +
- Attenuation and/or noise +
- Interface configuration errors +
- Exceeding design limits +
- CPU overload +
Data Link Layer Troubleshooting
+Common Symptoms:
+-
+
- No functionality or connectivity at the network layer or above +
- Network is operating below baseline performance levels +
- Excessive broadcasts +
- Console messages +
Common Causes:
+-
+
- Encapsulation errors +
- Address mapping errors +
- Framing errors +
- STP failures or loops +
Network Layer Troubleshooting
+Common Symptoms:
+-
+
- Network failure +
- Suboptimal performance +
Common Causes:
+-
+
- General network issues +
- Connectivity issues +
- Neighbor issues +
- Topology database +
- Routing table +
Transport Layer Troubleshooting
+Common Symptoms:
+-
+
- Connectivity/Access issues +
Common Causes:
+-
+
- Selection of traffic flow +
- Order of access control entries +
- Implicit deny all +
- Addresses and IPv4 wildcard masks +
- Selection of transport layer protocol +
- Source and destination ports +
- Use of the established keyword +
- Uncommon protocols +
- BOOTP and DHCP +
- DNS and WINS +
- Tunneling and encryption protocols +
Application Layer Troubleshooting
+Applications layer issues depend by the application used by end-user. Problems in application layer can also be understood with other layer problems.
+Application problem can occur when other layers don’t work.
+Some common Application layer protocols are:
+-
+
- SSH/Telnet +
- HTTP +
- FTP +
- TFTP +
- SMTP +
- POP +
- Simple Network Management Protocol (SNMP) +
- DNS +
- Network File System (NFS) +