Upload
tony-fortunato
View
39
Download
0
Embed Size (px)
Citation preview
© 2015, The Technology Firm www.thetechfirm.com
Ever Hear About a Routing Audit?
Tony Fortunato, Sr Network Performance Specialist
© 2015, The Technology Firm WWW.THETECHFIRM.COM
Why Audit Your Routing?? This is one of those tests that gets me those sarcastic, "Why" and “Huh” stares.
I usually hear the following comments; “why bother, everything is obviously working” or “We aren’t getting any complaints about that”.
2
© 2015, The Technology Firm WWW.THETECHFIRM.COM
Methodology
Let me walk you through how this typically unfolds; after reviewing the network diagram, or creating one with post-it notes, I sit down with the client to determine how many hops it should take to get from one host to another and which path packets should take. As long as ICMP isn't blocked, a simple traceroute from a client computer will do. In some other examples, we perform a traceroute since some network devices can provide additional diagnostics with its results.
3
© 2015, The Technology Firm WWW.THETECHFIRM.COM
Methodology If ICMP is blocked you can simply capture a packet from a device on the far end of
the network and look at its IP TTL.
As long as you know what it was when it started, the math is simple.
4
Then you can simply create a one way filter and display the TTL as a column in Wireshark and see if it changes
© 2015, The Technology Firm WWW.THETECHFIRM.COM
Note Routing is usually taken for granted in the sense that if you are getting there,
obviously it must be working. I am not trying to prove if its working, I’m trying to determine how WELL it is working.
Let face it, in the past 10 years or so things don’t break as they did in the 90’s, but things sure slow down.
In the past, I have uncovered routing loops, multiple routes and extra hops. The important thing to keep in mind when going through this exercise and you discover something odd, step back perform multiple tests and truly understand why it is happening. Create a plan for your proposed change and a backup. Lastly don’t forget to test to ensure your changes had the intended impact.
5
© 2015, The Technology Firm WWW.THETECHFIRM.COM
Some Causes Of Routing Issues Improperly configured routing protocols
Failure to understand how automatic routing values are calculated
Mixing multiple router protocols on the same interface
Not defining passive interfaces
Unstable network environments
Evolving network changes not being monitored
Blindly adding IPV6 to an existing environment
The effect of ip port forwarding, ip helper addresses or DHCP relay
Legacy routing protocols not cleaned up or maintained
Implementation of Service Level monitoring that changes routes
Deploying multicast and not monitoring its impact.
Adding router interfaces with faster interface speeds
6
© 2015, The Technology Firm WWW.THETECHFIRM.COM
Don’t forget … Routing tests should be performed form any device that supports routing or devices
with multiple interfaces.
For example:• Servers• Access points with multiple ip subnets• Layer 3 switches• Firewalls• Routers• Pc’s with Ethernet and wifi that are both enabled
7
© 2015, The Technology Firm WWW.THETECHFIRM.COM
After your testing If you find any anomalies, you can address, tune and please retest.
After you are satisfied with your routing audit, you should determine how often it should be performed and if there are any way to automate or test the path.
In some cases a simple batch file redirecting the output to a file is good enough. i.e tracert www.thetechfirm.com > thetecfirm_trcrt.txt
Check with your vendor documentation since some devices have the ability to report changes. For example Cisco has “eigrp log-neighbor-changes” and “og-adjacency-changes” for OSPF
With other devices you may find logs that record any routing changes, or even the ability to send a SNMP trap to your network management application.
8
© 2015, The Technology Firm www.thetechfirm.com
Ever Hear About a Routing Audit?
Thanks for watching
Tony Fortunato, Sr Network Performance Specialist