Network Design <ul><li>In networking, scalability is the capability to grow and adapt without major redesign or reinstalla...
Hierarchical Model/Structure  Public Networks Building Backbone R R R R Campus Backbone R R R Local site Remote sites R R ...
Layers in Hierarchical Structure <ul><li>A hierarchical  model/structure may  include the following layers:  </li></ul><ul...
Advantages of Hierarchical Model <ul><li>Design & implementation: </li></ul><ul><ul><li>As each layer is assigned clear an...
Advantages of Hierarchical Model <ul><li>Scalability: </li></ul><ul><ul><li>Functionality is localized and potential probl...
Traffic Flow in Hierarchical Model <ul><li>A  hierarchical  model for  network design is  good  for controlling data traff...
Placement of servers <ul><li>Placement of servers  affect the traffic flow, hence, the usage of link bandwidth. </li></ul>...
Core Layer <ul><li>Typically, the Core layer provides connections between regional and main sites in a Wide Area Network (...
Features of routers at Core Layer <ul><li>Scalable: routers at the Core layer routers should provide multiple modules for ...
Core Layer - Load Balancing <ul><li>To add bandwidth, either increase the bandwidth of existing link, or put additional li...
Core Layer - Load Balancing <ul><li>Per-packet load balancing means that the router sends one packet for a destination ove...
Core layer: Redundant Links <ul><li>At the core layer,  redundant links  are needed  to provide fault tolerance so that ne...
Core layer:  dedicated link & dial-up link <ul><li>A reliable backbone may consists of dual, dedicated links.  Traffic loa...
Distribution Layer <ul><li>The distribution  layer provides policy-based connectivity.  Packet  manipulation  and handling...
Access Layer <ul><li>This  layer provides access to  services and data: servers and workstations are attached to this laye...
Three-layer, Two-layer, One-layer <ul><li>A three-layer model can meet the needs of many enterprise networks. </li></ul><u...
Campus Networks: broadcast issue <ul><li>Campus networks usually covers a building or several buildings in close proximity...
Network Traffic Pattern <ul><li>The 80/20 rule states that 80 percent of the traffic on a given network segment is local. ...
LAN Switching and The Hierarchical Model <ul><li>Access Layer : provides access-layer aggregation and L3/L4 services </li>...
Network Building Blocks <ul><li>Network building blocks may include the following: </li></ul><ul><ul><li>Switch block  </l...
Switch Block <ul><li>Access Layer </li></ul><ul><ul><li>Switches in the wiring closets connect users to the network. </li>...
Core Block Dual Core Collapsed Core Switch Block  Switch Block Switch Block Switch Block
Core Block <ul><li>A core is required when there are two or more switch blocks.  </li></ul><ul><li>The core block is respo...
Scalable Network – Key Characteristics <ul><li>Reliable and available  - A reliable network should be dependable and avail...
Reliable and Available Network <ul><li>In a highly reliable and available network, fault tolerance and redundancy make out...
Reliable & Available Network <ul><li>Scalable routing protocols  :  routers in the core of a network should converge rapid...
Responsive Network <ul><li>End users notice network responsiveness as they use the network, users expect network resources...
Responsive Network:  Traffic Prioritization & Queuing <ul><li>Routers may be configured to reorder packets so that mission...
Efficient Network <ul><li>An efficient network should not waste bandwidth, especially over costly WAN links. To be efficie...
Efficient Network - DDR <ul><li>With Dial-on-demand routing (DDR), low-volume, periodic network connections can be made ov...
Efficient Network - Snapshot routing <ul><li>Distance vector routing protocols typically update neighbor routers with thei...
Making a network adaptable <ul><li>An adaptable network will handle the addition and coexistence of multiple routed and ro...
Accessible and secure <ul><li>Accessible networks let users connect over a variety of technologies.  </li></ul><ul><li>Use...
Accessible and secure <ul><li>A RADIUS client, also referred as Network Access Server (NAS), provides the remote connectio...
Accessible and Secure - WLAN <ul><li>Security problems with early WLAN systems (WEP based IEEE802.11) </li></ul><ul><ul><l...
Troubleshooting <ul><li>Troubleshooting begins by looking at a methodology that breaks down the process of troubleshooting...
Gather Symptoms <ul><li>Troubleshooter gathers and documents symptoms from the network, end systems, or users. </li></ul><...
Gathering Symptoms <ul><li>Problem is reported by a person or by software </li></ul><ul><li>Often involves communicating w...
Isolation & Correcting Problems <ul><li>Isolation of problem: </li></ul><ul><ul><li>Identify the characteristics of proble...
Layered Approach <ul><li>OSI model is useful in troubleshooting networks.  The model allows troubleshooting to be describe...
Bottom-up <ul><li>When applying a bottom-up approach towards troubleshooting a networking problem, the examination starts ...
Top-down <ul><li>When applying a top-down approach towards troubleshooting a networking problem, the end user application ...
Divide and conquer <ul><li>When the divide and conquer approach is applied towards troubleshooting a networking problem, a...
Selecting an approach <ul><li>A troubleshooting approach is often selected based on its complexity. </li></ul><ul><li>A bo...
Documentation <ul><li>An inventory of equipment and software, such as a list of MAC addresses and IP addresses. </li></ul>...
Monitoring and Logging <ul><li>Event logs are useful for troubleshooting and monitoring performance.  </li></ul><ul><li>An...
Logging <ul><li>The syslog.conf file specifies rules for logging of system messages on Linux/Unix systems.  </li></ul><ul>...
Logging Policies <ul><li>Data logged should be kept for a period rather than deleted immediately </li></ul><ul><li>Log fil...
Troubleshooting TCP/IP network <ul><li>Step 1. Check whether the local host is properly configured, is subnet mask, defaul...
Useful tools <ul><li>netstat  — shows connections, services, routing </li></ul><ul><li>ifconfig — shows network interfaces...
netstat <ul><li>netstat  can show statistics about network interfaces, including number of packet/bytes sent/received, etc...
ipconfig/ifconfig  and  route <ul><li>ipconfig (Windows), ifconfig (Linux) </li></ul><ul><ul><li>Check interface status: c...
Ping <ul><li>A useful tool for checking connectivity.  Sends an ICMP echo_request message and waits for an ICMP echo_reply...
Path Discovery: traceroute <ul><li>As the name suggest, traceroute (in Windows, tracert) provides the information about th...
Rough measurement with  ping <ul><li>Transmission delay – time to put signal onto the media. </li></ul><ul><li>Propagation...
What is Packet Capture? <ul><li>Real time collection of data as it travels over networks.  Works by putting network interf...
tcpdump <ul><li>Be careful not to invade privacy of others.  Do not capture packet without permission! </li></ul><ul><li>F...
tcpdump - filter <ul><li>Can specify protocol:  </li></ul><ul><li>tcpdump ip </li></ul><ul><li>tcpdump tcp </li></ul><ul><...
Ethereal <ul><li>Ethereal can read data captured by  tcpdump </li></ul><ul><li>Ethereal can capture data itself </li></ul>...
Port Monitoring – switched network <ul><li>Don't do port monitoring without permission! </li></ul><ul><li>Port monitoring ...
Port Monitoring – switched network <ul><li>Don't do port monitoring without permission! </li></ul><ul><li>Source Port: a p...
Port Scanning <ul><li>Do not port scan machines without permission!   Port scanning can be interpreted as a cracking attem...
Upcoming SlideShare
Loading in …5
×

page 1 Network Design

1,033 views

Published on

  • Be the first to comment

page 1 Network Design

  1. 1. Network Design <ul><li>In networking, scalability is the capability to grow and adapt without major redesign or reinstallation. </li></ul><ul><li>Good design is the key to a network's capability to scale . To be scalable, a network design should follow a hierarchical model. </li></ul><ul><li>Hierarchical design model simplifies network design in a similar way the OSI 7-layer protocol model simplifies the communications between computers. </li></ul><ul><li>A hierarchical network design model breaks the complex problem of network design into smaller, more manageable problems. </li></ul>
  2. 2. Hierarchical Model/Structure Public Networks Building Backbone R R R R Campus Backbone R R R Local site Remote sites R R Distribution Layer Core Layer Access Layer R Regional site B Regional site C Regional site D Regional site A Switch Switch Switch Switch Switch
  3. 3. Layers in Hierarchical Structure <ul><li>A hierarchical model/structure may include the following layers: </li></ul><ul><ul><li>C ore layer that provides optimal transport between regional sites or at the network backbone.  </li></ul></ul><ul><ul><li>D istribution layer that provides policy-based connectivity </li></ul></ul><ul><ul><li>A ccess layer that provides workgroup and user access to the network resources </li></ul></ul><ul><li>Layered models are useful because they facilitate modularity. Since devices at each layer have similar and well-defined functions, administrators can easily add, replace/remove individual device. </li></ul>
  4. 4. Advantages of Hierarchical Model <ul><li>Design & implementation: </li></ul><ul><ul><li>As each layer is assigned clear and specific functions, it is easier to choose the right systems and features for that layer. Implementation of each layer and the overall network is more simple. </li></ul></ul><ul><ul><li>Each layer addresses a different set of problems so that the hardware and software can be optimized for specific roles. Devices in the same layer can be configured in a consistent way. </li></ul></ul><ul><ul><li>Modularity in network design help replicating design elements. </li></ul></ul><ul><ul><li>Predictability : the behaviour of a network is more predictable, capacity planning for growth is easier. Modelling of network performance is made easier. </li></ul></ul>
  5. 5. Advantages of Hierarchical Model <ul><li>Scalability: </li></ul><ul><ul><li>Functionality is localized and potential problems can be recognized more easily, hence, network can grow much larger without sacrificing control or manageability </li></ul></ul><ul><ul><li>Changes can be more easily implemented. Costs and complexity of upgrade are limited within a subset of the overall network. In large but flat network architecture, changes can affect many parts of the network. </li></ul></ul><ul><li>Ease of troubleshooting: </li></ul><ul><ul><li>It is easier to isolate problems in a network as the functions of the individual layers are well defined. </li></ul></ul><ul><ul><li>Easier to identify failure points in a network by structuring the network into small, easy-to-understand elements. </li></ul></ul>
  6. 6. Traffic Flow in Hierarchical Model <ul><li>A hierarchical model for network design is good for controlling data traffic patterns . With routers suitably placed in the network, unnecessary traffic will not flow from one layer to the other layer. </li></ul><ul><li>Together with a suitable placement of servers, traffic flow can be effectively controlled. </li></ul><ul><li>For example, when clients in site Z access their local server, the traffic will not go up to the regional router. Only when clients in site Z access servers in other sites will the traffic go up to the regional router and then down to the required site. </li></ul>R R Switch WAN R R R R Site X Site Y Site Z Regional site B Regional site C Regional site A server Switch Switch
  7. 7. Placement of servers <ul><li>Placement of servers affect the traffic flow, hence, the usage of link bandwidth. </li></ul><ul><li>Some servers (like email servers) are frequency accessed by all clients in the network, while some servers (like file servers) only serve specific client groups. The former is referred as enterprise server and the latter as workgroup server. </li></ul><ul><li>To avoid necessary traffic flow across layers and sites, wasting network bandwidth; </li></ul><ul><ul><li>enterprise server s are better placed at a higher layer in the hierarchy </li></ul></ul><ul><ul><li>workgroup servers should be placed in the access layer </li></ul></ul>
  8. 8. Core Layer <ul><li>Typically, the Core layer provides connections between regional and main sites in a Wide Area Network (WAN). </li></ul><ul><li>However, t he core of a network does not have to exist in the WAN, a LAN backbone can also be part of the core layer. Gigabit Ethernet is a typical core layer technology. </li></ul><ul><li>The Core layer provides optimized and reliable transport structure by forwarding traffic at very high speeds. </li></ul><ul><li>Core layer routes/switches packets as fast as possible. </li></ul><ul><li>Devices at the core layer should not be burdened with any processing that slow down the speed: no access-list checking, no data encryption, no address translation (NAT) at the Core layer. </li></ul>
  9. 9. Features of routers at Core Layer <ul><li>Scalable: routers at the Core layer routers should provide multiple modules for different media types (copper, fiber, etc.) Routers at the Distribution layer generally need fewer interfaces. </li></ul><ul><li>Features (for reliability) of routers at the Core layer: </li></ul><ul><ul><li>redundant symmetrical links </li></ul></ul><ul><ul><li>redundant power supplies </li></ul></ul><ul><li>Although many packet processing functions are not preferred in the Core layer, the most powerful routers should be used in the Core layer to provide high speed and reliable transport of data between regional sites. </li></ul><ul><li>Routers at the Distribution layer usually has lower switching speed than routers at the Core layer because they should handle less traffic. </li></ul>
  10. 10. Core Layer - Load Balancing <ul><li>To add bandwidth, either increase the bandwidth of existing link, or put additional links. The latter require routers to provide load balancing function. Load balancing/sharing can be Per-Destination (Fast Switching) or Per-Packet ( Process Switching). </li></ul><ul><li>Per-destination load balancing: </li></ul><ul><ul><li>given two paths to the same network, all packets for one destination IP address will travel over the first path, all packets for a second destination will travel over the second path, and so on. </li></ul></ul><ul><ul><li>when router switches first packet to a particular destination, a routing table lookup is performed. The route and data-link information is stored in the fast switching cache. Subsequent packets to the same destination are immediately switched out the same interface without performing another routing table lookup. </li></ul></ul>
  11. 11. Core Layer - Load Balancing <ul><li>Per-packet load balancing means that the router sends one packet for a destination over the first path, the second packet for the same destination over the second path, and so on. </li></ul><ul><li>Per-destination Vs Per-Packet load balancing </li></ul><ul><ul><li>Per-packet load balancing may distribute traffic more evenly </li></ul></ul><ul><ul><li>Per-destination (Fast switching) provides a lower switching time and processor utilization. </li></ul></ul><ul><ul><li>Per-destination load balancing can preserve packet order. Per-packet load balancing guarantees equal load across all links. However, there is potential that the packets may arrive out of order at the destination because differential delay may exist within the network. </li></ul></ul>
  12. 12. Core layer: Redundant Links <ul><li>At the core layer, redundant links are needed to provide fault tolerance so that network can withstand individual link failure. Together with load balancing of routers, link bandwidth is increased. Response times is lowered, application availability is improved. </li></ul><ul><li>Multiple routers can be used to terminate dual links so that there is not a single-point-of-failure. </li></ul><ul><li>Main disadvantage of duplicating WAN links to each site is cost. In larges network, especially those using star topology, many links are required. A lower cost alternative is using a partial/semi-meshed or ring topology. </li></ul>Star topology with redundant links partial-mesh topology A D B C A D B C
  13. 13. Core layer: dedicated link & dial-up link <ul><li>A reliable backbone may consists of dual, dedicated links. Traffic load can be shared between the two links. </li></ul><ul><li>Another model is one dedicated link and one dial-up (switched) link. </li></ul><ul><ul><li>Under normal operational conditions, the dial-up link is not operational until the dedicated link fails. </li></ul></ul><ul><ul><li>The dial-up link can also be setup when the dedicated link has reach a limit of traffic load (say 90%) </li></ul></ul>
  14. 14. Distribution Layer <ul><li>The distribution layer provides policy-based connectivity. Packet manipulation and handling occurs in this layer . A policy is an approach in handling certain kinds of traffic. Policies can be used to secure networks and to preserve resources by preventing unnecessary traffic. </li></ul><ul><li>The distribution layer is located between the access and core layer. This layer provide boundary definition using access lists/filters to limit what gets into the core. Traffic filters based on area or service type are used to provide policy-based access control. Access lists/filters can be used to permit or deny traffic from particular networks/nodes or particular protocols and applications. Access filters can be applied on incoming or outgoing ports. </li></ul><ul><li>If a network has two or more routing protocols, such as RIP and OSPF, route redistribution is done at the distribution layer. </li></ul>
  15. 15. Access Layer <ul><li>This layer provides access to services and data: servers and workstations are attached to this layer. Quick access to local services: workgroup servers and printers are placed in access layer. </li></ul><ul><li>Using VLANs, u sers can be grouped according to their logical function. </li></ul><ul><li>Access routers generally offer fewer physical interfaces than distribution and core routers. Access routers generally connect to access switches for user access to the network. </li></ul><ul><li>Provide connectivity: remote users access through WAN services such as ISDN or Frame Relay; local users access through Ethernet. </li></ul><ul><li>The access layer performs network entry security control. </li></ul><ul><ul><li>Routers at the access layer permit/deny users </li></ul></ul><ul><ul><li>Authenticating users: prevent unauthorized users from accessing network </li></ul></ul>
  16. 16. Three-layer, Two-layer, One-layer <ul><li>A three-layer model can meet the needs of many enterprise networks. </li></ul><ul><li>But not all organizations require a three-layer structure. In many cases, one-layer and two-layer design are suitable. </li></ul><ul><li>The way the layers are implemented depends on the needs of the network being designed. </li></ul><ul><li>However, a hierarchical structure should be planned or maintained to allow for future expansion. A two-layer structure may expand into three-layer. </li></ul>
  17. 17. Campus Networks: broadcast issue <ul><li>Campus networks usually covers a building or several buildings in close proximity to each other. </li></ul><ul><li>Two major problems with traditional networks are availability and performance. These two problems are both impacted by the amount of bandwidth available. Broadcast type traffic can consume a lot of bandwidth and therefore affect the network performance. </li></ul><ul><li>Two methods can address the broadcast issue for large switched LANs </li></ul><ul><li>Use routers to create many subnets and limit broadcasts within individual subnets. This may create traffic bottleneck at the routers. </li></ul><ul><li>Another method is to implement virtual LANs (VLANs) in the switched network. VLAN provides various advantages of better bandwidth utilization, better security and administration (adding/moving computers in VLANs). </li></ul>
  18. 18. Network Traffic Pattern <ul><li>The 80/20 rule states that 80 percent of the traffic on a given network segment is local. No more than 20 percent of the network traffic move across the backbone of the network. </li></ul><ul><li>In today's networks, traffic patterns are moving toward the 20/80 model. In the 20/80 model, only 20 percent of traffic remains local to the workgroup LAN, and 80 percent of the traffic leaves the local network. Contributing factors of this shift in traffic patterns include; </li></ul><ul><ul><ul><li>The Internet </li></ul></ul></ul><ul><ul><ul><li>Server Farms </li></ul></ul></ul><ul><li>As majority of traffic leave the local network segment, congestion (traffic bottleneck) may occurs at routers at the distribution layer. </li></ul>
  19. 19. LAN Switching and The Hierarchical Model <ul><li>Access Layer : provides access-layer aggregation and L3/L4 services </li></ul><ul><li>Distribution Layer: provides policy-based connectivity </li></ul><ul><li>Core Layer: provides optimal connectivity between distribution blocks </li></ul>Switch Block 1 Switch Block 2 Core Layer Distribution Layer Access Layer Core Block switch switch
  20. 20. Network Building Blocks <ul><li>Network building blocks may include the following: </li></ul><ul><ul><li>Switch block </li></ul></ul><ul><ul><li>Core block </li></ul></ul><ul><ul><li>Server block </li></ul></ul><ul><ul><li>WAN block </li></ul></ul><ul><ul><li>Mainframe block </li></ul></ul><ul><ul><li>Internet connectivity </li></ul></ul><ul><li>Switch block provides switch and router functionality </li></ul><ul><li>Switch block provides Access Layer and Distribution Layer functions. </li></ul>
  21. 21. Switch Block <ul><li>Access Layer </li></ul><ul><ul><li>Switches in the wiring closets connect users to the network. </li></ul></ul><ul><ul><li>Access layer devices have redundant connections to the distribution layer device to provide fault tolerance. </li></ul></ul><ul><ul><li>Spanning-Tree Protocol (STP) is required in the access layer switches </li></ul></ul><ul><li>Distribution Layer </li></ul><ul><ul><li>Switches/routers provide broadcast control, security and connectivity for each switch block. </li></ul></ul><ul><ul><li>The distribution layer device provides switching and routing services. </li></ul></ul><ul><ul><li>A distribution layer device can be a switch plus an external router. </li></ul></ul><ul><ul><li>A distribution layer device can also be a multilayer switch </li></ul></ul>
  22. 22. Core Block Dual Core Collapsed Core Switch Block Switch Block Switch Block Switch Block
  23. 23. Core Block <ul><li>A core is required when there are two or more switch blocks. </li></ul><ul><li>The core block is responsible for transferring traffic between switch blocks at high speed. Traffic between switch blocks, server blocks, the Internet, and the wide-area network must pass through the core. </li></ul><ul><li>Core block must be able to pass traffic as quickly as possible </li></ul><ul><li>One or more switches can make up a core . To provide redundancy, at least two devices shall be present in the core. </li></ul><ul><li>With a Collapsed Core, distribution and core layer functions are performed in the same device. There is not a separated core block. The DL device of one switch block is connected to the DL device of another switch block directly, without a separate core layer device in between. </li></ul><ul><li>With a Dual Core, each switch block is redundantly linked to both core switches, providing two equal path links and twice the bandwidth. </li></ul>
  24. 24. Scalable Network – Key Characteristics <ul><li>Reliable and available - A reliable network should be dependable and available. </li></ul><ul><li>Responsive - A responsive network should provide Quality of Service (QoS) for various applications and protocols. </li></ul><ul><li>Efficient - Large internetworks must optimize the use of resources, especially bandwidth. Reducing the amount of overhead traffic results in an increase in data throughput. </li></ul><ul><li>Adaptable - An adaptable network is capable of accommodating disparate protocols, applications, and hardware technologies. </li></ul><ul><li>Accessible but secure - An accessible network allows different types of connections while securing network integrity. </li></ul>
  25. 25. Reliable and Available Network <ul><li>In a highly reliable and available network, fault tolerance and redundancy make outages and failures invisible to the end user. Devices and telecommunication links can be very expensive, however, the cost of a core router/link goes down, can be much higher. </li></ul><ul><li>Reliability can be expressed as Mean Time Between Failure (MTBF). </li></ul><ul><li>Availability can be expressed as an percentage of time when service is available, eg. service is available 99.9% during a day. </li></ul><ul><li>Reliable system may have high availability. High availability systems could be built with less reliable components if good fault-tolerant mechanism is used. </li></ul><ul><li>Core routers maintain reliability and availability. The following features can enhance reliability and availability: scalable routing protocols, alternative paths, load balancing and dial backup. </li></ul>
  26. 26. Reliable & Available Network <ul><li>Scalable routing protocols : routers in the core of a network should converge rapidly and maintain reachability to all networks and subnetworks. Simple distance vector routing protocols, such as RIP, take too long to update and adapt to topology changes. </li></ul><ul><li>Alternate Paths : redundant links maximize network reliability and availability, but they are expensive to deploy. </li></ul><ul><li>Load Balancing : redundant links do not necessarily remain idle until a link fails. Routers can distribute the traffic load across multiple links to the same destination. </li></ul><ul><li>Dial Backup : A redundant link could be too expensive. A backup link can be configured over a dialup technology, such as ISDN. </li></ul>
  27. 27. Responsive Network <ul><li>End users notice network responsiveness as they use the network, users expect network resources to respond quickly. </li></ul><ul><li>Traffic Prioritization enables policy-based routing and ensures that packets carrying mission-critical data take precedence over less important traffic. </li></ul><ul><li>To improve responsiveness in a congested network, routers may be configured to prioritize certain kinds of traffic based on protocol information, such as TCP port numbers. </li></ul><ul><li>If the router schedules packets for transmission on a first-come, first-served basis (First-In-First-Out FIFO queuing), users could experience an unacceptable lack of responsiveness. User sending delay-sensitive voice traffic may be forced to wait too long. Delay problem is even more serious in slow WAN links. </li></ul>
  28. 28. Responsive Network: Traffic Prioritization & Queuing <ul><li>Routers may be configured to reorder packets so that mission-critical and delay sensitive traffic is processed first. Higher priority packets are sent first even if other low priority packets arrive ahead of them. </li></ul><ul><li>Priority Queuing : </li></ul><ul><ul><li>assign different priority ( high, medium, normal, low ), according to various criteria, to different protocols </li></ul></ul><ul><ul><li>for those traffic classified as low priority, they might not get serviced in a timely manner, or at all. </li></ul></ul><ul><li>Custom Queuing : </li></ul><ul><ul><li>reserves bandwidth for a specific protocol, ensures a minimum amount of bandwidth be provided to the protocol. </li></ul></ul><ul><ul><li>configuration may include: specify max number of packets in each custom queue; specify amount of data to be forwarded from each queue during its turn in the cycle. </li></ul></ul>
  29. 29. Efficient Network <ul><li>An efficient network should not waste bandwidth, especially over costly WAN links. To be efficient, routers should prevent unnecessary traffic from traversing the WAN and minimize the size and frequency of routing updates. </li></ul><ul><li>Techniques that optimize a WAN connection: </li></ul><ul><ul><li>Access lists – filtering/stopping unwanted traffic </li></ul></ul><ul><ul><li>Snapshot routing </li></ul></ul><ul><ul><li>Dial-on-Demand Routing </li></ul></ul><ul><ul><li>Compression over WANs </li></ul></ul><ul><ul><li>Incremental updates: routing protocols such as OSPF send routing updates that contain information only about routes that have changed. </li></ul></ul>
  30. 30. Efficient Network - DDR <ul><li>With Dial-on-demand routing (DDR), low-volume, periodic network connections can be made over the switched network (such as ISDN, PSTN) in a cost effective way. </li></ul><ul><li>A router activates the DDR feature when it receives an IP packet destined for a location on the other side of the dial-up line. </li></ul><ul><li>The router dials the destination phone number and establishes the connection. When the transmission is complete, the line is automatically disconnected. </li></ul><ul><li>The main difference between dial backup and DDR is the reason for placing the call. With DDR, traffic to the called destination activates the link. With dial backup, the link can be activated as a result of a primary line failure or the utilization of the primary link has reached a predefined level. </li></ul>
  31. 31. Efficient Network - Snapshot routing <ul><li>Distance vector routing protocols typically update neighbor routers with their complete routing table periodically even there is no change in the network topology. Regular update would cause a dial-up link to re-establish just to maintain the routing tables. It is possible to adjust the timers, but snapshot routing is a better solution. </li></ul><ul><li>With snapshot routing, routers exchange their route tables during an initial connection. Then, waits until the next active period on the line before again exchanging routing information. </li></ul><ul><li>The router takes a snapshot of the routing table, which it uses while the dialup link is down. When the link is re-established, the router again updates its neighbors. </li></ul>
  32. 32. Making a network adaptable <ul><li>An adaptable network will handle the addition and coexistence of multiple routed and routing protocols. </li></ul><ul><li>Adaptable protocols are needed to support routing information for different routed protocols. </li></ul><ul><li>Adaptable protocols and routers also supports route redistribution, which allows routing information to be shared among two or more different routing protocols. For example, RIP routes could be redistributed, or injected, into an OSPF area. </li></ul>
  33. 33. Accessible and secure <ul><li>Accessible networks let users connect over a variety of technologies. </li></ul><ul><li>Users may be connected through wired or wireless LAN. </li></ul><ul><li>Remote users/sites may have access to several types of WAN services. </li></ul><ul><ul><li>Circuit-switched networks that use dialup lines </li></ul></ul><ul><ul><li>Dedicated networks that use leased lines </li></ul></ul><ul><ul><li>Packet-switched networks </li></ul></ul><ul><ul><li>VPN over the Internet </li></ul></ul><ul><li>The easier it is for legitimate users to access the network, the easier it is for unauthorized users to break in. Network administrator must secure the access. </li></ul><ul><ul><li>Access lists can be used to provide security. </li></ul></ul><ul><ul><li>Authentication and encryption should be used </li></ul></ul>
  34. 34. Accessible and secure <ul><li>A RADIUS client, also referred as Network Access Server (NAS), provides the remote connections for users. RADIUS client is typically a router, a VPN server/router or a wireless access point. A RADIUS servers perform authentication, authorization and accounting functions. </li></ul><ul><li>VPN is the extension of a private network that uses links across the Internet. With VPN, data sent between two computers across the public Internet are encrypted for confidentiality. Hence, it is just like sending data over a point-to-point private link . </li></ul><ul><li>IPSec is a set of protocols for creating and maintaining secure communications over IP networks. Many VPNs are based on IPSec. </li></ul><ul><li>SSL can be used to implement VPN. SSL based VPNs typically only require standard web browsers. </li></ul>
  35. 35. Accessible and Secure - WLAN <ul><li>Security problems with early WLAN systems (WEP based IEEE802.11) </li></ul><ul><ul><li>Open system authentication; SSID is sent in clear text </li></ul></ul><ul><ul><li>Wired Equivalent Privacy (WEP) </li></ul></ul><ul><li>Wi-Fi Protected Access (WPA) addresses the problems in WEP </li></ul><ul><ul><li>WPA uses the Temporal Key Integrity Protocol (TKIP) for encryption and IEEE802.1X/EAP for authentication. WPA2 uses the Advanced Encryption Standard (AES). </li></ul></ul><ul><ul><li>IEEE 802.1X is based on the use of authentication server (e.g. RADIUS) for user management and the Extensible Authentication Protocol for secured communication. </li></ul></ul>
  36. 36. Troubleshooting <ul><li>Troubleshooting begins by looking at a methodology that breaks down the process of troubleshooting into manageable pieces. This permits a systematic approach, minimizes confusion, and cuts down on time otherwise wasted with trial and error troubleshooting. </li></ul><ul><li>The stages of general troubleshooting process are: </li></ul><ul><ul><li>Step 1 – gather symptoms </li></ul></ul><ul><ul><li>Step 2 – isolate the problem </li></ul></ul><ul><ul><li>Step 3 – correct the problem </li></ul></ul><ul><li>The stages are not mutually exclusive. At any point in the process, it may be necessary to retrace to previous steps. For example, it may be required to gather more symptoms while isolating a problem. Often, when attempting to correct a problem, another unidentified problem could be created. </li></ul>
  37. 37. Gather Symptoms <ul><li>Troubleshooter gathers and documents symptoms from the network, end systems, or users. </li></ul><ul><li>Troubleshooter determines what network components have been affected and how the functionality of the network has changed compared to baseline. </li></ul><ul><li>Symptoms may appear in many different forms; alerts from network management system, console messages, and user complaints. </li></ul>
  38. 38. Gathering Symptoms <ul><li>Problem is reported by a person or by software </li></ul><ul><li>Often involves communicating with others </li></ul><ul><ul><li>It is like gathering requirements in software design </li></ul></ul><ul><ul><li>It is an iterative process </li></ul></ul><ul><li>Possible questions to ask: </li></ul><ul><ul><li>What does not work? What does work? </li></ul></ul><ul><ul><li>Are the things related? </li></ul></ul><ul><ul><li>When the problem was first noticed? </li></ul></ul><ul><ul><li>What has changed since the last time it did work? </li></ul></ul><ul><ul><li>Did any unusual thing happen? </li></ul></ul><ul><ul><li>When exactly does the problem occur? </li></ul></ul>
  39. 39. Isolation & Correcting Problems <ul><li>Isolation of problem: </li></ul><ul><ul><li>Identify the characteristics of problems at the logical layers of the network so that the most likely cause can be selected. </li></ul></ul><ul><ul><li>At this stage, may need to gather and document more symptoms depending on the problem characteristics that are identified. </li></ul></ul><ul><li>Correct the problem: </li></ul><ul><ul><li>Correct an identified problem by implementing, testing, and documenting a solution. </li></ul></ul><ul><ul><li>Make change to only one thing at a time. Gather results as you change each variable </li></ul></ul><ul><ul><li>Perform each step carefully and test to see if symptoms go away </li></ul></ul><ul><ul><li>If the corrective action has created another problem, the attempted solution is documented, the changes are removed. Then returns to gathering symptoms and isolating the problem. </li></ul></ul>
  40. 40. Layered Approach <ul><li>OSI model is useful in troubleshooting networks. The model allows troubleshooting to be described in a structured way. </li></ul><ul><li>The ability to identify which layers pertain to a networking device gives a troubleshooter the ability to minimize the complexity of a problem by dividing the problem into manageable parts. </li></ul><ul><li>For example, knowing that Layer 3 issues are of no importance to a switch, defines the boundaries of a task to layer 1 and layer 2. This simple knowledge can prevent the wasting of time troubleshooting irrelevant possibilities and will reduce the amount of time spent attempting to correct a problem. </li></ul>
  41. 41. Bottom-up <ul><li>When applying a bottom-up approach towards troubleshooting a networking problem, the examination starts with the physical components of the network and then is worked up through the layers of the OSI model until the cause of the problem is identified. </li></ul><ul><li>Advantages: most networking problems reside at the lower levels, so, this approach will often result in effective results. </li></ul><ul><li>Disadvantages: requires checking of every device and interface on the network until the possible cause of the problem is found. The challenge is to determine which devices to start with. </li></ul>
  42. 42. Top-down <ul><li>When applying a top-down approach towards troubleshooting a networking problem, the end user application is examined first. Then work down from the upper-layers of the OSI model until the cause of the problem has been identified. </li></ul><ul><li>This approach requires checking of every network application until the possible cause of the problem is found. The challenge is to determine which application to start with. </li></ul>
  43. 43. Divide and conquer <ul><li>When the divide and conquer approach is applied towards troubleshooting a networking problem, a layer is selected and tested in both directions from the starting layer. </li></ul><ul><li>This approach is initiated at a particular layer. The layer is based on troubleshooter experience level and the symptoms gathered about the problem </li></ul><ul><li>Once the direction of the problem is identified, troubleshooting follows that direction until the cause of the problem is identified. </li></ul><ul><li>If it can be verified that a layer is functioning, it is quite safe to assume that the layers below it are functioning as well. If a layer is not functioning properly, gather symptoms of the problem at that layer and work downward to lower layers. </li></ul>
  44. 44. Selecting an approach <ul><li>A troubleshooting approach is often selected based on its complexity. </li></ul><ul><li>A bottom-up approach typical works better for complex problems. </li></ul><ul><li>If symptoms come from users complaining about specific network application(s), a top-down approach may be preferred. </li></ul><ul><li>If symptoms come from the network (e.g. network monitor display, alarm/warning message from devices), a bottom-up approach will likely be more effective. </li></ul><ul><li>If a particular problem has been experienced previously, then the troubleshooter may know of a way to shorten the troubleshooting process. </li></ul>
  45. 45. Documentation <ul><li>An inventory of equipment and software, such as a list of MAC addresses and IP addresses. </li></ul><ul><li>Keep record of changes (a change log file), recording; </li></ul><ul><ul><li>Each significant change </li></ul></ul><ul><ul><li>Each problem identified </li></ul></ul><ul><ul><li>Each entry dated, with name of person who made the entry </li></ul></ul><ul><li>Types of documentation: </li></ul><ul><ul><li>Configuration information that describes the system, for example, sysreport used in Linux. </li></ul></ul><ul><ul><li>Procedural information that describes how to do things. Best, use tools (such as script) that automatically document what you have done. </li></ul></ul>
  46. 46. Monitoring and Logging <ul><li>Event logs are useful for troubleshooting and monitoring performance. </li></ul><ul><li>An event (an entry in the log file) may include details of date and time when it occurred, event ID, event category, etc. </li></ul><ul><ul><li>In Windows systems, event category includes application, security, system, etc. </li></ul></ul><ul><li>Performance monitor keeps track of various processes. It help identify bottlenecks. It help the planning of upgrades, tracking of processes, monitoring results of tuning/configuration, etc. </li></ul><ul><ul><li>Bottlenecks could be due to the system not having enough resources, or due to a malfunctioning program, or a program that dominates resource. </li></ul></ul><ul><li>Performance monitoring can be done locally or remotely. </li></ul><ul><li>When the value of a monitored object exceed the limit, an action is required: record the event in a log file, send a message, execute a script, etc. </li></ul>
  47. 47. Logging <ul><li>The syslog.conf file specifies rules for logging of system messages on Linux/Unix systems. </li></ul><ul><ul><li>Each rule consists of two fields: a selector and an action . </li></ul></ul><ul><li>The selector field consists of two parts, a facility and a priority . </li></ul><ul><li>The facility specifies the subsystem that produced the message. </li></ul><ul><li>Examples of facility: auth, authpriv, cron, daemon, kern, lpr, mail, news, syslog, user, uucp and local0 through local7 </li></ul><ul><li>The priority defines the severity of the message. </li></ul><ul><li>Examples of priority in ascending order: debug, info, notice, warning, err, crit, alert, emerg </li></ul><ul><li>Examples of action: write the message to a file on the localhost, or forward the message to another host, or write the message to users' screens if they are logged on </li></ul>
  48. 48. Logging Policies <ul><li>Data logged should be kept for a period rather than deleted immediately </li></ul><ul><li>Log files could be reset at periodic intervals. Data logged can be kept for a period by &quot;rotating&quot; log files. </li></ul><ul><ul><li>For examples, logfiles are kept for a week. Backup files are named as logfile.1, logfile.2, … logfile.6. Every day, the data in logfile.7 is lost as logfile.6 overwrites it. </li></ul></ul><ul><li>To store logged data for a longer period, compress and archive the logs to tape or other permanent media </li></ul>
  49. 49. Troubleshooting TCP/IP network <ul><li>Step 1. Check whether the local host is properly configured, is subnet mask, default gateway correct? Use the TCP/IP utilities such as ipconfig, netstat, route print, arp, etc. </li></ul><ul><li>Step 2. Use the ping or traceroute commands to check whether the default gateway (router) can respond. Then, ping outwards – i.e. ping hosts farther away. </li></ul><ul><li>Step 3. If not able to get through a particular node (router), check the configuration (show running-config) and use various show commands to determine the state (e.g. show ip route, show interface) </li></ul><ul><li>Step 4. If all the routers in the path are working, check the host configuration at the remote host. </li></ul>
  50. 50. Useful tools <ul><li>netstat — shows connections, services, routing </li></ul><ul><li>ifconfig — shows network interfaces (for Windows, use ipconfig) </li></ul><ul><li>ping - tests connectivity </li></ul><ul><li>traceroute – shows route/path information </li></ul><ul><li>route — shows, changes routing table </li></ul><ul><li>ip — shows, changes, set network configuration </li></ul><ul><li>arp — shows MAC addresses </li></ul><ul><li>ps — information about processes </li></ul><ul><ul><li>is the web server running ps aux | grep httpd </li></ul></ul><ul><li>top — shows processes that use the most resources (CPU time) </li></ul><ul><ul><li>for Windows, use the task manager </li></ul></ul>
  51. 51. netstat <ul><li>netstat can show statistics about network interfaces, including number of packet/bytes sent/received, etc. These values are cumulative (since interface was up) </li></ul><ul><li>netstat –tua shows all network connections, including those listening </li></ul><ul><li>netstat –tu shows only connections that are established </li></ul><ul><li>netstat –i is like ifconfig , shows info and stats about each interface </li></ul><ul><li>netstat –nr shows the routing table, like route –n </li></ul><ul><li>Linux and Windows provide netstat </li></ul>
  52. 52. ipconfig/ifconfig and route <ul><li>ipconfig (Windows), ifconfig (Linux) </li></ul><ul><ul><li>Check interface status: connected or disconnected </li></ul></ul><ul><ul><li>Check IP and subnet mask </li></ul></ul><ul><ul><li>Check default gateway, DNS settings </li></ul></ul><ul><li>Route </li></ul><ul><ul><li>Check route table in the computer – route print </li></ul></ul><ul><ul><li>Check route table in the router – show ip route. Help checking routing protocols. </li></ul></ul><ul><ul><li>Can modify route table by adding static routes and default route. </li></ul></ul>
  53. 53. Ping <ul><li>A useful tool for checking connectivity. Sends an ICMP echo_request message and waits for an ICMP echo_reply message. Shows round trip time. Can be used to make a rough measurement of throughput. </li></ul><ul><li>If a ping is not successful, the following error messages may help understand what is wrong. </li></ul><ul><li>Destination Network Unreachable – there is not a route to the destination in the route table of the local host or the router. This may happen if default gateway is not properly assigned to computer. For routers, this may be due to problems related to routing protocols or static/default routes. </li></ul><ul><li>Request Timeout – the echo_request message has been sent out by the local host, but there is no reply possibly due to connectivity problem or the remote host is not available. </li></ul>
  54. 54. Path Discovery: traceroute <ul><li>As the name suggest, traceroute (in Windows, tracert) provides the information about the route from the source to the destination. </li></ul><ul><li>Ping can test connectivity between two points, but it does not tell which path is taken by the ICMP packets. </li></ul><ul><li>Why bother to know which path is taken? For example, verify that a BGP router is sending traffic with the preferred route. </li></ul>
  55. 55. Rough measurement with ping <ul><li>Transmission delay – time to put signal onto the media. </li></ul><ul><li>Propagation delay – time for signal to travel across the media. </li></ul><ul><li>Queuing delay – time spent waiting for transmission in a router/switch. </li></ul><ul><li>Rough measurement with ping </li></ul><ul><ul><li>Ping with packet size = 100 bytes, round-trip time = 2Y sec </li></ul></ul><ul><ul><li>Ping with packet size = 1100 bytes, round-trip time = 2X sec </li></ul></ul><ul><ul><li>A rough estimation of data throughput is: 8000/(X-Y) bps </li></ul></ul><ul><li>Measurement with ping is simple, BUT it may not be accurate; for example, routers may give lower priority to answering pings </li></ul>
  56. 56. What is Packet Capture? <ul><li>Real time collection of data as it travels over networks. Works by putting network interface into promiscuous mode which will examine all packets that arrive, even those not addressed to it. A normal Ethernet interface will ignore packets not addressed to it. </li></ul><ul><li>See what client and server are actually communicating with each other. Can analyze type of traffic on network. </li></ul><ul><li>Tools called: packet sniffers, packet analysers, protocol analysers, network monitors. </li></ul><ul><li>Do not capture packet without permission! </li></ul><ul><ul><li>Do not invade the privacy of others. Permission should be obtained before capturing packets on the network. </li></ul></ul>
  57. 57. tcpdump <ul><li>Be careful not to invade privacy of others. Do not capture packet without permission! </li></ul><ul><li>Filter can be used to select addresses, protocols, port numbers,... </li></ul><ul><li>Show all network traffic to and from 192.168.0.1: </li></ul><ul><li>tcpdump host 192.168.0.1 </li></ul><ul><li>Show packets to 192.168.0.1: </li></ul><ul><li>tcpdump dst 192.168.0.1 </li></ul><ul><li>Show packets to port 68 on 192.168.0.1: </li></ul><ul><li>tcpdump dst 192.168.0.1 and port 68 </li></ul><ul><li>Capture traffic to or from 172.19.64.0/18: </li></ul><ul><li>tcpdump net 172.19.64.0/18 </li></ul><ul><li>Can specify network as source or destination: </li></ul><ul><li>tcpdump src net 205.153.60/24 </li></ul><ul><li>tcpdump dst net 172.19.64/18 </li></ul>
  58. 58. tcpdump - filter <ul><li>Can specify protocol: </li></ul><ul><li>tcpdump ip </li></ul><ul><li>tcpdump tcp </li></ul><ul><li>tcpdump ip proto ospf </li></ul><ul><li>This will catch DNS name lookups: </li></ul><ul><li>tcpdump udp port 53 </li></ul><ul><li>This will not work as you might expect: </li></ul><ul><li>tcpdump host ictlab and udp or arp </li></ul><ul><li>Instead, need group with parentheses, and quote: </li></ul><ul><li>tcpdump &quot;host ictlab and (udp or arp)&quot; </li></ul><ul><li>To see more ways of filtering, look at the manual: man tcpdump </li></ul>
  59. 59. Ethereal <ul><li>Ethereal can read data captured by tcpdump </li></ul><ul><li>Ethereal can capture data itself </li></ul><ul><li>Like tcpdump , various types of filters can be used with Ethereal. </li></ul><ul><li>Can expand any protocol. View details of protocols at different layers; data frames, IP packets, TCP/UDP segments, application protocols. </li></ul><ul><li>Can view the contents of TCP, in ASCII or in hexadecimal. </li></ul><ul><li>Can check if a communications stream is encrypted or not </li></ul><ul><li>Be careful not to invade privacy of others. Do not capture packet without permission. </li></ul>
  60. 60. Port Monitoring – switched network <ul><li>Don't do port monitoring without permission! </li></ul><ul><li>Port monitoring or port mirroring, selects network traffic for analysis. </li></ul><ul><li>To capture traffic sent by hosts connected to a hub, just attach a protocol analyzer (or a sniffer) to this hub. </li></ul><ul><li>On a switch, after the host MAC address is learned, unicast traffic to that host is only forwarded to the required port, and therefore, is not seen by the sniffer. </li></ul><ul><li>How do you use Ethereal or tcpdump to monitor traffic between a number of hosts? </li></ul><ul><ul><li>Solution: some switches support port monitoring , where a switch port can monitor the traffic of other ports </li></ul></ul><ul><ul><li>The port monitoring function copies unicast packets to the required destination port (monitor port). </li></ul></ul><ul><ul><li>However, not every switch supports port monitoring function. </li></ul></ul>
  61. 61. Port Monitoring – switched network <ul><li>Don't do port monitoring without permission! </li></ul><ul><li>Source Port: a port that is monitored. </li></ul><ul><li>Destination Port (or Monitor Port): a port that is monitoring source ports, usually where a network analyzer is connected. </li></ul><ul><li>Port Monitoring can be local or remote: </li></ul><ul><ul><li>Local port monitoring: the monitored ports and destination port are on the same switch. </li></ul></ul><ul><ul><li>Remote port monitoring: some source ports are not located on the same switch as the destination port. </li></ul></ul><ul><li>Port Monitoring can be port-based or VLAN-based </li></ul><ul><ul><li>Port-based monitoring: specifies one or several source ports on the switch and one destination port. </li></ul></ul><ul><ul><li>VLAN-Based monitoring: on a given switch, monitor all the ports belonging to a particular VLAN </li></ul></ul>
  62. 62. Port Scanning <ul><li>Do not port scan machines without permission! Port scanning can be interpreted as a cracking attempt </li></ul><ul><li>Port scanning: the techniques used to determine what ports of a host are listening for connections. Port scanning software sends out a request to connect to the target computer on each port sequentially and records which ports responded or seem open. </li></ul><ul><li>Port scanning tools such as Network Mapper ( nmap) can check what network services a computer is offering. A cracked computer may be hiding some services with trojaned utilities. </li></ul><ul><li>Network security applications can alert administrators if they detect connection requests across a broad range of ports from a single host. </li></ul><ul><li>To avoid being detected, intruder may </li></ul><ul><ul><li>limits the ports to a smaller target set rather than blanket scanning all 65536 ports </li></ul></ul><ul><ul><li>scan the ports over a much longer period of time. </li></ul></ul>

×