Sybex ICND2/CCNA R/S Chapter 17: IP ServicesInstructor & Todd Lammle

Chapter 17 Objectives

• The ICND2 Topics Covered in this chapter include:

• IP Services– Recognize high availability (FHRP)– VRRP– HSRP– GLBP– Configure and verify Syslog– Utilize Syslog Output– Describe SNMP v2 & v3

• Troubleshooting– Utilize netflow data– Monitor NetFlow statistics

2

Default gateway

If you’re wondering how you can possibly configure a client to send data off its local link when its default gateway router has gone down, you’ve targeted a key issue because the answer is that usually, you can’t!

Proxy ARP

If a Proxy ARP–enabled router receives an ARP request for an IP address that it knows isn’t on the same subnet as the requesting host, it will respond with an ARP reply packet to the host

FHRPs use a virtual router with a virtual IP address and virtual MAC

address.

First hop redundancy protocols (FHRPs) work by giving you a way to configure more than one physical router to appear as if they were only a single logical one.

HSRP

HSRP is a Cisco proprietary protocol that can be run on most, but not all, of Cisco’s router and multilayer switch models. It defines a standby group, and each standby group that you define includes the following routers:

Active router Standby router Virtual router Any other routers that maybe attached to the

subnet

HSRP active and standby routers

The problem with HSRP is that with it, only one router is active and two or more routers just sit there in standby mode and won’t be used unless a failure occurs—not very cost effective or efficient!

The standby group will always have at least two routers participating in it. The primary players in the group are the one active router and one standby router that communicate to each other using multicast Hello messages.

HSRP Virtual MACThe HSRP MAC address has only one variable piece in it. The first 24 bits still identify the vendor who manufactured the device (the organizationally unique identifier, or OUI). The next 16 bits in the address tells us that the MAC address is a well-known HSRP MAC

Here is an example of what an HSRP MAC address would look like:

0000.0c07.ac0a

The first 24 bits (0000.0c) are the vendor ID of the address; in the case of HSRP being a Cisco protocol, the ID is assigned to Cisco.

The next 16 bits (07.ac) are the well-known HSRP ID. This part of the address was assigned by Cisco in the protocol, so it’s always easy to recognize that this address is for use with HSRP.

The last 8 bits (0a) are the only variable bits and represent the HSRP group number that you assign. In this case, the group number is 10 and converted to hexadecimal when placed in the MAC address, where it becomes the 0a that you see.

VRRP

VRRP is an IEEE standard (RFC 2338) for router redundancy; HSRP is a Cisco proprietary protocol.

The virtual router that represents a group of routers is known as a VRRP group.

The active router is referred to as the master virtual router. The master virtual router may have the same IP address as the

virtual router group. Multiple routers can function as backup routers. VRRP is supported on Ethernet, Fast Ethernet, and Gigabit

Ethernet interfaces as well as on Multi-protocol Label Switching (MPLS) virtual private networks (VPNs) and VLANs.

GLBP

Cisco designed a proprietary load-balancing protocol, Gateway Load Balancing Protocol (GLBP), to allow automatic selection and simultaneous use of multiple available gateways as well as permit automatic failover between those gateways.

GLBP takes an active/active approach on a per-subnet basis to support first-hop (default router) traffic when implemented with two routers on the same LAN. Multiple routers share the load of frames that, from a client perspective, are sent to a single default gateway address, as shown in the figure

GLBP Functions

GLBP essentially provides clients with the following:

An active virtual gateway (AVG) An active virtual forwarder (AVF)

It also allows members of the group to communicate with each other through Hello messages sent every 3 seconds to the multicast address 224.0.0.102, User Datagram Protocol (UDP) port 3222.

GLBP AVGMembers of a GLBP group elect one gateway to be the AVG for that group. Other group members provide backup for the AVG in the event that the AVG becomes unavailable. The AVG assigns a different virtual MAC address to each member of the GLBP group.

GLBP AVFEach gateway assumes responsibility for forwarding packets that

are sent to the virtual MAC address assigned to that gateway by the AVG. These gateways are known as AVFs for their virtual MAC address.

SyslogReading system messages from a switch’s or router’s internal buffer is the

most popular and efficient method of seeing what’s going on with your network at a particular time. But the best way is to log messages to a syslog server, which stores messages from you and can even time-stamp and sequence them for you, and it’s easy to set up and configure!

Severity Levels

Severity Level Explanation

Emergency (severity 0) System is unusable.

Alert (severity 1) Immediate action is needed.

Critical (severity 2) Critical condition.

Error (severity 3) Error condition.

Warning (severity 4) Warning condition.

Notification (severity 5) Normal but significant condition.

Information (severity 6) Normal information message.

Debugging (severity 7) Debugging message.

Understand that only emergency-level messages will be displayed if you’ve configured severity level 0. But if, for example, you opt for level 4 instead, level 0 through 4 will be displayed, giving you emergency, alert, critical, error, and warning messages too.

Show logging

Router#sh loggingSyslog logging: enabled (11 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) Console logging: level debugging, 29 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 1 messages logged, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabledNo active filter modules.  Trap logging: level informational, 33 message lines logged Log Buffer (4096 bytes):*Jun 21 23:09:37.822: %SYS-5-CONFIG_I: Configured from console by consoleRouter#

Notice that the default trap (message from device to NMS) level is informational (level6), but you can change this too.

SNMPSNMP is an Application layer protocol that provides a message format for agents on a variety of devices to communicate with network management stations (NMSs)

The NMS periodically queries or polls the SNMP agent on a device to gather and analyze statistics via GET messages. End devices running SNMP agents would send an SNMP trap to the NMS if a problem occurs.

SNMP versions

SNMP has three versions, with version 1 being rarely, if ever implemented today. Here’s a summary of these three versions:

SNMPv1Supports plaintext authentication with community strings and uses

only by UDP.

SNMPv2cSupports plaintext authentication (using community strings) with

MD5 or SHA with no encryption but provides GET BULK, which is a way to gather many types of information at once and minimize the number of GET requests. It offers a more detailed error message reporting method, but it’s not more secure than v1. It uses UDP even though it can be configured to use TCP.

SNMPv3Supports strong authentication with MD5 or SHA, providing

confidentiality (encryption) and data integrity of messages via DES or DES-256 encryption between agents and managers. GET BULK is a supported feature of SNMPv3, and this version also uses TCP.

NetFlow

Cisco IOS NetFlow efficiently provides a key set of services for IP applications, including network traffic accounting for baselining, usage-based network billing for consumers of network services, network design and planning, general network security, and DoS and DDoS monitoring capabilities as well as general network monitoring.

Service providers use NetFlow to do the following:

Efficiently measuring who is using network service and for which purpose

Accounting and charging back according to the resource utilizing level

Using the measure information for more effective network planning so that resource allocation and deployment are well aligned with customer requirements

Using the information to better structure and customize the set of available applications and services to meet user needs and customer service requirements

NetFlow Uses

Major users of the network, meaning top talkers, top listeners, top protocols, and so on

Websites that are routinely visited, plus what’s been downloaded

Who’s generating the most traffic and using excessive bandwidth

Descriptions of bandwidth needs for an application as well as your available bandwidth

Configuring NetFlowSF(config)#int fa0/0SF(config-if)#ip flow ingressSF(config-if)#ip flow egressSF(config-if)#exitSF(config)#ip flow-export destination 172.16.20.254 9996SF(config)#ip flow-export version ? 1 5 9SF(config)#ip flow-export version 9SF(config)#ip flow-export source loopback 0

Show ip cache flow

SF#sh ip cache flowIP packet size distribution (161 total packets):[output cut]IP Flow Switching Cache, 278544 bytes 1 active, 4095 inactive, 1 added 215 ager polls, 0 flow alloc failures Active flows timeout in 30 minutes Inactive flows timeout in 15 secondsIP Sub Flow Cache, 21640 bytes 1 active, 1023 inactive, 1 added, 1 added to flow 0 alloc failures, 0 force free 1 chunk, 1 chunk added last clearing of statistics neverProtocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowTCP-Telnet 14 0.0 19 58 0.1 6.5 11.7TCP-WWW 8 0.0 9 108 0.1 2.5 1.7SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP PktsFa0/0 172.16.10.1 gig0/1 255.255.255.255 11 0044 0050 1161

Written Labs and Review Questions

– Read through the Exam Essentials section together in class

– Open your books and go through all the written labs and the review questions.

– Review the answers in class.

22