Download - ISP Essentials 1 General Rev4
-
133021300_05_2000_c2 2001, Cisco Systems, Inc. 11300_05_2000_c2 2000, Cisco Systems, Inc.
-
2I33021300_05_2000_c2 2000, Cisco Systems, Inc.
ISP Essentials ISP Essentials Best Practice Best Practice
Cisco IOS Techniques Cisco IOS Techniques to Scale the Internetto Scale the Internet
Session XXXXVersion 4
Session XXXXVersion 4
-
333021300_05_2000_c2 2001, Cisco Systems, Inc.
Who Should Attend?Who Should Attend?Who Should Attend?
Engineers from Existing ISPs, ASPs, Telcos, and other Internet based service providers.
Consultants/CCIEs working with Internet based service providers.
Anyone else interested in the gory IOS details.
-
433021300_05_2000_c2 2001, Cisco Systems, Inc.
PrerequisitesPrerequisitesPrerequisites
This is not for people brand new to networking and IOS
Know a bit about IOS.
Know a bit about OSPF and BGP
Know a bit about TCP/IP
-
533021300_05_2000_c2 2001, Cisco Systems, Inc.
Agenda for the DayAgenda for the DayAgenda for the Day
General Features
ISP Security
Routing Configuration Guidelines and Updates
Operations Essentials
-
633021300_05_2000_c2 2001, Cisco Systems, Inc.
Changes from Last YearChanges from Last YearChanges from Last Year
Fundamentals and Essentials do not change much.
The objective of this Power Session is to get ISPs to consider and turn features on that will make their life easier.
This Power Session is given through out the year as a stand alone ISP Seminar. It is part of the ISP Workshop program:
http://www.cisco.com/public/cons/
-
733021300_05_2000_c2 2001, Cisco Systems, Inc.
Changes from Last YearChanges from Last YearChanges from Last Year
Updates/Changes since last year: New updates, features, and clarifications
added.
ISP Architecture Essentials Section pulled into a separate session RST-211.
BGP Updates pulled into the BGP Power Session (PS-545) and the BGP sessions during the week.
Operations Essentials Section added so people building/running NOCs understand some of the essentials of what a ISPs Operations Team should be doing.
-
8I33021300_05_2000_c2 2000, Cisco Systems, Inc.
General IOS FeaturesGeneral IOS FeaturesGeneral IOS Features
-
9I33021300_05_2000_c2 2000, Cisco Systems, Inc.
Which IOS Version?Which IOS Version?Which IOS Version?
9Presentation_ID 1999, Cisco Systems, Inc. www.cisco.com
-
1033021300_05_2000_c2 2001, Cisco Systems, Inc.
Cisco IOS RoadmapCisco IOS RoadmapCisco IOS Roadmap
http://www.cisco.com/warp/public/620/roadmap.shtml
-
1133021300_05_2000_c2 2001, Cisco Systems, Inc.
Cisco IOS RoadmapCisco IOS RoadmapCisco IOS Roadmap
http://www.cisco.com/warp/public/620/roadmap.shtml
-
1233021300_05_2000_c2 2001, Cisco Systems, Inc.
12.0 (Mainline)
12.0S (SP)(New features and Platforms)
11.3T
11.2GS
(Controlled Release)12.0ST (T for Tag integration branch)
11.3AA
11.1CC
MPLS//VPN/FRR/LDP...
12.0S and its Children12.0S and its Children12.0S and its Children
Near Future: 12.0S Hardware
Additions Only
12.0ST New Software Features
Both will run through the same internal testing.
(12.0SL Cisco 10000)
12.0SC (uBR)
-
1333021300_05_2000_c2 2001, Cisco Systems, Inc.
12.0S
12.0ST
All Bug Fixes in 12.0S get synced to 12.0ST New feature (eg. line cards) in 12.0S syncs to 12.0ST The feature must be regression and dev tested in 12.0ST The feature is FCSd in 12.0ST the next release cycle
12.0(15)S4xOC48
12.0(15)ST 4xOC48
Sync from S to ST software train
4xOC48 Line card (feature) example
12.0(16)ST
TESTING
Parent Child Relationship 12.0S and 12.0ST ExampleParent Child Relationship Parent Child Relationship 12.0S and 12.0ST Example12.0S and 12.0ST Example
-
1433021300_05_2000_c2 2001, Cisco Systems, Inc.
Which IOS version?Which IOS version?Which IOS version?
PlatformsGSR, 7500 series, 7200 series
Recommended release is 12.0S trainCurrent version is 12.0(16)S (as of May 2001)
Available on CCO
Has all of latest ISP supported features
-
1533021300_05_2000_c2 2001, Cisco Systems, Inc.
Which IOS version?Which IOS version?Which IOS version?
Platforms OSR 7600
Recommended release is 12.1E train today and 12.2S in the future. Current version is 12.1(7)E (as of May 2001)
Available on CCO
Working with customers to have all the necessary features needed by ISP.
Processes updated to ISP Expectations (work in progress)
-
1633021300_05_2000_c2 2001, Cisco Systems, Inc.
Which IOS version?Which IOS version?Which IOS version?
Platforms
10000
Recommended release is 12.0SL train today and 12.0ST in the near future
Current version is 12.0(15)SL (as of May 2001)
Available on CCO
Child of 12.0S with some platform specific features.
-
1733021300_05_2000_c2 2001, Cisco Systems, Inc.
Which IOS version?Which IOS version?Which IOS version?
Platforms
4x00, 3600, 2600 and 2500 series
Recommended release is the 12.0 mainline train
Current version is 12.0(16)
Has many of the features found in 11.1CC, 11.2P and 11.3T
Available on CCO
-
1833021300_05_2000_c2 2001, Cisco Systems, Inc.
IOS Road MapIOS Road MapIOS Road Map
Future Direction
12.1E (OSR, 12.1E (OSR, CAt6K, 7X00)CAt6K, 7X00)
12.0S (12XXX, 12.0S (12XXX, 7500, 7200)7500, 7200)
12.2S (12XXX, 12.2S (12XXX, 10XXX, & 7XXX)10XXX, & 7XXX)
12.0ST (GSR, 12.0ST (GSR, 7500, 7200, 10K)7500, 7200, 10K)
It will be approx one year from the launch of 12.2S before ISPs start
considering a move.
12.1E is transitioning to support similar to 12.0S
-
1933021300_05_2000_c2 2001, Cisco Systems, Inc.
Cisco IOS Feature NavigatorCisco IOS Feature NavigatorCisco IOS Feature Navigator
http://www.cisco.com/go/fn/
-
20I33021300_05_2000_c2 2000, Cisco Systems, Inc.
IOS Software and Router Management
IOS Software and IOS Software and Router ManagementRouter Management
20Presentation_ID 1999, Cisco Systems, Inc. www.cisco.com
-
2133021300_05_2000_c2 2001, Cisco Systems, Inc.
IOS Software ManagementFlash Memory
IOS Software ManagementIOS Software ManagementFlash MemoryFlash Memory
Good practice is to have at least two distinct flash memory volumes allows backup image(s)
back out path in case of upgrade problems
Partition the built-in flash partition flash 2 8 8
Install a PCMCIA flash card in external slot(s) - 20Meg flash cards are worth it.
-
2233021300_05_2000_c2 2001, Cisco Systems, Inc.
IOS Software ManagementFlash Memory
IOS Software ManagementIOS Software ManagementFlash MemoryFlash Memory
Ensure that there is a configured backup to selected IOS image backup image is previous good image
boot system flash slot0:rsp-pv-mz.120-10.S
boot system flash slot1:rsp-pv-mz.111-32.CC
boot system flash
which means boot quoted image from slot0:. If it isnt there, boot the quoted image in slot1:. If that isnt there, try the first image available in flash
-
2333021300_05_2000_c2 2001, Cisco Systems, Inc.
IOS Software ManagementSystem Memory
IOS Software ManagementIOS Software ManagementSystem MemorySystem Memory
Good practice is to maximise router memory allows for the rapidly growing Internet
128Mbytes needed for full Internet routing table will (just) work with 64Mbytes, but BGP
inefficient
Recognised that equipment works best when left alone
-
2433021300_05_2000_c2 2001, Cisco Systems, Inc.
IOS Software ManagementWhen to Upgrade
IOS Software ManagementIOS Software ManagementWhen to UpgradeWhen to Upgrade
Upgrades needed when: bug fixes released
new hardware support
new software features required
Otherwise:
If it isnt broken, dont fix it!
-
2533021300_05_2000_c2 2001, Cisco Systems, Inc.
Digression - LoopbackInterface
Digression Digression -- LoopbackLoopbackInterfaceInterface
Most ISPs make use of the router loopback interface.
IP address configured is a host address
Configuration example:
interface loopback 0
description Loopback Interface of CORE-GW3
ip address 215.18.3.34 255.255.255.255
-
2633021300_05_2000_c2 2001, Cisco Systems, Inc.
Digression - LoopbackInterface
Digression Digression -- LoopbackLoopbackInterfaceInterface
Loopback interfaces on ISP backbone usually numbered: out of one contiguous block, or
using a geographical scheme, or
using a per PoP scheme
Aim is to increase stability, aid administration, and improve security
-
2733021300_05_2000_c2 2001, Cisco Systems, Inc.
TFTPTFTP
NOC ServicesBackboneBackbone
Topology changes do not effect the source IP address of the packets
coming from the Router.
Topology changes do not effect the source IP address of the packets
coming from the Router.
Digression - LoopbackInterface
Digression Digression -- LoopbackLoopbackInterfaceInterface
SYSLOGSYSLOG
TACACS+TACACS+SNMPSNMP
Router w/LoopbackExporting
Information
TCP Wrapper
TCP Wrapper
ACLs
-
2833021300_05_2000_c2 2001, Cisco Systems, Inc.
Digression - LoopbackInterface
Digression Digression -- LoopbackLoopbackInterfaceInterface
Loopback interface is not redundant or superfluous
Multitude of uses to ease security, access, management, information and scalability of router and network
Protects the ISPs Management Systems
Use the loopback!
-
2933021300_05_2000_c2 2001, Cisco Systems, Inc.
Configuration ManagementConfiguration ManagementConfiguration Management
Backup NVRAM configuration off the router: write configuration to TFTP server
TFTP server files kept under revision control
router configuration built from master database
Allows rapid recovery in case of emergency
-
3033021300_05_2000_c2 2001, Cisco Systems, Inc.
Secure the TFTP Server TFTP Loopback 0 on
Router
Firewall/ACL
Wrapper on TFTP Server which only allows the routers loopback address
Configuration ManagementConfiguration ManagementConfiguration Management
TFTPserver
TFTP Source
Loopback 0
Firewall or ACL
TCP Wrapper or other toolip tftp source-interface Loopback0ip tftp source-interface Loopback0
-
3133021300_05_2000_c2 2001, Cisco Systems, Inc.
FTP Client SupportFTP Client SupportFTP Client Support
TFTP has its security limitations.
FTP Client support is added in 12.0. This allows for FTP upload/downloads.
Remember to use the same security/redundancy options with loopback 0: ip ftp source-interface loopback 0
-
3233021300_05_2000_c2 2001, Cisco Systems, Inc.
FTP Client SupportFTP Client SupportFTP Client Support
7206-AboveNet-SJ2#copy ftp://bgreene:[email protected] slot0:
Source filename []? /cisco/ios/12.0/12.0.9S/7200/c7200-k3p-mz.120-9.S.bin
Destination filename [c7200-k3p-mz.120-9.S.bin]?
Accessing ftp://bgreene:[email protected] //cisco/ios/12.0/12.0.9S/7200/c7200-k3p-mz.120-9.S.bin...Translating "ftp.cisco.com"...domain server (207.126.96.162) [OK]
Loading /cisco/ios/12.0/12.0.9S/7200/c7200-k3p-mz.120-9.S.bin
-
3333021300_05_2000_c2 2001, Cisco Systems, Inc.
Larger ConfigurationsLarger ConfigurationsLarger Configurations
Compress Configuration Used when configuration required is larger
than configuration memory (NVRAM) available.
service compress-config
FLASH or remote server Used when NVRAM compression is not
enough
-
3433021300_05_2000_c2 2001, Cisco Systems, Inc.
Use Detailed LoggingUse Detailed LoggingUse Detailed Logging
Off load logging information to a logging server.
Use the full detailed logging features to keep exact details of the activities.
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezonelogging buffered 16384
logging trap debugging
logging facility local7logging 169.223.32.1
logging source-interface loopback0
no logging console ! Optional - keeps the console port free
-
3533021300_05_2000_c2 2001, Cisco Systems, Inc.
Use Detailed LoggingUse Detailed Logging
unix% tail cisco.logFeb 17 21:48:26 [10.1.1.101.9.132] 31: *Mar 2 11:51:55 CST:
%SYS-5-CONFIG_I: Configured from console by vty0 (10.1.1.2)unix% date
Tue Feb 17 21:49:53 CST 1998unix%
Two Topologies used:
Central Syslog Servers in Operations Center
Syslog Servers in Major POPs
-
3633021300_05_2000_c2 2001, Cisco Systems, Inc.
Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol
If you want to cross compare logs, you need to synchronize the time on all the devices.
Use NTP From external time source
Upstream ISP, Internet, GPS, atomic clock
From internal time source
Router can act as stratum 1 time source
-
3733021300_05_2000_c2 2001, Cisco Systems, Inc.
Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol
Set timezoneclock timezone [+/-hours [mins]]
Router as sourcentp master 1
External time source (master)ntp server a.b.c.d
External time source (equivalent)ntp peer e.f.g.h
-
3833021300_05_2000_c2 2001, Cisco Systems, Inc.
Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol
Example Configuration:clock timezone SST 8ntp update-calendarntp source loopback0ntp server ntp peer
ntp peer
-
3933021300_05_2000_c2 2001, Cisco Systems, Inc.
Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol
Network Time Protocol (NTP) used to synchronize the time on all the devices.
NTP packets leave router with loopback address as source
Configuration example:
ntp source loopback0ntp server 169.223.1.1 source loopback 1
-
4033021300_05_2000_c2 2001, Cisco Systems, Inc.
Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol
Motivation - NTP Security:
NTP systems can be protected by filters which only allow the NTP port to be accessed from the loopback address block
Motivation - Easy to understand NTP peerings:
NTP associations have the loopbackaddress recorded as source address, not the egress interface.
-
4133021300_05_2000_c2 2001, Cisco Systems, Inc.
Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol
Core BackboneRouters
POPInterconnect
Medium
NeighboringPOP
NeighboringPOP
DedicatedAccess Dial-up
POP Services&
Applications
Core 1 Core 2
SW 1 SW 2
Access 1 Access 2 NAS 1 NAS 2
AAAServer w/Radius
NetFlowCollector
andSyslogServer
CacheEngineCluster
NTP "Backbone" - Stratum 2
NTP in the POP - Stratum 3
NTPServers for
the POP
NTPServers for
the POP
NTP "Source" - Stratum 1Atomic or GPS Based
Customer's NTPStratum 4
Customer's NTPStratum 4
Dial-up SNTPStratum 4
-
4233021300_05_2000_c2 2001, Cisco Systems, Inc.
Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol
Where to get NTP Reference Sources? http://www.eecis.udel.edu/~ntp/hardware.html
Attaching a Telecom Solutions GPS Clock to the Routers AUX port:
Excalabur(config)#line aux 0
Excalabur(config-line)#ntp refclock telecom-solutions pps ?
cts PPS on CTS
none No PPS signal available
ri PPS on RI
-
4333021300_05_2000_c2 2001, Cisco Systems, Inc.
SNMPv1SNMPv1SNMPv1
Remove any SNMP commands if SNMP is not going to be used!
If SNMP is going to be used: access-list 98 permit 169.223.1.1 access-list 98 deny any snmp-server community 5nmc02m RO 98 snmp-server trap-source Loopback0 snmp-server trap-authentication snmp-server host 169.223.1.1 5nmc02m
-
4433021300_05_2000_c2 2001, Cisco Systems, Inc.
SNMPv1SNMPv1SNMPv1
Recommend that all ISPs aggressively and consistently metric their network.
Despite SNMPv2 and SNMPv3, most ISPs are still using SNMPv1 (personal observation)
SNMPv3 supported since 12.0(6)S.
-
4533021300_05_2000_c2 2001, Cisco Systems, Inc.
HTTP ServerHTTP ServerHTTP Server
HTTP Server in IOS from 11.1CC and 12.0S router configuration via web interface
Disable if not going to be used (disabled by default):no ip http server
Configure securely if going to be used:ip http serverip http port 8765ip http authentication aaa
ip http access-class
-
4633021300_05_2000_c2 2001, Cisco Systems, Inc.
Core DumpsCore DumpsCore Dumps
Cisco routers have a core dump feature that will allow ISPs to transfer a copy of the core dump to a specific FTP server.
Set up a FTP account on the server the router will send the core dump to.
The server should NOT be a public server Use filters and secure accounts
Locate in NOC with NOC Staff access only
Enough Disk Space to handle the dumps
-
4733021300_05_2000_c2 2001, Cisco Systems, Inc.
Core DumpsCore DumpsCore Dumps
Example configuration:ip ftp username cisco
ip ftp password 7 045802150C2E
ip ftp source-interface loopback 0
exception protocol ftp
exception dump 169.223.32.1
-
48I33021300_05_2000_c2 2000, Cisco Systems, Inc.
General FeaturesGeneral FeaturesGeneral Features
48ISP/IXP Workshops 1999, Cisco Systems, Inc. www.cisco.com
-
4933021300_05_2000_c2 2001, Cisco Systems, Inc.
Command Line Interface Features
Command Line Interface Command Line Interface FeaturesFeatures
Some Convenient Editing Keys TAB command completion
arrow keys scroll history buffer
ctrl A beginning of line
ctrl E end of line
ctrl K delete all chars to end of line
ctrl X delete all chars to beginning of line
ctrl W delete word to left of cursor
esc B back one word
esc F forward one word
-
5033021300_05_2000_c2 2001, Cisco Systems, Inc.
Command Line Interface Features
Command Line Interface Command Line Interface FeaturesFeatures
CLI now has string searches show configuration | [begin|include|exclude]
Pager --more-- now has string searches /, -, +
More command has string searches more | [begin|include|exclude]
-
5133021300_05_2000_c2 2001, Cisco Systems, Inc.
Command Line Interface Features
Command Line Interface Command Line Interface FeaturesFeatures
Example:Defiant#show running-config | begin router bgp
router bgp 200
no synchronization
neighbor 4.1.2.1 remote-as 300
neighbor 4.1.2.1 description Link to Excalabur
neighbor 4.1.2.1 send-community
neighbor 4.1.2.1 version 4
neighbor 4.1.2.1 soft-reconfiguration inbound
neighbor 4.1.2.1 route-map Community1 out
maximum-paths 2
--More--
-
5233021300_05_2000_c2 2001, Cisco Systems, Inc.
Interface ConfigurationInterface ConfigurationInterface Configuration
ip unnumbered no need for an IP address on point-to-point links
keeps IGP small
description customer name, circuit id, cable number, etc
on-line documentation!
bandwidth used by IGP
documentation!
-
5333021300_05_2000_c2 2001, Cisco Systems, Inc.
Interface Configuration -Example
Interface Configuration Interface Configuration --ExampleExample
ISP router!
interface loopback 0
description Loopback interface on GW2 Router
ip address 215.17.3.1 255.255.255.255
!
interface Serial 5/0
description 128K HDLC link to Galaxy Publications Ltd [galpub1] WT50314E R5-0
bandwidth 128
ip unnumbered loopback 0
!
ip route 215.34.10.0 255.255.252.0 Serial 5/0
Customer router!
interface Ethernet 0
description Galaxy Publications LAN
ip address 215.34.10.1 255.255.252.0
!
interface Serial 0
description 128K HDLC link to Galaxy Internet Inc WT50314E C0
bandwidth 128
ip unnumbered ethernet 0
!
ip route 0.0.0.0 0.0.0.0 Serial 0
-
5433021300_05_2000_c2 2001, Cisco Systems, Inc.
Traffic DrivenTraffic Driven Stable traffic patterns Performance fluctuations Demand caching
Topology DrivenTopology Driven Dynamic environment Predictable, scaleable, performance Full topology forwarding
Deployed at Backbone Peripheryfor Network Services:
Traffic AccountingTraffic Accounting
QoSQoS PolicyPolicy
SecuritySecurity
NetFlowNetFlow ServicesServices
Deployed at Network Core for:PerformancePerformance
ScalabilityScalability
Quality of ServiceQuality of Service
Cisco Express ForwardingCisco Express Forwarding
Cisco Express Forwarding (CEF)
Cisco Express Forwarding Cisco Express Forwarding (CEF)(CEF)
Rationalechanging Internet traffic/topology dynamics required optimized L3 switching paradigm for IP:
-
5533021300_05_2000_c2 2001, Cisco Systems, Inc.
What Is CEF?What Is CEF?What Is CEF?
CEF: Cisco Express Forwarding Better known as FIB
Designed to be simple, fastest forwarding path for IPv4 packets, for use in core internet routers, that is resilient to network flaps
Necessary move from demand cashe based forwarding otherwise high bandwidth/PPS speed would not be achieved.
CEF has had a lot a teething issues along the way. Yet, other companies are moving down the same path.
-
5633021300_05_2000_c2 2001, Cisco Systems, Inc.
What Is CEF?What Is CEF?What Is CEF?
This is a simple operational taste of CEF. Check out the detailed sessions:
PS-540 - Router and Switch Internal Architecture and Operation
PS-201 - Router Internals and IOS Operations
-
5733021300_05_2000_c2 2001, Cisco Systems, Inc.
New TerminologyNew TerminologyNew Terminology
Routing Information Base (RIB)Generated by each routing protocol
Forwarding Information Base (FIB)Network layer routing information
New Term used to describe the Forwarding Table
Adjacency Table (Adj) Next hop link layer information
Distributed FIBFIB push out to the Line Cards on a router so that forwarding can be done locally on each line card.
-
5833021300_05_2000_c2 2001, Cisco Systems, Inc.
Routing Tables (RIB) Feeds Routing Tables (RIB) Feeds the Forwarding Table (FIB)the Forwarding Table (FIB)
BGP 4 Routing Table(RIB)
OSPF - Link State Database(RIB)
Static Routes
Forw
ard
Info
rmat
ion
Bas
e o
n R
P
Connected Interfaces
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
-
5933021300_05_2000_c2 2001, Cisco Systems, Inc.
FIBs MTRIE Data StructureFIBsFIBs MTRIE Data StructureMTRIE Data Structure
mm--nodenode is an internal node containing an array of M child is an internal node containing an array of M child links.links.
A A child linkchild link points to another mpoints to another m--node, a leaf (FIB), or Null.node, a leaf (FIB), or Null. A A leaf (cached)leaf (cached), bottom of tree, points to a , bottom of tree, points to a FIBFIB..
M-node
Leaf
Leaf
LeafLeaf
Leaf
Leaf Leaf
Leaf Leaf
Child Link
Leaf
ROOT
10.0.0.0
192.5.0.0 192.8.0.0
192.8.2.0
192.8.2.0 192.8.2.128
192.0.0.0
54.10.4.054.10.1.0
54.10.0.0
54.0.0.0
10.1.1.1
10.10.5.010.1.1.0
10.1.0.0 10.10.0.0
-
6033021300_05_2000_c2 2001, Cisco Systems, Inc.
MTRIE StructuresMTRIE StructuresMTRIE Structures
8-8-8-8 used by generic IOS
16-8-8 used by the GSR Engine 4
10-9-5-8 used by the ESR (Omega)
11-8-5-8 used by ESR (Pulsar)
-
6133021300_05_2000_c2 2001, Cisco Systems, Inc.
MTRIE Data Structure Effect PPS Performance
MTRIE Data Structure Effect MTRIE Data Structure Effect PPS PerformancePPS Performance
Route Lookup Performance
0.0%
10.0%
20.0%
30.0%
40.0%
50.0%
60.0%
70.0%
80.0%
90.0%
13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Prefix Length (bits)
Per
cen
t o
f L
ine
Rat
e fo
r 64
byt
e p
acke
ts
8-1-1-1-1-1-1...16-8-8
The Internet Today
The Internet Today
Vendors MarketingCollateral
Vendors MarketingCollateral
-
6233021300_05_2000_c2 2001, Cisco Systems, Inc.
CEF Defaults in 12.0SCEF Defaults in 12.0SCEF Defaults in 12.0S
On this platform... The default is...
Cisco 7000 series equipped withRSP7000
CEF is not enabled.
Cisco 7200 series CEF is not enabled.
Cisco 7500 series CEF is enabled.
Cisco 12000 series Gigabit SwitchRouter
Distributed CEF is enabled.
7500 with VIP2/4 Cards should have ip cef distributed turned on!
7200 should have ip cef turned on!
Remember the memory requirements on the line/VIP cards
-
6333021300_05_2000_c2 2001, Cisco Systems, Inc.
CEF Based FeaturesCEF Based FeaturesCEF Based Features
CEF Based Features are defined as functions that use the FIBs MTRIE as a core foundation of their function. Stores information in the the FIBs Leaf.
Why use store it in the FIB? Consistent look-ups (4 steps in a 8-8-8-8
MTRIE)
Per prefix information.
Update of the information via a routing protocol.
-
6433021300_05_2000_c2 2001, Cisco Systems, Inc.
Current FIB Entries added to the Leaf (not in all hardware):
Precedence = Values 0-7 for use in QOS Features
QOS-Group = Values 0-99 for use in QOS Features
WCCP-Tag = Values 0-99 for use with WCCP
Traffic-Index = Values 0-7 for use in with BGP Policy Accounting
ROOT
10.0.0.0
struct fibtype_ :struct fibtype_ :PrecedencePrecedence
QOS_GroupQOS_GroupWCCP_TAGWCCP_TAG
Traffic_IndexTraffic_Index
10.1.1.1
10.10.5.010.1.1.0
10.1.0.0 10.10.0.0
FIB Entries or (also called items added
to the struct fibtype_ ; in the leaf)are used to distribute policy through the network via BGP and the table-mapcommand. They are used for Security, Accounting, QOS, and any other service/feature the customer dreams up. The values are obtained via CEFs MTRE look-up.
FIB EntriesFIB EntriesFIB Entries
-
6533021300_05_2000_c2 2001, Cisco Systems, Inc.
Fib Entries in the LeafFib Entries in the LeafFib Entries in the Leafstruct fibtype_ {
mtrie_leaf mtrie_info; /* Mtrie crap */
adjacency *fastadj; /* Cache adj when no load sharing */
loadinfotype *loadinfo; /* Load sharing information */
ulonglong packets; /* Packets switched */
ulonglong bytes; /* Bytes switched */
void *fasttag_rew; /* tag rewrite when no load sharing */
ushort origin_as; /* Autonomous System */
uchar mask_bits; /* Number of bits on in the net mask */
uchar precedence; /* precedence for pkts to this dest */
uchar flags; /* see below */
uchar next_index; /* index of next path to use */
uchar count; /* number of paths */
uchar qos_group; /* qos group for pkts to this source or dest */
tag_info *tag_info; /* Tag information for this prefix */
ulong version; /* FIB entry version number */
uchar *hwleaf;
uchar wccp_tag; /* WCCP service */
uchar traffic_index; /* Traffic Group for acct purposes */
uchar dummy1;
fib_path path[0]; /* Possible paths */
};
-
6633021300_05_2000_c2 2001, Cisco Systems, Inc.
Routing Tables (RIB) Feeds Routing Tables (RIB) Feeds the Forwarding Table (FIB)the Forwarding Table (FIB)
BGP 4 Routing Table(RIB)
OSPF - Link State Database(RIB)
Static Routes
Forw
ard
Info
rmat
ion
Bas
e o
n R
P
Connected Interfaces
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
dFIBdFIB
on LCon LC
-
6733021300_05_2000_c2 2001, Cisco Systems, Inc.
Routing Tables (RIB) Feeds Routing Tables (RIB) Feeds the Forwarding Table (FIB)the Forwarding Table (FIB)
BGP 4 Routing Table(RIB)
ROOT
10.0.0.0
struct fibtype_ :struct fibtype_ :PrecedencePrecedence
QOS_GroupQOS_GroupWCCP_TAGWCCP_TAG
Traffic_IndexTraffic_Index
10.1.1.1
10.10.5.010.1.1.0
10.1.0.0 10.10.0.0Table-map command
updates FIB Entry
Route Map set
value
-
6833021300_05_2000_c2 2001, Cisco Systems, Inc.
What Problem are We Solving?
What Problem are We What Problem are We Solving?Solving?
NOC
Peer B
Peer AIXP-W
IXP-E
Upstream A
Upstream A
Upstream BUpstream B
POP
Target
A
B C
D
E
FG
Central Device uses a
network protocol to distribute
policy across the network.
-
6933021300_05_2000_c2 2001, Cisco Systems, Inc.
FIB Entry Based Features Today
FIB Entry Based Features FIB Entry Based Features TodayToday
CAR with QOS_IDMarketing name is Quality Policy
Propagation with BGP
WCCPv2 with WCCP_Tag
BGP Policy Accounting with Traffic_Index
-
7033021300_05_2000_c2 2001, Cisco Systems, Inc.
Destination
Sources
CEF Load-SharingCEF LoadCEF Load--SharingSharing
Per packet and enhanced per destination Enhanced per destination is based on source and
destination IP addresses Each destination flow takes a single, separate path Reduces need for per packet load-sharing
-
7133021300_05_2000_c2 2001, Cisco Systems, Inc.
AS 100 AS 101
AS 102
DMZ NetworkAA
BB
FF
DD
EE
CC
AA
CEF AccountingCEF AccountingCEF Accounting
Per prefix Per adjacency Per DMZ nexthop
accounting
-
7233021300_05_2000_c2 2001, Cisco Systems, Inc.
NetflowNetflowNetflow
Providers network administrators with packet flow information
Allows: Security monitoring
Network management and planning
Customer billing
Traffic flow analysis
Available from 11.1CC for 7x00 and 12.0 for remaining router platforms
-
7333021300_05_2000_c2 2001, Cisco Systems, Inc.
NetFlow InfrastructureNetFlow InfrastructureNetFlow Infrastructure
Network Data Analyzer: Data Presentation
NFC Control and Configuration
Partner Applications
NetFlowAccounting: Data Switching
Data Export
Data Aggregation
NetFlowFlowCollector: Data Collection
Data Filtering
Data Aggregation
Data Storage
File System Management
RMON ProbeRMON Probe
Accounting/Billing
Network Planning
-
7433021300_05_2000_c2 2001, Cisco Systems, Inc.
Netflow - Capacity PlanningNetflow Netflow -- Capacity PlanningCapacity Planning
Public Routers 1 , 2, 3 Month of September Outbound Traffic 1% 1% 1%1% 1% 1%1% 1%1% 1% 2%
4%
6%
8%
8%
10%20%
32%
WEC WebTV ABSNET AOL Compuserve
SURAnet IBM OARNet NIH PacBell Internet Service
JHU C&W UMD AT&T BBN
Erols Digex Other
-
7533021300_05_2000_c2 2001, Cisco Systems, Inc.
Source IP Address Destination IP Address Source IP Address Destination IP Address
Next Hop Address Source AS Number Dest. AS Number Source Prefix Mask Dest. Prefix Mask
Next Hop Address Source AS Number Dest. AS Number Source Prefix Mask Dest. Prefix Mask
Input Interface Port Output Interface Port Input Interface Port Output Interface Port
Type of Service TCP Flags Protocol
Type of Service TCP Flags Protocol
Packet Count Byte Count Packet Count Byte Count
Start Timestamp End Timestamp Start Timestamp End Timestamp
Source TCP/UDP Port Destination TCP/UDP Port Source TCP/UDP Port Destination TCP/UDP Port
Usage
QoS
Timeof Day
Application
RoutingandPeering
PortUtilization
From/To
NetFlow Data Record (V5)NetFlow Data Record (V5)NetFlow Data Record (V5)
Start Timestamp End Timestamp Call Duration
Start Timestamp End Timestamp Call Duration
Next Hop Address Lost Datagrams Next Hop Address Lost Datagrams
TimeStamp
Also available via RMONAvailable via Netflow only
-
7633021300_05_2000_c2 2001, Cisco Systems, Inc.
Version 7 - Cat6k only In connection with MultiLayer switching (MLS)
Version 8, the aggregated version For reduction of data export from the router:
ProtocolPort , AS ,SourcePrefix, DestinationPrefix, Prefix ,TOS
Sampled GSR onlyFor speeds higher than OC-3 strongly recommended
New
Netflow format variationsNetflow format variationsNetflow format variations
-
7733021300_05_2000_c2 2001, Cisco Systems, Inc.
IP packet
The Switching PathThe Switching PathThe Switching Path
Pkt
Buffer
Early
Feature
Lookup
ACL
Policy
WCCP
etc.
CEF+FLOW
CEF+Features
FAST
FAST+FLOW
CEF+VPN+
FLOW
Switching Vector Flow entry
Creation
Flow
Lookup
Engine Feature check
FIB
Late
Feature
Lookup
Qos
CAR
Crypto
Output
CEF
Packet Reference
-
7833021300_05_2000_c2 2001, Cisco Systems, Inc.
Typical Netflow DeploymentTypical Netflow DeploymentTypical Netflow Deployment
Network CoreGSR
Network CoreGSR
Edge Aggregation7500/7200/6509 NFCNFC
Access DevicesHead End, MUX,
DSL/Wireless/Cable
Access DevicesHead End, MUX,
DSL/Wireless/Cable
BillingTraffic engineering
InterfaceTo apps
-
7933021300_05_2000_c2 2001, Cisco Systems, Inc.
NetFlow Platform SupportNetFlow Platform SupportNetFlow Platform Support
*Support for NetFlow Export v1, v5, and v8 on 1600 and 2500 platforms is targeted for Cisco IOS software release 12.0(5)T. NetFlow support for these platforms will not be available in the Cisco IOS 12.0 mainline release.
Cisco IOS Software Release Version
Supported NetFlow Export Version(s) Supported Cisco Hardware Platforms
11.1CA, 11.1CC11.2, 11.2P11.2P11.3, 11.3T12.0
12.0T12.0S12.0(3)T and later12.0(3)S and later
12.04XEN/A
12.0(6)S
11.1CA, 11.1CC11.2, 11.2P11.2P11.3, 11.3T12.0
12.0T12.0S12.0(3)T and later12.0(3)S and later
12.04XEN/A
12.0(6)S
v1, v5v1v1v1v1, v5
v1, v5
v1, v5, v8
v1, v5, v8v7
v8
v1, v5v1v1v1v1, v5
v1, v5
v1, v5, v8
v1, v5, v8v7
v8
7200, 7500, RSP70007200, 7500, RSP7000Route Switch Module (RSM), 11.2(10)P and later7200, 7500, RSP70001720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM1720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM, MGX 8800 RPM, BPX 86001400*, 1600*, 1720, 2500*,2600, 3600, 4500, 4700, AS5800, AS5300**, 7200, uBR7200, 7500, RSP7000, RSM, MGX8800 RPM, BPX 86507100Catalyst 5K NetFlow Feature Card (NFFC)Catalyst 6K with MSFC card12000
7200, 7500, RSP70007200, 7500, RSP7000Route Switch Module (RSM), 11.2(10)P and later7200, 7500, RSP70001720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM1720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM, MGX 8800 RPM, BPX 86001400*, 1600*, 1720, 2500*,2600, 3600, 4500, 4700, AS5800, AS5300**, 7200, uBR7200, 7500, RSP7000, RSM, MGX8800 RPM, BPX 86507100Catalyst 5K NetFlow Feature Card (NFFC)Catalyst 6K with MSFC card12000
**Support for NetFlow Export v1, v5, and v8 on AS5300 platform is targeted for Cisco IOS software release 12.0(7)XR.
-
8033021300_05_2000_c2 2001, Cisco Systems, Inc.
NetflowNetflowNetflow
Configuration example:interface serial 5/0ip route-cache flow
If CEF not configured, Netflow enhances existing switching path (i.e. optimum switching)
If CEF configured, Netflow becomes a flow information gatherer and feature acceleration tool
-
8133021300_05_2000_c2 2001, Cisco Systems, Inc.
NetflowNetflowNetflow
Information export: router to collector systemip flow-export version 5 [origin-as|peer-as]ip flow-export destination x.x.x.x
Flow aggregation (new in 12.0S): router sends aggregate records to collector
systemip flow-aggregation cache as|prefix|dest|source|proto
enabledexport destination x.x.x.x
-
8233021300_05_2000_c2 2001, Cisco Systems, Inc.
Port-Protocol
Src-Prefix
Dst- Prefix
Prefix-Matrix
AS- Matrix
Aggregation SchemesAggregation SchemesAggregation Schemes
Netflow Main Cache(128k RAM)
Flow Entries
Agg Scheme CacheUDP
RouterBased
AggregationEnabled
Export buffer
Flow ExpiredCache FullTimer expired
-
8333021300_05_2000_c2 2001, Cisco Systems, Inc.
Netflow - Simple Traffic Engineering
Netflow Netflow -- Simple Traffic Simple Traffic EngineeringEngineering
Sample Output on router:Beta-7200-2>sh ip cache flowIP packet size distribution (17093 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480.000 .735 .088 .054 .000 .000 .008 .046 .054 .000 .009 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 1257536 bytes3 active, 15549 inactive, 12992 added210043 ager polls, 0 flow alloc failureslast clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowTCP-Telnet 35 0.0 80 41 0.0 14.5 12.7UDP-DNS 20 0.0 1 67 0.0 0.0 15.3UDP-NTP 1223 0.0 1 76 0.0 0.0 15.5UDP-other 11709 0.0 1 87 0.0 0.1 15.5ICMP 2 0.0 1 56 0.0 0.0 15.2Total: 12989 0.0 1 78 0.0 0.1 15.4
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP PktsEt1/1 144.254.153.10 Null 144.254.153.127 11 008A 008A 1 Et1/1 144.254.153.112 Null 255.255.255.255 11 0208 0208 1 Et1/1 144.254.153.50 Local 144.254.153.51 06 701D 0017 63
-
8433021300_05_2000_c2 2001, Cisco Systems, Inc.
NetFlow Accelerates NetFlow Policy Routing
(NPR)
Router-based network data encryption
Access Control Lists (ACL)
RSVP
IP Accounting
Netflow Feature AccelerationNetflow Feature AccelerationNetflow Feature Acceleration
Network Address Translation (NAT)
Committed Access Rate (CAR)
Web Cache Control Protocol (WCCP)
MultiNode Load Balancing (MNLB) (not in 12.0S)
Availability of such acceleration will be announced on a feature-by-feature basis
ip flow-cache feature-accelerate
-
8533021300_05_2000_c2 2001, Cisco Systems, Inc.
IP Switching Path - Hidden Commands
IP Switching Path IP Switching Path -- Hidden Hidden CommandsCommands
show interface switching
show interface switching
show interface stat
show interface stat
-
8633021300_05_2000_c2 2001, Cisco Systems, Inc.
Using DNSUsing DNSUsing DNS
Map names to addresses
Descriptive namesip domain-nameip name-server
Sample trace through network:4:Received echo from sj-wall-2.cisco.com [198.92.1.138] in 440 msec.5:Received echo from barrnet-gw.cisco.com [192.31.7.37] in 335 msec.
6:Received echo from paloalto-cr1.bbnplanet.net [131.119.26.9] in 335 msec.7:Received echo from paloalto-br2.bbnplanet.net [131.119.0.194] in 327 msec.
8:Received echo from core6-hssi6-0.SanFrancisco.mci.net [206.157.77.21] in 468 msec.9:Received echo from bordercore1-loopback.Washington.mci.net [166.48.36.1] in 454 msec.
10:Received 48 bytes from www.getit.org [199.233.200.55] in 466 msec
-
8733021300_05_2000_c2 2001, Cisco Systems, Inc.
Turn on NagleTurn on NagleTurn on Nagle
Telnet was designed to do one character, one packet dialog.
John Nagle's algorithm (RFC 896) helps alleviate the small-packet problem in TCP. service nagle
Lessens the load on the CPU when using show XXXX commands
-
8833021300_05_2000_c2 2001, Cisco Systems, Inc.
IP MAC accountingIP MAC accounting
Calculate total packet counts and byte counts for a LAN interface which receives/sends IP packets from/to each unique MAC address
Record a timestamp for the last packet received/sent for each unique MAC address
Available only on ethernet, FastEthernet and FDDI
Available from 11.1(19)CC
-
8933021300_05_2000_c2 2001, Cisco Systems, Inc.
IP MAC AccountingIP MAC Accounting
Use command ip accounting mac{input | output} to enable
show interface mac
Example:Ethernet0/1/3
Input (511 free)0000.0c04.7ad5(167): 9 packets, 1026 bytes, last: 20512ms ago
Total: 9 packets, 1026 bytesOutput (510 free)
ffff.ffff.ffff(0 ): 16 packets, 960 bytes, last: 58108ms ago0000.0c04.7ad5(167): 9 packets, 1026 bytes, last: 21060ms ago
Total: 25 packets, 1986 bytes
-
9033021300_05_2000_c2 2001, Cisco Systems, Inc.
IP MAC accounting IP MAC accounting -- the fine the fine printprint
Fast Ether Channel supported
512 mac address per interface per direction(input or output)
Support fast/optimum/flow/CEF switching
-
9133021300_05_2000_c2 2001, Cisco Systems, Inc.
IP Precedence AccountingIP Precedence Accounting
Calculate the total packet counts and byte counts for an interface which receives/sends IP packets, and sorts out the results based on different IP precedence
8 precedence levels
Supported on any interface and sub-interface
Switching mode supported: CEF/DCEF/Flow/Optimum
-
9233021300_05_2000_c2 2001, Cisco Systems, Inc.
IP Precedence AccountingIP Precedence Accounting
Use command ip accounting precedence{input | output} to enable
show interface precedence
Example:Ethernet0/1/3
InputPrecedence 0: 9 packets, 1026 bytes
OutputPrecedence 0: 9 packets, 1026 bytesPrecedence 6: 16 packets, 960 bytes
-
9333021300_05_2000_c2 2001, Cisco Systems, Inc.
Command SummaryCommand SummaryCommand Summary
Global Commandsip cef (-distributed)ip cef accounting [per-prefix] [non-recursive]ip flow-cache feature-accelerateip domain-nameip name-serverservice nagle
Interface Commandsdescription
bandwidth
ip load-sharing [per-packet] [per-destination]
ip route-cache flow