TS Performance

2018-05-08

Switch targets

    Cisco Catalyst switches similar components for troubleshooting:

  • ports
  • forwarding logic - a process which make a hardware based on different tables in the data plane
  • backplane - a physically tire which connect switch ports
  • control plane - a CPU and memory which responsible to run operating system and building forwarding decisions tables.

    Normally the control plane does not participate in the frame-forwarding process. But, the forwarding logic bield in the control plane. As result case of impact of packets rate can overload the control plane of the switch.

Port errors

    When troubleshooting a suspected Cisco Catalyst switch issue, a good first step is to check port statistics. For example, examining port statistics can let a troubleshooter know whether an excessive number of frames are being dropped. If a TCP application is running slowly, the reason might be that TCP flows are going into TCP slow start , which causes the window size, and therefore the bandwidth efficiency, of TCP flows to be reduced. A common reason that a TCP flow enters slow start is packet drops.

Read Comments

TS and Maintain Toolkit

2018-04-20

Recovery tools

    To increase a survivability of our network globally all nodes configuration and operating systems should be backed up remote storages. A backup configuration and images storage server have to be able to run one or more services, such as TFTP, FTP, HTTP, or SCP server.

To backing up a router configuration to an FTP server:

 # copy startup-config ftp://pass:login@10.0.0.1

    To avoid typing credentials each time we can specify it once to a specific service:

 (config)# ip ftp username cisco (config)# ip ftp password cisco (config)# ip http client username cisco (config)# ip http client password cisco 

    Cisco archive feature can automate a configuration backuping. A configuration can be backed up at a certain interval and each time we use write-memory or copy running-config startup-config commands.

 (config)# archive (config)# path ftp://10.0.0.
                    
Read Comments

Site 2 Site VPN

2018-04-11

Introduction

    Here is a basic site to site IPsec VPN configuration for multi-vdom Fortigate unit and context based Cisco ASA.

Cisco ASA configuration

    Multiple context mode allows convert single ASA in to multiple independent devices with ist own configuration. When we enable multiple context the ASA create two new configuration files for system and admin context.

 mode multiple

    By default all contexts belongs to a default class, its provide unlimited access to resources except for the following limits:

  • telnet - 5 sessions
  • ssh - 5 sessions
  • ipsec - 5 sessions
  • mac addresses - 65,535 entries
  • anyconnect - 0 sessions
  • vpn site-to-site tunnels - 0 sessions

    So, we need to define a class to configure resources allocation to contexts.  Other VPN sessions include Site-to-Site, IKEv1 RA and L2tp Sessions. These are guaranteed for a context and shouldn't exceed.

 class vpn limit-resource VPN Other 1 

    Next create context, set class and allocate interfaces with aliases which will be used inside context configuration. A configuration file for the context will be stored in a local storage disk0:/s2svpn.

Read Comments

Introduction to Troubleshooting

2018-03-13

Defining

    Structured troubleshooting procedure:

  • Step 1. Problem report
  • Step 2. Collect information
  • Step 3. Examine collected information
  • Step 4. Eliminate potential causes
  • Step 5. Propose an hypothesis
  • Step 6. Verify hypothesis
  • Step 7. Problem resolution

    A Structured Approach:

    Basically information about network issues can be divided in to three category:

  •     troubleshooting inforamtion - collected during troubleshooting
  •     baseline informaion - collected while normal network work
  •     network event information collection - collected alerts to specific conditions such as utilizations excited

Troubleshooting Methods

  • The top-down method
  • The bottom-up method
  • The divide-and-conquer method
  • Following the traffic path
  • Comparing configurations
  • Component Swapping

    Depending on your situation and the issue you are troubleshooting, you may use one or multiple methods.

Read Comments