Sybex ICND2/CCNA R/S Chapter 17: IP Services Instructor & Todd Lammle Chapter 17 Objectives • The ICND2 Topics Covered in this chapter include: • IP Services – – – – – – – Recognize high availability (FHRP) VRRP HSRP GLBP Configure and verify Syslog Utilize Syslog Output Describe SNMP v2 & v3 • Troubleshooting – Utilize netflow data – Monitor NetFlow statistics 2 Default gateway If you’re wondering how you can possibly configure a client to send data off its local link when its default gateway router has gone down, you’ve targeted a key issue because the answer is that usually, you can’t! Proxy ARP If a Proxy ARP–enabled router receives an ARP request for an IP address that it knows isn’t on the same subnet as the requesting host, it will respond with an ARP reply packet to the host FHRPs use a virtual router with a virtual IP address and virtual MAC address. First hop redundancy protocols (FHRPs) work by giving you a way to configure more than one physical router to appear as if they were only a single logical one. HSRP HSRP is a Cisco proprietary protocol that can be run on most, but not all, of Cisco’s router and multilayer switch models. It defines a standby group, and each standby group that you define includes the following routers: Active router Standby router Virtual router Any other routers that maybe attached to the subnet HSRP active and standby routers The problem with HSRP is that with it, only one router is active and two or more routers just sit there in standby mode and won’t be used unless a failure occurs—not very cost effective or efficient! The standby group will always have at least two routers participating in it. The primary players in the group are the one active router and one standby router that communicate to each other using multicast Hello messages. HSRP Virtual MAC The HSRP MAC address has only one variable piece in it. The first 24 bits still identify the vendor who manufactured the device (the organizationally unique identifier, or OUI). The next 16 bits in the address tells us that the MAC address is a wellknown HSRP MAC Here is an example of what an HSRP MAC address would look like: 0000.0c07.ac0a The first 24 bits (0000.0c) are the vendor ID of the address; in the case of HSRP being a Cisco protocol, the ID is assigned to Cisco. The next 16 bits (07.ac) are the well-known HSRP ID. This part of the address was assigned by Cisco in the protocol, so it’s always easy to recognize that this address is for use with HSRP. The last 8 bits (0a) are the only variable bits and represent the HSRP group number that you assign. In this case, the group number is 10 and converted to hexadecimal when placed in the MAC address, where it becomes the 0a that you see. VRRP VRRP is an IEEE standard (RFC 2338) for router redundancy; HSRP is a Cisco proprietary protocol. The virtual router that represents a group of routers is known as a VRRP group. The active router is referred to as the master virtual router. The master virtual router may have the same IP address as the virtual router group. Multiple routers can function as backup routers. VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces as well as on Multi-protocol Label Switching (MPLS) virtual private networks (VPNs) and VLANs. GLBP Cisco designed a proprietary load-balancing protocol, Gateway Load Balancing Protocol (GLBP), to allow automatic selection and simultaneous use of multiple available gateways as well as permit automatic failover between those gateways. GLBP takes an active/active approach on a persubnet basis to support first-hop (default router) traffic when implemented with two routers on the same LAN. Multiple routers share the load of frames that, from a client perspective, are sent to a single default gateway address, as shown in the figure GLBP Functions GLBP essentially provides clients with the following: An active virtual gateway (AVG) An active virtual forwarder (AVF) It also allows members of the group to communicate with each other through Hello messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222. GLBP AVG Members of a GLBP group elect one gateway to be the AVG for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. The AVG assigns a different virtual MAC address to each member of the GLBP group. GLBP AVF Each gateway assumes responsibility for forwarding packets that are sent to the virtual MAC address assigned to that gateway by the AVG. These gateways are known as AVFs for their virtual MAC address. Syslog Reading system messages from a switch’s or router’s internal buffer is the most popular and efficient method of seeing what’s going on with your network at a particular time. But the best way is to log messages to a syslog server, which stores messages from you and can even time-stamp and sequence them for you, and it’s easy to set up and configure! Severity Levels Severity Level Explanation Emergency (severity 0) System is unusable. Alert (severity 1) Immediate action is needed. Critical (severity 2) Critical condition. Error (severity 3) Error condition. Warning (severity 4) Warning condition. Notification (severity 5) Normal but significant condition. Information (severity 6) Normal information message. Debugging (severity 7) Debugging message. Understand that only emergency-level messages will be displayed if you’ve configured severity level 0. But if, for example, you opt for level 4 instead, level 0 through 4 will be displayed, giving you emergency, alert, critical, error, and warning messages too. Show logging Notice that the default trap (message from device to NMS) level is informational (level6), but you can change this too. Router#sh logging Syslog logging: enabled (11 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) Console logging: level debugging, 29 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 1 messages logged, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled No active filter modules. Trap logging: level informational, 33 message lines logged Log Buffer (4096 bytes): *Jun 21 23:09:37.822: %SYS-5-CONFIG_I: Configured from console by console Router# SNMP SNMP is an Application layer protocol that provides a message format for agents on a variety of devices to communicate with network management stations (NMSs) The NMS periodically queries or polls the SNMP agent on a device to gather and analyze statistics via GET messages. End devices running SNMP agents would send an SNMP trap to the NMS if a problem occurs. SNMP versions SNMP has three versions, with version 1 being rarely, if ever implemented today. Here’s a summary of these three versions: SNMPv1 Supports plaintext authentication with community strings and uses only by UDP. SNMPv2c Supports plaintext authentication (using community strings) with MD5 or SHA with no encryption but provides GET BULK, which is a way to gather many types of information at once and minimize the number of GET requests. It offers a more detailed error message reporting method, but it’s not more secure than v1. It uses UDP even though it can be configured to use TCP. SNMPv3 Supports strong authentication with MD5 or SHA, providing confidentiality (encryption) and data integrity of messages via DES or DES-256 encryption between agents and managers. GET BULK is a supported feature of SNMPv3, and this version also uses TCP. NetFlow Cisco IOS NetFlow efficiently provides a key set of services for IP applications, including network traffic accounting for baselining, usage-based network billing for consumers of network services, network design and planning, general network security, and DoS and DDoS monitoring capabilities as well as general network monitoring. Service providers use NetFlow to do the following: Efficiently measuring who is using network service and for which purpose Accounting and charging back according to the resource utilizing level Using the measure information for more effective network planning so that resource allocation and deployment are well aligned with customer requirements Using the information to better structure and customize the set of available applications and services to meet user needs and customer service requirements NetFlow Uses Major users of the network, meaning top talkers, top listeners, top protocols, and so on Websites that are routinely visited, plus what’s been downloaded Who’s generating the most traffic and using excessive bandwidth Descriptions of bandwidth needs for an application as well as your available bandwidth Configuring NetFlow SF(config)#int fa0/0 SF(config-if)#ip flow ingress SF(config-if)#ip flow egress SF(config-if)#exit SF(config)#ip flow-export destination 172.16.20.254 9996 SF(config)#ip flow-export version ? 1 5 9 SF(config)#ip flow-export version 9 SF(config)#ip flow-export source loopback 0 Show ip cache flow SF#sh ip cache flow IP packet size distribution (161 total packets): [output cut] IP Flow Switching Cache, 278544 bytes 1 active, 4095 inactive, 1 added 215 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 seconds IP Sub Flow Cache, 21640 bytes 1 active, 1023 inactive, 1 added, 1 added to flow 0 alloc failures, 0 force free 1 chunk, 1 chunk added last clearing of statistics never Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec) -------Flows /Sec /Flow /Pkt /Sec /Flow /Flow TCP-Telnet 14 0.0 19 58 0.1 6.5 11.7 TCP-WWW 8 0.0 9 108 0.1 2.5 1.7 SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts Fa0/0 172.16.10.1 gig0/1 255.255.255.255 11 0044 0050 1161 Written Labs and Review Questions – Read through the Exam Essentials section together in class – Open your books and go through all the written labs and the review questions. – Review the answers in class. 22