<html lang="en">

<head>

<meta charset="utf-8">

<title>Advanced Networking - Module 4 Chapter 9 - Troubleshooting the Network</title>

<meta name="description" content="Abilitante alle certificazioni Cisco CCENT e CCNA">

<meta name="author" content="Hacklab Cosenza">

<meta name="apple-mobile-web-app-capable" content="yes">

<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">

<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">

<link rel="stylesheet" href="css/reveal.css">

<link rel="stylesheet" href="css/theme/black.css" id="theme">

<!-- Code syntax highlighting -->

<link rel="stylesheet" href="lib/css/zenburn.css">

<!-- Printing and PDF exports -->

<script>

var link = document.createElement( 'link' );

var link = document.createElement( 'link' );

link.rel = 'stylesheet';

link.type = 'text/css';

link.href = window.location.search.match( /print-pdf/gi ) ? 'css/print/pdf.css' : 'css/print/paper.css';

document.getElementsByTagName( 'head' )[0].appendChild( link );

</script>

<!--[if lt IE 9]>

</head>

<body>

<div class="reveal">

<!-- Any section element inside of this container is displayed as a slide -->

<div class="slides">

<section>

<h1>Advanced Networking</h1>

<h2>Routing &amp; Switching:<h2>

<h2>Connecting Networks</h2>

<h3>Chapter 9:</h3>

<h3>Troubleshooting the Network</h3>

<p>

<small><a href="http://hlcs.it">Hacklab Cosenza</a> / Centro di Ricerca su Tecnologia e Innovazione</small>

</p>

</section>

<section>

<section>

<h2>Documentation</h2>

<h3>Network Configuration Files</h3>

<ul>

<li>As records of informations on network HW and SW, best expressed in <u>tabular form</u>:</li>

<ul>

<li>Type of device</li>

<li>IOS image name</li>

<li>Device network hostname</li>

<li>Location of the device (building, floor, room, rack, panel)</li>

<li>If it is a modular device</li>

<li>Data link + Network layer addresses</li>

<li>Any additional important "notes" about the device</li>

</ul>

</ul>

</section>

<section>

<h2>Documentation</h2>

<h3>End-System Configuration Files</h3>

<ul>

<li>A record of information on HW and SW used in end-system device as servers, network management consoles, and user workstations</li>

<ul>

<li>Device name</li>

<li>Operating system and version</li>

<li>IPv4 and IPv6 addresses</li>

<li>Subnet mask and prefix length</li>

<li>Default gateway, DNS server, and WINS server addresses</li>

<li>Any high-bandwidth network applications that the end system runs</li>

</ul>

</ul>

</section>

</section>

<section>

<section>

<h2>Network Topology Diagrams</h2>

<p>A <strong>physical</strong> diagram that focuses on how the devices are physically connected:</p>

<ul>

<li>Device type, Model and manufacturer, OS version, Cable type and identifier, Cable specification, Connector type, Cabling endpoints.</li>

</ul>

<p>A <strong>logical</strong> diagram revealing how datas are moved when communicating:</p>

<ul>

<li>Device identifiers, IP address and prefix lengths, Interface identifiers, Connection type, DLCI for virtual circuits, Site-to-site VPNs, Routing protocols, Static routes, Data-link protocols, WAN technologies used.</li>

</ul>

</section>

<section>

<h2>Topology Example: Physical</h2>

<img src="https://i.imgur.com/8jDro0C.png" style="width: 750px;">

</section>

<section>

<h2>Topology Example: Logical</h2>

<img src="https://i.imgur.com/nQWXTJ3.png" style="width: 750px;">

</section>

</section>

<section>

<section>

<h2>Network Baselines</h2>

<p>Before putting a network into operativity, normal parameters and performance levels must be established. This is the <strong><em>baseline</em></strong>, the "optimum" level of the network.</p>

<p>The network is then compared to the baseline while operational to discover and throubleshoot issues.</p>

</section>

<section>

<h2>Network Baselines</h2>

<p>The measuring process of the first baseline can be performed using this step:</p>

<ol>

<li><strong>Determine what types of data to collect</strong>. - Too many variables, or the wrong ones, can spoil the baseline.</li>

<li><strong>Identify devices and ports of interest</strong> - The devices and ports for which performance data are the most telling about the network.</li>

<li><strong>Determine the baseline duration</strong> - You need to capture the typical operativity of the network, daily trends and traffic patterns.</li>

</ol>

</section>

</section>

<section>

<h2>Commands to collect data</h2>

<ul>

<li><code>show version</code></li>

<li><code>show ip interface [brief]</code></li>

<li><code>show ipv6 inteface [brief]</code></li>

<li><code>show intefaces [interface_type interface_num]</code></li>

<li><code>show ip route</code></li>

<li><code>show ipv6 route</code></li>

<li><code>show arp</code></li>

<li><code>show ipv6 neighbors</code></li>

<li><code>show running-config</code></li>

<li><code>show vlan</code></li>

<li><code>show tech-support</code></li>

</ul>

</section>

<section>

<section>

<h2>Troubleshooting Process</h2>

<img src="https://i.imgur.com/MtdpFlZ.png">

</section>

<section>

<h2>Gathering Symptoms</h2>

<img src="https://i.imgur.com/KhEIrFr.png">

</section>

</section>

<section>

<h2>Questioning End Users</h2>

<small>

<table>

<tr>

<td><strong>Guidelines</strong></td>

<td><strong>Example End-User Questions</strong></td>

</tr>

<tr>

<td>Determine the sequence of events that took place before the problem happened</td>

<td><em>When exactly does the problem occur?</em></td>

</tr>

<tr>

<td>Ask the user when the problem was first noticed</td>

<td><em>When was the problme first noticed?</em></td>

</tr>

<tr>

<td>Ask questions that are pertinent the problem</td>

<td><em>What does not work?</em></td>

</tr>

<tr>

<td>Use each question as a means to either eliminate or discover possible problems.</td>

<td><em>Are the things that do work and the things that do not work reated?</em></td>

</tr>

<tr>

<td>Ask the user to recreate the problem, if possible.</td>

<td><em>Can you reproduce the problem?</em></td>

</tr>

<tr>

<td>Speak at a technical level the user can understand</td>

<td><em>Did the things that does not work ever work?</em></td>

</tr>

<tr>

<td>Did anything unusual happen since the last time it worked?</td>

<td><em>What has changed since the last time it did work?</em></td>

</tr>

</table>

</small>

</section>

<section>

<h2>Using Layered Model for Troubleshooting</h2>

<img src="https://i.imgur.com/a0omhOa.gif">

</section>

<section>

<section>

<h2>Troubleshooting Methods</h2>

<ul>

<li><strong>Bottom-up</strong></li>

<ul>

<li>Start troubleshooting process by physical layer to application layer.</li>

<li>Works well if suspected physical problem, not so great if problem is too up in the iso-osi model.</li>

</ul>

<li><strong>Top-down</strong></li>

<ul>

<li>Start troubleshooting process by Application layer to application layer.</li>

<li>Work well for simple application problems, at a disadvantage if there's a physical problem.</li>

</ul>

<li><strong>Divide-and-conquer</strong></li>

<li><strong>Net administrator knowledge</strong></li>

</ul>

</section>

<section>

<h2>Selecting a Troubleshooting Method</h2>

<img src="https://i.imgur.com/v8OYrER.png">

</section>

</section>

<section>

<h2>Troubleshooting Tools</h2>

<ul>

<li>Software</li>

<ul>

<li>Network Management System Tools (solarwind, Spiceworks, Nagios, etc.)</li>

<li>Knowledge Bases</li>

<li>Host-Based Protocol Analyzers (e.g. Wireshark)</li>

<li>Cisco IOS Embedded Packet Capture</li>

</ul>

<li>Hardware</li>

<ul>

<li>Network Analysis Module</li>

<li>Digital Multimeters</li>

<li>Cable Testers</li>

<li>Cable Analyzers</li>

<li>Portable Network Analyzers</li>

</ul>

</ul>

</section>

<section>

<section>

<h2>Syslog Server</h2>

<p>syslog is a widely used standard for message logging. It permits separation of messages generation, the system storing them, and the reporting and analysis softwares.</p>

<p>A wide variety of devices and OS implements the syslog standard. Because of this, system designers can use syslog to integrate log data from different types of systems in a central repository.</p>

<p>Messages can be sent on: console, terminal line, buffered logging...</p>

<pre><code>R1(config)# logging host ***.***.***.***

R1(config)# logging trap notifications

R1(config)# logging on</code></pre>

</section>

<section>

<h2>Syslog Levels</h2>

<img src="https://i.imgur.com/IO0eu57.png">

</section>

</section>

<section>

<h2>Physical Layer Troubleshooting</h2>

<p>Common Symptoms:</p>

<ul>

<li>Performance lower than baseline</li>

<li>Loss of connectivity</li>

<li>Network bottlenecks or congestion</li>

<li>High CPU utilization rates</li>

<li>Console error messages</li>

</ul>

<p>Common Causes:</p>

<ul>

<li>Power-related</li>

<li>Hardware faults</li>

<li>Cabling faults</li>

<li>Attenuation and/or noise</li>

<li>Interface configuration errors</li>

<li>Exceeding design limits</li>

<li>CPU overload</li>

</ul>

</section>

<section>

<h2>Data Link Layer Troubleshooting</h2>

<p>Common Symptoms:</p>

<ul>

<li>No functionality at the network layer or above</li>

<li>Network is operating below baseline performance levels</li>

<li>Excessive broadcasts</li>

<li>Console messages</li>

</ul>

<p>Common Causes:</p>

<ul>

<li>Encapsulation errors</li>

<li>Address mapping errors</li>

<li>Framing errors</li>

<li>STP failures or loops</li>

</ul>

</section>

<section>

<h2>Network Layer Troubleshooting</h2>

<p>Common Symptoms:</p>

<ul>

<li>Network failure</li>

<li>Suboptimal performance</li>

</ul>

<p>Common Causes:</p>

<ul>

<li>General network issues</li>

<li>Connectivity issues</li>

<li>Neighbor issues</li>

<li>Topology database</li>

<li>Routing table</li>

</ul>

</section>

<section>

<h2>Transport Layer Troubleshooting</h2>

<p>Common Symptoms: Connectivity/Access issues.</p>

<p>Common Causes:</p>

<ul>

<li>Selection of traffic flow</li>

<li>Order of access control entries</li>

<li>Implicit deny all</li>

<li>IPv4 addresses and wildmasks, src and dst ports</li>

<li>Selection of transport layer protocol</li>

<li>Use of the established keyword</li>

<li>Uncommon protocols; BOOTP and DHCP; DNS and WINS</li>

<li>Tunneling and encryption protocols</li>

</ul>

</section>

<section>

<h2>Application Layer Troubleshooting</h2>

<p>Applications layer issues depend by the application used by end-user. Problems in application layer can also be understood with other layer problems.</p>

<p>Application problem can occur when other layers don’t work.</p>

<p>Some common Application layer protocols are SSH/Telnet, HTTP, FTP, TFTP, SMTP, POP, Simple Network Management Protocol (SNMP), DNS, Network File System (NFS)</p>

</section>

<section>

<h1>End of Lesson</h1>

</section>

</div>

</div>

<script src="lib/js/head.min.js"></script>

<script src="js/reveal.js"></script>

<script>

// More info https://github.com/hakimel/reveal.js#configuration

Reveal.initialize({

controls: true,

progress: true,

history: true,

center: true,

transition: 'slide', // none/fade/slide/convex/concave/zoom

// More info https://github.com/hakimel/reveal.js#dependencies

dependencies: [

{ src: 'lib/js/classList.js', condition: function() { return !document.body.classList; } },

{ src: 'plugin/markdown/marked.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },

{ src: 'plugin/markdown/markdown.js', condition: function() { return !!document.querySelector( '[data-markdown]' ); } },

{ src: 'plugin/highlight/highlight.js', async: true, callback: function() { hljs.initHighlightingOnLoad(); } },

{ src: 'plugin/zoom-js/zoom.js', async: true },

{ src: 'plugin/notes/notes.js', async: true }

]

});

</script>

</body>