Implementing Network Monitoring
Download
Report
Transcript Implementing Network Monitoring
Implementing
Network Monitoring
Implementing a Highly Available Network
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-1
Network Management Overview
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-2
Syslog Overview
Allows software subsystems
to report and save important
error messages either locally
or to a remote logging server.
Can send messages on UDP
port 514.
Provides very comprehensive
reporting mechanism
in plain English text.
Logging messages on
console, terminal session,
buffer, and syslog server.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-3
Syslog Features
Devices produce syslog
messages.
Syslog messages contain
level and facility.
Common syslog facilities:
Syslog levels:
– Emergency (level 0,
highest level)
– Alert (level 1)
– Critical (level 2)
– IP
– Error (level 3)
– OSPF protocol
– Warning (level 4)
– SYS operating system
– Notice (level 5)
– IP Security (IPsec)
– Informational (level 6)
– Route Switch Processor
(RSP)
– Debugging (level 7)
– Interface
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-4
Cisco Syslog Message Standard
Documentation for each release explains the meaning of
the messages.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-5
Example: Syslog Messages
08:01:13:
to up
08:01:23:
adjacency
08:02:31:
08:18:20:
to down
08:18:22:
to up
08:18:24:
to down
08:18:24:
08:18:26:
08:19:49:
08:19:53:
08:19:53:
to up
08:27:42:
08:29:32:
08:29:36:
08:29:36:
to up
08:31:19:
to down
08:31:21:
to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state
%DUAL-5-NBRCHANGE: EIGRP-IPv4:(1) 1: Neighbor 10.1.1.1 (Vlan1) is up: new
%LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
%ILPOWER-5-IEEE_DISCONNECT: Interface Fa0/2: PD removed
%LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down
%ILPOWER-7-DETECT: Interface Fa0/2: Power Device detected: Cisco PD
%LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
%SYS-5-CONFIG_I: Configured from console by vty1 (10.1.1.24)
%ILPOWER-7-DETECT: Interface Fa0/3: Power Device detected: IEEE PD
%LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-6
System Log Configuration
sw(config)# logging server_ip_address
Sw(config)# logging trap level
Configures a syslog server and the logging level
sw(config)# logging buffered [buffer_size] [alarm_level]
Configures the system local log
sw# show logging ?
count
Show counts of each logging message
history Show the contents of syslog history table
onboard Onboard logging information
xml
Show the contents of XML logging buffer
|
Output modifiers
Displays the local logs
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-7
SNMP Overview
Manager:
Polls agents on the network
Correlates and displays information
SNMP:
Supports message exchange
Runs on IP
Agent:
Collects and stores information
Responds to manager requests for
information
Generates traps
MIB:
Database of objects
(information variables)
Read and write community strings for
controlling access
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-8
About SNMPv2
SNMPv2c defined in RFC 1901
SNMPv2 new features:
– Get Bulk Request
– Inform Request (acknowledged trap)
– Data types with 64-bit values
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-9
About SNMPv3
RFCs 3410 through 3415
Authentication and privacy
Authorization and access control
Usernames and key management
Remotely configurable via SNMP operations
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-10
SNMP Recommendations
Configure ACKs for SNMP community strings.
Restricts SNMP traffic to addresses in ACL.
Use SNMPv3 if possible.
Provides authentication and encryption.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-11
SNMP Configuration
Configure SNMP community strings.
Configure SNMP access lists.
Configure SNMP trap receiver.
Configure SNMPv3 user.
sw(config)#
sw(config)#
sw(config)#
sw(config)#
access-list
snmp-server
snmp-server
snmp-server
© 2009 Cisco Systems, Inc. All rights reserved.
100 permit ip 10.1.1.0 0.0.0.255 any
community cisco RO 100
community xyz123 RW 100
trap 10.1.1.50
SWITCH v1.0—5-12
SLA Review
Companies need predictability in IP services as networks
becoming increasingly important.
An SLA is a contract between the provider and its customers:
– Provides a guarantee of service level.
– Specifies connectivity and performance agreements for an
end-user service.
– Supports problem isolation and network planning.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-13
IP SLA Measurements
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-14
IP SLA Operations
Operation is a measurement including protocol, frequency, traps,
and thresholds.
Network manager defines UDP or TCP port for each IP SLA
measurement operation.
IP SLAs can send traffic with different DSCP values.
IP SLA control protocol is used between source and responder.
MD5 authentication is supported between source and responder.
Results are stored on IP SLA source in the IP SLA MIB.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-15
IP SLA Source and Responder
IP SLA source
Cisco IOS Software device that sends data for operation.
– Target device may or may not be a Cisco IOS Software device.
– Some operations require an IP SLA responder.
IP SLA source stores results in MIB.
IP SLA responder
Greater measurement accuracy is available between an IP SLA
source and responder.
IP SLA responder is a Cisco IOS Software device that is
configured to respond to IP SLA packets that are based on the ip
sla monitor responder configuration command.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-16
IP SLA Operation with Responder
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-17
IP SLA Responder Time Stamps
IP SLA responder takes two time stamps (T2 and T3).
IP SLA responder factors out destination processing time, making
results highly accurate.
IP SLA responder allows for one-way measurements for latency,
jitter, and packet loss.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-18
IP SLA Configuration
Configure IP SLA probe.
Activate probe.
Configure tracking object.
Configure action on tracking
object.
Exact syntax depends on
platform and on Cisco IOS
version.
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-19
IP SLA Verification
Displays status of the IP SLA test, and its successes and
failures.
Show ip sla configuration can also be used to display
details of the IP SLA test that was conducted.
sw# show ip sla statistics
Round Trip Time (RTT) for Index 1
Latest RTT: NoConnection/Busy/Timeout
Latest operation start time: 11:11:22.533 eastern Thu Jul 9 2010
Latest operation return code: Timeout
Over thresholds occurred: FALSE
Number of successes: 177
Number of failures: 6
Operation time to live: Forever
Operational state of entry: Active
Last time this entry was reset: Never
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-20
Summary
Redundancy can be achieved at Layer 2 and at Layer 3 by
providing additional redundant paths between devices.
Syslog and SNMP are used to monitor device status.
In IP SLA deployments, IP SLA measurements are performed
between an IP SLA source and a destination (IP host or IP SLA
responder).
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-21
© 2009 Cisco Systems, Inc. All rights reserved.
SWITCH v1.0—5-22