NetFlow Top-Talkers

Nov 2nd

Posted by Colby in Commands

1 comment

This is a short article on the NetFlow “top-talkers” CLI feature, which I didn’t know about before today. NetFlow is a tool for monitoring traffic flows, it’s particulalry handy when you’re trying to find out what host or protocol is saturating a network. Obviously the pretty GUI NetFlow collectors are better for many things, but the CLI method can be really helpful if you’re looking for something quickly. Here’s the config:

Here’s the config from my outside interface.

interface FastEthernet0/0
 description OUTSIDE
 ip address xx.xx.29.218 255.255.255.248
 ip flow ingress
 ip flow egress

I’ve enabled NetFlow with the “ip flow” commands.

Here are the commands to enable the “top-talkers” feature at the CLI.

EDGE(config)#ip flow-top-talkers
EDGE(config-flow-top-talkers)# top 25
EDGE(config-flow-top-talkers)# sort-by bytes
EDGE(config-flow-top-talkers)# cache-timeout 5000
EDGE(config-flow-top-talkers)#^Z

Pretty simple, we’ve set how many conversations to show, then we can sort by bytes or packets, finally we set our timeout (in milliseconds).

Now we’ll look at the show command:

EDGE#sh ip flow top-talkers
 
SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP Bytes
Fa0/1         xx.xx.29.221    Fa0/0*        212.84.105.94   06 F6B9 9C40    77K
Fa0/1         xx.xx.29.218    Fa0/0*        66.194.235.133  06 01BB EF24    12K
Fa0/1         xx.xx.29.221    Fa0/0*        85.24.163.125   06 7F23 EC43    10K
Fa0/1         xx.xx.29.221    Fa0/0*        114.89.235.172  06 7F23 0CB7  9216
Fa0/0         72.211.212.180  Fa0/1         xx.xx.29.221    06 EC74 7F23  5088
Fa0/0         66.194.235.133  Fa0/1         xx.xx.29.218    06 EF24 01BB  2680
Fa0/0         121.127.209.73  Fa0/1         xx.xx.29.221    06 0E20 7F23  2297
Fa0/1         xx.xx.29.221    Fa0/0*        121.127.209.73  06 7F23 0E20  2162
Fa0/0         87.194.215.124  Fa0/1         xx.xx.29.221    06 C220 7F23  2100
Fa0/1         xx.xx.29.221    Fa0/0*        87.194.215.124  06 7F23 C220  2072
Local         xx.xx.29.218    Fa0/0*        70.71.239.87    32 033B B7EC  2000
Fa0/0         88.193.80.142   Fa0/1         xx.xx.29.221    06 D788 7F23  1838
Fa0/1         xx.xx.29.221    Fa0/0*        88.193.80.142   06 7F23 D788  1832
Fa0/1         xx.xx.29.221    Fa0/0*        70.64.13.242    06 7F23 F5BC  1717
Fa0/0         212.84.105.94   Fa0/1         xx.xx.29.221    06 9C40 F6B9  1276
Fa0/0         70.64.13.242    Fa0/1         xx.xx.29.221    06 F5BC 7F23  1067
Fa0/1         xx.xx.29.218    Fa0/0*        74.125.67.149   06 1853 0050   872
Fa0/1         xx.xx.29.221    Fa0/0*        217.145.245.245 06 7F23 8736   868
Fa0/0         70.177.163.148  Local         xx.xx.29.218    2F 0000 0000   816
Fa0/0         24.11.68.215    Fa0/1         xx.xx.29.221    06 DABF 7F23   767
Fa0/0         81.234.172.49   Fa0/1         xx.xx.29.221    06 08A8 7F23   617
Tu103         xx.xx.29.218    Fa0/0*        65.120.117.126  32 0CED D9C9   616
Fa0/0         74.125.67.149   Fa0/1         xx.xx.29.218    06 0050 1853   594
Fa0/1         xx.xx.29.221    Fa0/0*        81.234.172.49   06 7F23 08A8   499
Fa0/0         85.68.237.69    Fa0/1         xx.xx.29.221    06 1F37 C0E5   372
Read more...

, , , ,

ODR Lab

Oct 31st

Posted by Colby in Labs

No comments

In this article we’ll do a short ODR (On Demand Routing) lab. ODR is a simple routing protocol targeted at hub and spoke topologies, it uses CDP to propagate routing updates. This is one of the technologies that might be on the CCIE exams. I will be including my Dynagen/GNS3 .net file at the end of this post. Here is our topology:

ODR Topology

Let’s go through the config:

R1

hostname R1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Serial0/0
 ip address 10.1.0.1 255.255.255.252
!
interface Serial0/1
 ip address 10.1.1.1 255.255.255.252
!
interface Serial0/2
 ip address 10.1.2.1 255.255.255.252
!
router odr

We configure the hostname and our Loppback and Serial interfaces. The important command here is “router odr”, this turns ODR on. This command is ONLY run on the hub.

R2:

hostname R2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Serial0/0
 ip address 10.1.0.2 255.255.255.252

R3:

hostname R3
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Serial0/0
 ip address 10.1.1.2 255.255.255.252

R4:

hostname R4
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Serial0/0
 ip address 10.1.2.2 255.255.255.252

We now have our hostnames and interfaces configured on R1, R2 and R3. Notice we DO NOT use the “router odr” command on the spokes.

Surprisingly, that is all there is to it! Let’s verify our config:

Read more...

, , , , , ,

JUNOS As A Second Language

Oct 27th

Posted by Colby in Juniper

1 comment

So I’ve been realizing how lost I am in JUNOS and it bugs me. I’ve been going through the JSL course that a friend linked me to me awhile back. Juniper offers this course for free (very smart, IMO) and you can view it online or download it. Here’s a blurb from their site:

About This Course

For those of you who are familiar with Cisco's IOS, learning Juniper Networks JUNOS operating system is now made easy with JUNOS as a Second Language. Using an advanced graphical display, this course compares the similarities and the differences between both operating systems and shows the benefits of using JUNOS software. This 90-minute program is designed for network engineers who are already well-versed in Cisco's IOS software but who might not be as familiar with Juniper Networks JUNOS software.

Building on existing IOS configuration knowledge to provide a high-level overview of the JUNOS software, how it works, and how it compares with IOS, this course covers the following:

    * JUNOS Software Fundamentals
    * The CLI
    * Configuration Fundamentals
    * Interface Configuration
    * Ethernet Interfaces
    * Serial Interfaces
    * Interface Monitoring
    * Firewall Filters
    * Routing Protocol Fundamentals
    * OSPF
    * BGP

Upon completing this program, users who were new to the JUNOS software will now have a good familiarity with it and be a step closer to qualifying to attain the JNCIA-ER certification.

Read more...

, , ,

CCIEv4 Lab Preview

Oct 26th

Posted by Colby in Useful Links

No comments

If you keep up with the Cisco Certification news then you already know about the CCIE change from version 3 to version 4. With this come some interesting changes, namely the addition of the two hour Troubleshooting section to the Lab exam. Wendell Odom gives us a nice run through of the beta lab he got to take:

A Sneak Peek at the CCIE R/S Lab

If you don’t already read Wendell’s blog you should definitely start. He posts wonderfully helpful and informative articles. His archives also have a wealth of information, the CCNA and CCNP Lab articles were invaluable when I was going for those certs.

, ,

Basic AToM Lab

Oct 14th

Posted by Colby in Labs

No comments

In this article we’ll go over a simple AToM (Any Transport over MPLS) configuration. I’ve been studying MPLS a lot lately and this is my first time playing with AToM and it’s very cool stuff. This article could be useful for anyone studying MPLS and/or CCIP/CCIE topics, or just someone who is interested in learning new things. I will be including my Dynagen/GNS3 .net file with this. Here is our topology:

AToM Topology

Let’s go through the config:

P Router:

hostname P
!
mpls label protocol ldp
mpls ldp router-id lo0 force
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet1/0
 ip address 10.1.1.1 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface FastEthernet1/1
 ip address 10.1.2.1 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
router ospf 100
 router-id 1.1.1.1
 log-adjacency-changes
 network 1.1.1.1 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0
 network 10.1.2.0 0.0.0.3 area 0

Here we’ve set the hostname, configured the MPLS label protocol (note: LDP is the default on new IOSes), we set a loopback interface that will be our RID for MPLS and OSPF. We also configured our connections to the PE routers and brought up OSPF as our IGP.

PE1 Router:

hostname PE1
!
mpls label protocol ldp
mpls ldp router-id lo0 force
!
pseudowire-class one
 encapsulation mpls
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet1/0
 ip address 10.1.1.2 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface Serial2/0
 no ip address
 xconnect 3.3.3.3 100 pw-class one
!
router ospf 100
 router-id 2.2.2.2
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 10.1.1.0 0.0.0.3 area 0

PE2 Router:

hostname PE2
!
mpls label protocol ldp
mpls ldp router-id lo0 force
!
pseudowire-class one
 encapsulation mpls
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet1/0
 ip address 10.1.2.2 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface Serial2/0
 no ip address
 xconnect 2.2.2.2 100 pw-class one
!
router ospf 100
 router-id 3.3.3.3
 log-adjacency-changes
 network 2.2.2.2 0.0.0.0 area 0
 network 10.1.2.0 0.0.0.3 area 0
Read more...

, , , , , , , , , , ,
« First...1020«2223242526»