LMTV Routing Audit

© 2015, The Technology Firm www.thetechfirm.com

Ever Hear About a Routing Audit?

Tony Fortunato, Sr Network Performance Specialist

© 2015, The Technology Firm WWW.THETECHFIRM.COM

Why Audit Your Routing?? This is one of those tests that gets me those sarcastic, "Why" and “Huh” stares.

I usually hear the following comments; “why bother, everything is obviously working” or “We aren’t getting any complaints about that”.

2


Methodology

Let me walk you through how this typically unfolds; after reviewing the network diagram, or creating one with post-it notes, I sit down with the client to determine how many hops it should take to get from one host to another and which path packets should take. As long as ICMP isn't blocked, a simple traceroute from a client computer will do. In some other examples, we perform a traceroute since some network devices can provide additional diagnostics with its results.

3


Methodology If ICMP is blocked you can simply capture a packet from a device on the far end of

the network and look at its IP TTL.

As long as you know what it was when it started, the math is simple.

4

Then you can simply create a one way filter and display the TTL as a column in Wireshark and see if it changes


Note Routing is usually taken for granted in the sense that if you are getting there,

obviously it must be working. I am not trying to prove if its working, I’m trying to determine how WELL it is working.

Let face it, in the past 10 years or so things don’t break as they did in the 90’s, but things sure slow down.

In the past, I have uncovered routing loops, multiple routes and extra hops. The important thing to keep in mind when going through this exercise and you discover something odd, step back perform multiple tests and truly understand why it is happening. Create a plan for your proposed change and a backup. Lastly don’t forget to test to ensure your changes had the intended impact.

5


Some Causes Of Routing Issues Improperly configured routing protocols

Failure to understand how automatic routing values are calculated

Mixing multiple router protocols on the same interface

Not defining passive interfaces

Unstable network environments

Evolving network changes not being monitored

Blindly adding IPV6 to an existing environment

The effect of ip port forwarding, ip helper addresses or DHCP relay

Legacy routing protocols not cleaned up or maintained

Implementation of Service Level monitoring that changes routes

Deploying multicast and not monitoring its impact.

Adding router interfaces with faster interface speeds

6


Don’t forget … Routing tests should be performed form any device that supports routing or devices

with multiple interfaces.

For example:• Servers• Access points with multiple ip subnets• Layer 3 switches• Firewalls• Routers• Pc’s with Ethernet and wifi that are both enabled

7


After your testing If you find any anomalies, you can address, tune and please retest.

After you are satisfied with your routing audit, you should determine how often it should be performed and if there are any way to automate or test the path.

In some cases a simple batch file redirecting the output to a file is good enough. i.e tracert www.thetechfirm.com > thetecfirm_trcrt.txt

Check with your vendor documentation since some devices have the ability to report changes. For example Cisco has “eigrp log-neighbor-changes” and “og-adjacency-changes” for OSPF

With other devices you may find logs that record any routing changes, or even the ability to send a SNMP trap to your network management application.

8

© 2015, The Technology Firm www.thetechfirm.com

Ever Hear About a Routing Audit?

Thanks for watching

Tony Fortunato, Sr Network Performance Specialist

Internet

LMTV Routing Audit