ISP Essentials 1 General Rev4

133021300_05_2000_c2 2001, Cisco Systems, Inc. 11300_05_2000_c2 2000, Cisco Systems, Inc.

2I33021300_05_2000_c2 2000, Cisco Systems, Inc.

ISP Essentials ISP Essentials Best Practice Best Practice

Cisco IOS Techniques Cisco IOS Techniques to Scale the Internetto Scale the Internet

Session XXXXVersion 4

Session XXXXVersion 4

333021300_05_2000_c2 2001, Cisco Systems, Inc.

Who Should Attend?Who Should Attend?Who Should Attend?

Engineers from Existing ISPs, ASPs, Telcos, and other Internet based service providers.

Consultants/CCIEs working with Internet based service providers.

Anyone else interested in the gory IOS details.


PrerequisitesPrerequisitesPrerequisites

This is not for people brand new to networking and IOS

Know a bit about IOS.

Know a bit about OSPF and BGP

Know a bit about TCP/IP


Agenda for the DayAgenda for the DayAgenda for the Day

General Features

ISP Security

Routing Configuration Guidelines and Updates

Operations Essentials


Changes from Last YearChanges from Last YearChanges from Last Year

Fundamentals and Essentials do not change much.

The objective of this Power Session is to get ISPs to consider and turn features on that will make their life easier.

This Power Session is given through out the year as a stand alone ISP Seminar. It is part of the ISP Workshop program:

http://www.cisco.com/public/cons/


Changes from Last YearChanges from Last YearChanges from Last Year

Updates/Changes since last year: New updates, features, and clarifications

added.

ISP Architecture Essentials Section pulled into a separate session RST-211.

BGP Updates pulled into the BGP Power Session (PS-545) and the BGP sessions during the week.

Operations Essentials Section added so people building/running NOCs understand some of the essentials of what a ISPs Operations Team should be doing.


General IOS FeaturesGeneral IOS FeaturesGeneral IOS Features


Which IOS Version?Which IOS Version?Which IOS Version?

9Presentation_ID 1999, Cisco Systems, Inc. www.cisco.com


Cisco IOS RoadmapCisco IOS RoadmapCisco IOS Roadmap

http://www.cisco.com/warp/public/620/roadmap.shtml


12.0 (Mainline)

12.0S (SP)(New features and Platforms)

11.3T

11.2GS

(Controlled Release)12.0ST (T for Tag integration branch)

11.3AA

11.1CC

MPLS//VPN/FRR/LDP...

12.0S and its Children12.0S and its Children12.0S and its Children

Near Future: 12.0S Hardware

Additions Only

12.0ST New Software Features

Both will run through the same internal testing.

(12.0SL Cisco 10000)

12.0SC (uBR)


12.0S

12.0ST

All Bug Fixes in 12.0S get synced to 12.0ST New feature (eg. line cards) in 12.0S syncs to 12.0ST The feature must be regression and dev tested in 12.0ST The feature is FCSd in 12.0ST the next release cycle

12.0(15)S4xOC48

12.0(15)ST 4xOC48

Sync from S to ST software train

4xOC48 Line card (feature) example

12.0(16)ST

TESTING

Parent Child Relationship 12.0S and 12.0ST ExampleParent Child Relationship Parent Child Relationship 12.0S and 12.0ST Example12.0S and 12.0ST Example


Which IOS version?Which IOS version?Which IOS version?

PlatformsGSR, 7500 series, 7200 series

Recommended release is 12.0S trainCurrent version is 12.0(16)S (as of May 2001)

Available on CCO

Has all of latest ISP supported features



Platforms OSR 7600

Recommended release is 12.1E train today and 12.2S in the future. Current version is 12.1(7)E (as of May 2001)

Available on CCO

Working with customers to have all the necessary features needed by ISP.

Processes updated to ISP Expectations (work in progress)



Platforms

10000

Recommended release is 12.0SL train today and 12.0ST in the near future

Current version is 12.0(15)SL (as of May 2001)

Available on CCO

Child of 12.0S with some platform specific features.



Platforms

4x00, 3600, 2600 and 2500 series

Recommended release is the 12.0 mainline train

Current version is 12.0(16)

Has many of the features found in 11.1CC, 11.2P and 11.3T

Available on CCO


IOS Road MapIOS Road MapIOS Road Map

Future Direction

12.1E (OSR, 12.1E (OSR, CAt6K, 7X00)CAt6K, 7X00)

12.0S (12XXX, 12.0S (12XXX, 7500, 7200)7500, 7200)

12.2S (12XXX, 12.2S (12XXX, 10XXX, & 7XXX)10XXX, & 7XXX)

12.0ST (GSR, 12.0ST (GSR, 7500, 7200, 10K)7500, 7200, 10K)

It will be approx one year from the launch of 12.2S before ISPs start

considering a move.

12.1E is transitioning to support similar to 12.0S


Cisco IOS Feature NavigatorCisco IOS Feature NavigatorCisco IOS Feature Navigator

http://www.cisco.com/go/fn/


IOS Software and Router Management

IOS Software and IOS Software and Router ManagementRouter Management

20Presentation_ID 1999, Cisco Systems, Inc. www.cisco.com


IOS Software ManagementFlash Memory

IOS Software ManagementIOS Software ManagementFlash MemoryFlash Memory

Good practice is to have at least two distinct flash memory volumes allows backup image(s)

back out path in case of upgrade problems

Partition the built-in flash partition flash 2 8 8

Install a PCMCIA flash card in external slot(s) - 20Meg flash cards are worth it.


IOS Software ManagementFlash Memory

IOS Software ManagementIOS Software ManagementFlash MemoryFlash Memory

Ensure that there is a configured backup to selected IOS image backup image is previous good image

boot system flash slot0:rsp-pv-mz.120-10.S

boot system flash slot1:rsp-pv-mz.111-32.CC

boot system flash

which means boot quoted image from slot0:. If it isnt there, boot the quoted image in slot1:. If that isnt there, try the first image available in flash


IOS Software ManagementSystem Memory

IOS Software ManagementIOS Software ManagementSystem MemorySystem Memory

Good practice is to maximise router memory allows for the rapidly growing Internet

128Mbytes needed for full Internet routing table will (just) work with 64Mbytes, but BGP

inefficient

Recognised that equipment works best when left alone


IOS Software ManagementWhen to Upgrade

IOS Software ManagementIOS Software ManagementWhen to UpgradeWhen to Upgrade

Upgrades needed when: bug fixes released

new hardware support

new software features required

Otherwise:

If it isnt broken, dont fix it!


Digression - LoopbackInterface

Digression Digression -- LoopbackLoopbackInterfaceInterface

Most ISPs make use of the router loopback interface.

IP address configured is a host address

Configuration example:

interface loopback 0

description Loopback Interface of CORE-GW3

ip address 215.18.3.34 255.255.255.255




Loopback interfaces on ISP backbone usually numbered: out of one contiguous block, or

using a geographical scheme, or

using a per PoP scheme

Aim is to increase stability, aid administration, and improve security


TFTPTFTP

NOC ServicesBackboneBackbone

Topology changes do not effect the source IP address of the packets

coming from the Router.

Topology changes do not effect the source IP address of the packets

coming from the Router.



SYSLOGSYSLOG

TACACS+TACACS+SNMPSNMP

Router w/LoopbackExporting

Information

TCP Wrapper

TCP Wrapper

ACLs




Loopback interface is not redundant or superfluous

Multitude of uses to ease security, access, management, information and scalability of router and network

Protects the ISPs Management Systems

Use the loopback!


Configuration ManagementConfiguration ManagementConfiguration Management

Backup NVRAM configuration off the router: write configuration to TFTP server

TFTP server files kept under revision control

router configuration built from master database

Allows rapid recovery in case of emergency


Secure the TFTP Server TFTP Loopback 0 on

Router

Firewall/ACL

Wrapper on TFTP Server which only allows the routers loopback address

Configuration ManagementConfiguration ManagementConfiguration Management

TFTPserver

TFTP Source

Loopback 0

Firewall or ACL

TCP Wrapper or other toolip tftp source-interface Loopback0ip tftp source-interface Loopback0


FTP Client SupportFTP Client SupportFTP Client Support

TFTP has its security limitations.

FTP Client support is added in 12.0. This allows for FTP upload/downloads.

Remember to use the same security/redundancy options with loopback 0: ip ftp source-interface loopback 0


FTP Client SupportFTP Client SupportFTP Client Support

7206-AboveNet-SJ2#copy ftp://bgreene:[email protected] slot0:

Source filename []? /cisco/ios/12.0/12.0.9S/7200/c7200-k3p-mz.120-9.S.bin

Destination filename [c7200-k3p-mz.120-9.S.bin]?

Accessing ftp://bgreene:[email protected] //cisco/ios/12.0/12.0.9S/7200/c7200-k3p-mz.120-9.S.bin...Translating "ftp.cisco.com"...domain server (207.126.96.162) [OK]

Loading /cisco/ios/12.0/12.0.9S/7200/c7200-k3p-mz.120-9.S.bin


Larger ConfigurationsLarger ConfigurationsLarger Configurations

Compress Configuration Used when configuration required is larger

than configuration memory (NVRAM) available.

service compress-config

FLASH or remote server Used when NVRAM compression is not

enough


Use Detailed LoggingUse Detailed LoggingUse Detailed Logging

Off load logging information to a logging server.

Use the full detailed logging features to keep exact details of the activities.

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezonelogging buffered 16384

logging trap debugging

logging facility local7logging 169.223.32.1

logging source-interface loopback0

no logging console ! Optional - keeps the console port free


Use Detailed LoggingUse Detailed Logging

unix% tail cisco.logFeb 17 21:48:26 [10.1.1.101.9.132] 31: *Mar 2 11:51:55 CST:

%SYS-5-CONFIG_I: Configured from console by vty0 (10.1.1.2)unix% date

Tue Feb 17 21:49:53 CST 1998unix%

Two Topologies used:

Central Syslog Servers in Operations Center

Syslog Servers in Major POPs


Network Time ProtocolNetwork Time ProtocolNetwork Time Protocol

If you want to cross compare logs, you need to synchronize the time on all the devices.

Use NTP From external time source

Upstream ISP, Internet, GPS, atomic clock

From internal time source

Router can act as stratum 1 time source



Set timezoneclock timezone [+/-hours [mins]]

Router as sourcentp master 1

External time source (master)ntp server a.b.c.d

External time source (equivalent)ntp peer e.f.g.h



Example Configuration:clock timezone SST 8ntp update-calendarntp source loopback0ntp server ntp peer

ntp peer



Network Time Protocol (NTP) used to synchronize the time on all the devices.

NTP packets leave router with loopback address as source

Configuration example:

ntp source loopback0ntp server 169.223.1.1 source loopback 1



Motivation - NTP Security:

NTP systems can be protected by filters which only allow the NTP port to be accessed from the loopback address block

Motivation - Easy to understand NTP peerings:

NTP associations have the loopbackaddress recorded as source address, not the egress interface.



Core BackboneRouters

POPInterconnect

Medium

NeighboringPOP

NeighboringPOP

DedicatedAccess Dial-up

POP Services&

Applications

Core 1 Core 2

SW 1 SW 2

Access 1 Access 2 NAS 1 NAS 2

AAAServer w/Radius

NetFlowCollector

andSyslogServer

CacheEngineCluster

NTP "Backbone" - Stratum 2

NTP in the POP - Stratum 3

NTPServers for

the POP

NTPServers for

the POP

NTP "Source" - Stratum 1Atomic or GPS Based

Customer's NTPStratum 4

Customer's NTPStratum 4

Dial-up SNTPStratum 4



Where to get NTP Reference Sources? http://www.eecis.udel.edu/~ntp/hardware.html

Attaching a Telecom Solutions GPS Clock to the Routers AUX port:

Excalabur(config)#line aux 0

Excalabur(config-line)#ntp refclock telecom-solutions pps ?

cts PPS on CTS

none No PPS signal available

ri PPS on RI


SNMPv1SNMPv1SNMPv1

Remove any SNMP commands if SNMP is not going to be used!

If SNMP is going to be used: access-list 98 permit 169.223.1.1 access-list 98 deny any snmp-server community 5nmc02m RO 98 snmp-server trap-source Loopback0 snmp-server trap-authentication snmp-server host 169.223.1.1 5nmc02m


SNMPv1SNMPv1SNMPv1

Recommend that all ISPs aggressively and consistently metric their network.

Despite SNMPv2 and SNMPv3, most ISPs are still using SNMPv1 (personal observation)

SNMPv3 supported since 12.0(6)S.


HTTP ServerHTTP ServerHTTP Server

HTTP Server in IOS from 11.1CC and 12.0S router configuration via web interface

Disable if not going to be used (disabled by default):no ip http server

Configure securely if going to be used:ip http serverip http port 8765ip http authentication aaa

ip http access-class


Core DumpsCore DumpsCore Dumps

Cisco routers have a core dump feature that will allow ISPs to transfer a copy of the core dump to a specific FTP server.

Set up a FTP account on the server the router will send the core dump to.

The server should NOT be a public server Use filters and secure accounts

Locate in NOC with NOC Staff access only

Enough Disk Space to handle the dumps


Core DumpsCore DumpsCore Dumps

Example configuration:ip ftp username cisco

ip ftp password 7 045802150C2E

ip ftp source-interface loopback 0

exception protocol ftp

exception dump 169.223.32.1


General FeaturesGeneral FeaturesGeneral Features

48ISP/IXP Workshops 1999, Cisco Systems, Inc. www.cisco.com


Command Line Interface Features

Command Line Interface Command Line Interface FeaturesFeatures

Some Convenient Editing Keys TAB command completion

arrow keys scroll history buffer

ctrl A beginning of line

ctrl E end of line

ctrl K delete all chars to end of line

ctrl X delete all chars to beginning of line

ctrl W delete word to left of cursor

esc B back one word

esc F forward one word




Example:Defiant#show running-config | begin router bgp

router bgp 200

no synchronization

neighbor 4.1.2.1 remote-as 300

neighbor 4.1.2.1 description Link to Excalabur

neighbor 4.1.2.1 send-community

neighbor 4.1.2.1 version 4

neighbor 4.1.2.1 soft-reconfiguration inbound

neighbor 4.1.2.1 route-map Community1 out

maximum-paths 2

--More--


Interface ConfigurationInterface ConfigurationInterface Configuration

ip unnumbered no need for an IP address on point-to-point links

keeps IGP small

description customer name, circuit id, cable number, etc

on-line documentation!

bandwidth used by IGP

documentation!


Interface Configuration -Example

Interface Configuration Interface Configuration --ExampleExample

ISP router!

interface loopback 0

description Loopback interface on GW2 Router

ip address 215.17.3.1 255.255.255.255

!

interface Serial 5/0

description 128K HDLC link to Galaxy Publications Ltd [galpub1] WT50314E R5-0

bandwidth 128

ip unnumbered loopback 0

!

ip route 215.34.10.0 255.255.252.0 Serial 5/0

Customer router!

interface Ethernet 0

description Galaxy Publications LAN

ip address 215.34.10.1 255.255.252.0

!

interface Serial 0

description 128K HDLC link to Galaxy Internet Inc WT50314E C0

bandwidth 128

ip unnumbered ethernet 0

!

ip route 0.0.0.0 0.0.0.0 Serial 0


Traffic DrivenTraffic Driven Stable traffic patterns Performance fluctuations Demand caching

Topology DrivenTopology Driven Dynamic environment Predictable, scaleable, performance Full topology forwarding

Deployed at Backbone Peripheryfor Network Services:

Traffic AccountingTraffic Accounting

QoSQoS PolicyPolicy

SecuritySecurity

NetFlowNetFlow ServicesServices

Deployed at Network Core for:PerformancePerformance

ScalabilityScalability

Quality of ServiceQuality of Service

Cisco Express ForwardingCisco Express Forwarding

Cisco Express Forwarding (CEF)

Cisco Express Forwarding Cisco Express Forwarding (CEF)(CEF)

Rationalechanging Internet traffic/topology dynamics required optimized L3 switching paradigm for IP:


What Is CEF?What Is CEF?What Is CEF?

CEF: Cisco Express Forwarding Better known as FIB

Designed to be simple, fastest forwarding path for IPv4 packets, for use in core internet routers, that is resilient to network flaps

Necessary move from demand cashe based forwarding otherwise high bandwidth/PPS speed would not be achieved.

CEF has had a lot a teething issues along the way. Yet, other companies are moving down the same path.


What Is CEF?What Is CEF?What Is CEF?

This is a simple operational taste of CEF. Check out the detailed sessions:

PS-540 - Router and Switch Internal Architecture and Operation

PS-201 - Router Internals and IOS Operations


New TerminologyNew TerminologyNew Terminology

Routing Information Base (RIB)Generated by each routing protocol

Forwarding Information Base (FIB)Network layer routing information

New Term used to describe the Forwarding Table

Adjacency Table (Adj) Next hop link layer information

Distributed FIBFIB push out to the Line Cards on a router so that forwarding can be done locally on each line card.


Routing Tables (RIB) Feeds Routing Tables (RIB) Feeds the Forwarding Table (FIB)the Forwarding Table (FIB)

BGP 4 Routing Table(RIB)

OSPF - Link State Database(RIB)

Static Routes

Forw

ard

Info

rmat

ion

Bas

e o

n R

P

Connected Interfaces

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC


FIBs MTRIE Data StructureFIBsFIBs MTRIE Data StructureMTRIE Data Structure

mm--nodenode is an internal node containing an array of M child is an internal node containing an array of M child links.links.

A A child linkchild link points to another mpoints to another m--node, a leaf (FIB), or Null.node, a leaf (FIB), or Null. A A leaf (cached)leaf (cached), bottom of tree, points to a , bottom of tree, points to a FIBFIB..

M-node

Leaf

Leaf

LeafLeaf

Leaf

Leaf Leaf

Leaf Leaf

Child Link

Leaf

ROOT

10.0.0.0

192.5.0.0 192.8.0.0

192.8.2.0

192.8.2.0 192.8.2.128

192.0.0.0

54.10.4.054.10.1.0

54.10.0.0

54.0.0.0

10.1.1.1

10.10.5.010.1.1.0

10.1.0.0 10.10.0.0


MTRIE StructuresMTRIE StructuresMTRIE Structures

8-8-8-8 used by generic IOS

16-8-8 used by the GSR Engine 4

10-9-5-8 used by the ESR (Omega)

11-8-5-8 used by ESR (Pulsar)


MTRIE Data Structure Effect PPS Performance

MTRIE Data Structure Effect MTRIE Data Structure Effect PPS PerformancePPS Performance

Route Lookup Performance

0.0%

10.0%

20.0%

30.0%

40.0%

50.0%

60.0%

70.0%

80.0%

90.0%

13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

Prefix Length (bits)

Per

cen

t o

f L

ine

Rat

e fo

r 64

byt

e p

acke

ts

8-1-1-1-1-1-1...16-8-8

The Internet Today

The Internet Today

Vendors MarketingCollateral

Vendors MarketingCollateral


CEF Defaults in 12.0SCEF Defaults in 12.0SCEF Defaults in 12.0S

On this platform... The default is...

Cisco 7000 series equipped withRSP7000

CEF is not enabled.

Cisco 7200 series CEF is not enabled.

Cisco 7500 series CEF is enabled.

Cisco 12000 series Gigabit SwitchRouter

Distributed CEF is enabled.

7500 with VIP2/4 Cards should have ip cef distributed turned on!

7200 should have ip cef turned on!

Remember the memory requirements on the line/VIP cards


CEF Based FeaturesCEF Based FeaturesCEF Based Features

CEF Based Features are defined as functions that use the FIBs MTRIE as a core foundation of their function. Stores information in the the FIBs Leaf.

Why use store it in the FIB? Consistent look-ups (4 steps in a 8-8-8-8

MTRIE)

Per prefix information.

Update of the information via a routing protocol.


Current FIB Entries added to the Leaf (not in all hardware):

Precedence = Values 0-7 for use in QOS Features

QOS-Group = Values 0-99 for use in QOS Features

WCCP-Tag = Values 0-99 for use with WCCP

Traffic-Index = Values 0-7 for use in with BGP Policy Accounting

ROOT

10.0.0.0

struct fibtype_ :struct fibtype_ :PrecedencePrecedence

QOS_GroupQOS_GroupWCCP_TAGWCCP_TAG

Traffic_IndexTraffic_Index

10.1.1.1

10.10.5.010.1.1.0

10.1.0.0 10.10.0.0

FIB Entries or (also called items added

to the struct fibtype_ ; in the leaf)are used to distribute policy through the network via BGP and the table-mapcommand. They are used for Security, Accounting, QOS, and any other service/feature the customer dreams up. The values are obtained via CEFs MTRE look-up.

FIB EntriesFIB EntriesFIB Entries


Fib Entries in the LeafFib Entries in the LeafFib Entries in the Leafstruct fibtype_ {

mtrie_leaf mtrie_info; /* Mtrie crap */

adjacency *fastadj; /* Cache adj when no load sharing */

loadinfotype *loadinfo; /* Load sharing information */

ulonglong packets; /* Packets switched */

ulonglong bytes; /* Bytes switched */

void *fasttag_rew; /* tag rewrite when no load sharing */

ushort origin_as; /* Autonomous System */

uchar mask_bits; /* Number of bits on in the net mask */

uchar precedence; /* precedence for pkts to this dest */

uchar flags; /* see below */

uchar next_index; /* index of next path to use */

uchar count; /* number of paths */

uchar qos_group; /* qos group for pkts to this source or dest */

tag_info *tag_info; /* Tag information for this prefix */

ulong version; /* FIB entry version number */

uchar *hwleaf;

uchar wccp_tag; /* WCCP service */

uchar traffic_index; /* Traffic Group for acct purposes */

uchar dummy1;

fib_path path[0]; /* Possible paths */

};




OSPF - Link State Database(RIB)

Static Routes

Forw

ard

Info

rmat

ion

Bas

e o

n R

P

Connected Interfaces

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC

dFIBdFIB

on LCon LC




ROOT

10.0.0.0

struct fibtype_ :struct fibtype_ :PrecedencePrecedence

QOS_GroupQOS_GroupWCCP_TAGWCCP_TAG

Traffic_IndexTraffic_Index

10.1.1.1

10.10.5.010.1.1.0

10.1.0.0 10.10.0.0Table-map command

updates FIB Entry

Route Map set

value


What Problem are We Solving?

What Problem are We What Problem are We Solving?Solving?

NOC

Peer B

Peer AIXP-W

IXP-E

Upstream A

Upstream A

Upstream BUpstream B

POP

Target

A

B C

D

E

FG

Central Device uses a

network protocol to distribute

policy across the network.


FIB Entry Based Features Today

FIB Entry Based Features FIB Entry Based Features TodayToday

CAR with QOS_IDMarketing name is Quality Policy

Propagation with BGP

WCCPv2 with WCCP_Tag

BGP Policy Accounting with Traffic_Index


Destination

Sources

CEF Load-SharingCEF LoadCEF Load--SharingSharing

Per packet and enhanced per destination Enhanced per destination is based on source and

destination IP addresses Each destination flow takes a single, separate path Reduces need for per packet load-sharing


AS 100 AS 101

AS 102

DMZ NetworkAA

BB

FF

DD

EE

CC

AA

CEF AccountingCEF AccountingCEF Accounting

Per prefix Per adjacency Per DMZ nexthop

accounting


NetflowNetflowNetflow

Providers network administrators with packet flow information

Allows: Security monitoring

Network management and planning

Customer billing

Traffic flow analysis

Available from 11.1CC for 7x00 and 12.0 for remaining router platforms


NetFlow InfrastructureNetFlow InfrastructureNetFlow Infrastructure

Network Data Analyzer: Data Presentation

NFC Control and Configuration

Partner Applications

NetFlowAccounting: Data Switching

Data Export

Data Aggregation

NetFlowFlowCollector: Data Collection

Data Filtering

Data Aggregation

Data Storage

File System Management

RMON ProbeRMON Probe

Accounting/Billing

Network Planning


Netflow - Capacity PlanningNetflow Netflow -- Capacity PlanningCapacity Planning

Public Routers 1 , 2, 3 Month of September Outbound Traffic 1% 1% 1%1% 1% 1%1% 1%1% 1% 2%

4%

6%

8%

8%

10%20%

32%

WEC WebTV ABSNET AOL Compuserve

SURAnet IBM OARNet NIH PacBell Internet Service

JHU C&W UMD AT&T BBN

Erols Digex Other


Source IP Address Destination IP Address Source IP Address Destination IP Address

Next Hop Address Source AS Number Dest. AS Number Source Prefix Mask Dest. Prefix Mask

Next Hop Address Source AS Number Dest. AS Number Source Prefix Mask Dest. Prefix Mask

Input Interface Port Output Interface Port Input Interface Port Output Interface Port

Type of Service TCP Flags Protocol

Type of Service TCP Flags Protocol

Packet Count Byte Count Packet Count Byte Count

Start Timestamp End Timestamp Start Timestamp End Timestamp

Source TCP/UDP Port Destination TCP/UDP Port Source TCP/UDP Port Destination TCP/UDP Port

Usage

QoS

Timeof Day

Application

RoutingandPeering

PortUtilization

From/To

NetFlow Data Record (V5)NetFlow Data Record (V5)NetFlow Data Record (V5)

Start Timestamp End Timestamp Call Duration

Start Timestamp End Timestamp Call Duration

Next Hop Address Lost Datagrams Next Hop Address Lost Datagrams

TimeStamp

Also available via RMONAvailable via Netflow only


Version 7 - Cat6k only In connection with MultiLayer switching (MLS)

Version 8, the aggregated version For reduction of data export from the router:

ProtocolPort , AS ,SourcePrefix, DestinationPrefix, Prefix ,TOS

Sampled GSR onlyFor speeds higher than OC-3 strongly recommended

New

Netflow format variationsNetflow format variationsNetflow format variations


IP packet

The Switching PathThe Switching PathThe Switching Path

Pkt

Buffer

Early

Feature

Lookup

ACL

Policy

WCCP

etc.

CEF+FLOW

CEF+Features

FAST

FAST+FLOW

CEF+VPN+

FLOW

Switching Vector Flow entry

Creation

Flow

Lookup

Engine Feature check

FIB

Late

Feature

Lookup

Qos

CAR

Crypto

Output

CEF

Packet Reference


Typical Netflow DeploymentTypical Netflow DeploymentTypical Netflow Deployment

Network CoreGSR

Network CoreGSR

Edge Aggregation7500/7200/6509 NFCNFC

Access DevicesHead End, MUX,

DSL/Wireless/Cable

Access DevicesHead End, MUX,

DSL/Wireless/Cable

BillingTraffic engineering

InterfaceTo apps


NetFlow Platform SupportNetFlow Platform SupportNetFlow Platform Support

*Support for NetFlow Export v1, v5, and v8 on 1600 and 2500 platforms is targeted for Cisco IOS software release 12.0(5)T. NetFlow support for these platforms will not be available in the Cisco IOS 12.0 mainline release.

Cisco IOS Software Release Version

Supported NetFlow Export Version(s) Supported Cisco Hardware Platforms

11.1CA, 11.1CC11.2, 11.2P11.2P11.3, 11.3T12.0

12.0T12.0S12.0(3)T and later12.0(3)S and later

12.04XEN/A

12.0(6)S

11.1CA, 11.1CC11.2, 11.2P11.2P11.3, 11.3T12.0

12.0T12.0S12.0(3)T and later12.0(3)S and later

12.04XEN/A

12.0(6)S

v1, v5v1v1v1v1, v5

v1, v5

v1, v5, v8

v1, v5, v8v7

v8

v1, v5v1v1v1v1, v5

v1, v5

v1, v5, v8

v1, v5, v8v7

v8

7200, 7500, RSP70007200, 7500, RSP7000Route Switch Module (RSM), 11.2(10)P and later7200, 7500, RSP70001720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM1720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM, MGX 8800 RPM, BPX 86001400*, 1600*, 1720, 2500*,2600, 3600, 4500, 4700, AS5800, AS5300**, 7200, uBR7200, 7500, RSP7000, RSM, MGX8800 RPM, BPX 86507100Catalyst 5K NetFlow Feature Card (NFFC)Catalyst 6K with MSFC card12000

7200, 7500, RSP70007200, 7500, RSP7000Route Switch Module (RSM), 11.2(10)P and later7200, 7500, RSP70001720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM1720, 2600, 3600, 4500, 4700, AS5800, 7200, uBR7200, 7500, RSP7000, RSM, MGX 8800 RPM, BPX 86001400*, 1600*, 1720, 2500*,2600, 3600, 4500, 4700, AS5800, AS5300**, 7200, uBR7200, 7500, RSP7000, RSM, MGX8800 RPM, BPX 86507100Catalyst 5K NetFlow Feature Card (NFFC)Catalyst 6K with MSFC card12000

**Support for NetFlow Export v1, v5, and v8 on AS5300 platform is targeted for Cisco IOS software release 12.0(7)XR.



Configuration example:interface serial 5/0ip route-cache flow

If CEF not configured, Netflow enhances existing switching path (i.e. optimum switching)

If CEF configured, Netflow becomes a flow information gatherer and feature acceleration tool



Information export: router to collector systemip flow-export version 5 [origin-as|peer-as]ip flow-export destination x.x.x.x

Flow aggregation (new in 12.0S): router sends aggregate records to collector

systemip flow-aggregation cache as|prefix|dest|source|proto

enabledexport destination x.x.x.x


Port-Protocol

Src-Prefix

Dst- Prefix

Prefix-Matrix

AS- Matrix

Aggregation SchemesAggregation SchemesAggregation Schemes

Netflow Main Cache(128k RAM)

Flow Entries

Agg Scheme CacheUDP

RouterBased

AggregationEnabled

Export buffer

Flow ExpiredCache FullTimer expired


Netflow - Simple Traffic Engineering

Netflow Netflow -- Simple Traffic Simple Traffic EngineeringEngineering

Sample Output on router:Beta-7200-2>sh ip cache flowIP packet size distribution (17093 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480.000 .735 .088 .054 .000 .000 .008 .046 .054 .000 .009 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 1257536 bytes3 active, 15549 inactive, 12992 added210043 ager polls, 0 flow alloc failureslast clearing of statistics never

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)-------- Flows /Sec /Flow /Pkt /Sec /Flow /FlowTCP-Telnet 35 0.0 80 41 0.0 14.5 12.7UDP-DNS 20 0.0 1 67 0.0 0.0 15.3UDP-NTP 1223 0.0 1 76 0.0 0.0 15.5UDP-other 11709 0.0 1 87 0.0 0.1 15.5ICMP 2 0.0 1 56 0.0 0.0 15.2Total: 12989 0.0 1 78 0.0 0.1 15.4

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP PktsEt1/1 144.254.153.10 Null 144.254.153.127 11 008A 008A 1 Et1/1 144.254.153.112 Null 255.255.255.255 11 0208 0208 1 Et1/1 144.254.153.50 Local 144.254.153.51 06 701D 0017 63


NetFlow Accelerates NetFlow Policy Routing

(NPR)

Router-based network data encryption

Access Control Lists (ACL)

RSVP

IP Accounting

Netflow Feature AccelerationNetflow Feature AccelerationNetflow Feature Acceleration

Network Address Translation (NAT)

Committed Access Rate (CAR)

Web Cache Control Protocol (WCCP)

MultiNode Load Balancing (MNLB) (not in 12.0S)

Availability of such acceleration will be announced on a feature-by-feature basis

ip flow-cache feature-accelerate


IP Switching Path - Hidden Commands

IP Switching Path IP Switching Path -- Hidden Hidden CommandsCommands

show interface switching

show interface switching

show interface stat

show interface stat


Using DNSUsing DNSUsing DNS

Map names to addresses

Descriptive namesip domain-nameip name-server

Sample trace through network:4:Received echo from sj-wall-2.cisco.com [198.92.1.138] in 440 msec.5:Received echo from barrnet-gw.cisco.com [192.31.7.37] in 335 msec.

6:Received echo from paloalto-cr1.bbnplanet.net [131.119.26.9] in 335 msec.7:Received echo from paloalto-br2.bbnplanet.net [131.119.0.194] in 327 msec.

8:Received echo from core6-hssi6-0.SanFrancisco.mci.net [206.157.77.21] in 468 msec.9:Received echo from bordercore1-loopback.Washington.mci.net [166.48.36.1] in 454 msec.

10:Received 48 bytes from www.getit.org [199.233.200.55] in 466 msec


Turn on NagleTurn on NagleTurn on Nagle

Telnet was designed to do one character, one packet dialog.

John Nagle's algorithm (RFC 896) helps alleviate the small-packet problem in TCP. service nagle

Lessens the load on the CPU when using show XXXX commands


IP MAC accountingIP MAC accounting

Calculate total packet counts and byte counts for a LAN interface which receives/sends IP packets from/to each unique MAC address

Record a timestamp for the last packet received/sent for each unique MAC address

Available only on ethernet, FastEthernet and FDDI

Available from 11.1(19)CC


IP MAC AccountingIP MAC Accounting

Use command ip accounting mac{input | output} to enable

show interface mac

Example:Ethernet0/1/3

Input (511 free)0000.0c04.7ad5(167): 9 packets, 1026 bytes, last: 20512ms ago

Total: 9 packets, 1026 bytesOutput (510 free)

ffff.ffff.ffff(0 ): 16 packets, 960 bytes, last: 58108ms ago0000.0c04.7ad5(167): 9 packets, 1026 bytes, last: 21060ms ago

Total: 25 packets, 1986 bytes


IP MAC accounting IP MAC accounting -- the fine the fine printprint

Fast Ether Channel supported

512 mac address per interface per direction(input or output)

Support fast/optimum/flow/CEF switching


IP Precedence AccountingIP Precedence Accounting

Calculate the total packet counts and byte counts for an interface which receives/sends IP packets, and sorts out the results based on different IP precedence

8 precedence levels

Supported on any interface and sub-interface

Switching mode supported: CEF/DCEF/Flow/Optimum


IP Precedence AccountingIP Precedence Accounting

Use command ip accounting precedence{input | output} to enable

show interface precedence

Example:Ethernet0/1/3

InputPrecedence 0: 9 packets, 1026 bytes

OutputPrecedence 0: 9 packets, 1026 bytesPrecedence 6: 16 packets, 960 bytes


Command SummaryCommand SummaryCommand Summary

Global Commandsip cef (-distributed)ip cef accounting [per-prefix] [non-recursive]ip flow-cache feature-accelerateip domain-nameip name-serverservice nagle

Interface Commandsdescription

bandwidth

ip load-sharing [per-packet] [per-destination]

ip route-cache flow

Documents

ISP Essentials 1 General Rev4