Network Documentation

Step 1 - Determine What Types of Data to Collect

When conducting the initial baseline, start by selecting a few variables that represent the
defined policies.
If too many data points are selected, the amount of data can be overwhelming, making
analysis of the collected data difficult.
Start out simply and fine-tune along the way.
Some good starting variables are interface utilization and CPU utilization
Network Documentation
Step 2 - Identify Devices and Ports of Interest
A logical network topology can be useful in
identifying key devices and ports to monitor.
As shown in the sample topology, the
devices and ports of interest include:
• PC1 (the Admin terminal)
• Two servers (i.e., Srv1 and Svr2)
• Router interfaces
• Key ports on switches
Troubleshooting Process
Seven-Step Troubleshooting Process
The figure displays a more detailed seven step
troubleshooting process.
Steps Description
Define the Problem • Verify that there is a problem and then properly define what the
problem is.
Gather Information • Targets (i.e., hosts, devices) are identified, accessed, and information
gathered.
Analyze Information • Identify possible causes using network documentation, network
baselines, knowledge bases, and peers.
Eliminate Possible
Causes • Progressively eliminate possible causes to eventually identify the most probable
cause.
Propose Hypothesis • When the most probable cause has been identified, a solution must be
formulated.
Test Hypothesis • Assess the urgency of the problem, create a rollback plan, implement the
solution, and verify outcome.
Solve the Problem • When solved, inform all involved and document the cause and solution
to help solve future problems.

Network Documentation
Documentation Overview
Accurate and complete network documentation is required to effectively monitor and
troubleshoot networks.
Common network documentation includes the following:
• Physical and logical network topology diagrams
• Network device documentation that records all pertinent device information
• Network performance baseline documentation
All network documentation should be kept in a single location and backup documentation
should be maintained and kept in a separate location
Troubleshooting IP Connectivity
Components of Troubleshooting End-to-End Connectivity
Bottom-up approach steps when there is no end-to-end connectivity are as follows:
1. Check physical connectivity at the point where network communication stops.
2. Check for duplex mismatches.
3. Check data link and network layer addressing on the local network.
4. Verify that the default gateway is correct.
5. Ensure that devices are determining the correct path from the source to the
destination.
6. Verify the transport layer is functioning properly.
7. Verify that there are no ACLs blocking traffic.
8. Ensure that DNS settings are correct.
Troubleshooting Process
Structured Troubleshooting Methods
Different troubleshooting approaches that can be used include the following.
Troubleshooting
Approach Description
Bottom-Up • Good approach to use when the problem is suspected to be a physical one.
Top-Down • Use this approach for simpler problems, or when you think the problem is with
a piece of software.
Divide-and-Conquer • Start at a middle layer (i.e, Layer 3) and tests in both directions from
that layer.
Follow-the-Path • Used to discover the actual traffic path from source to destination to
reduce the scope of troubleshooting.
Substitution • You physically swap a suspected problematic device with a known, working
one.
Comparison • Attempts to resolve the problem by comparing a nonoperational element with
the working one.
Educated guess • Success of this method varies based on your troubleshooting experience
and ability
Symptoms and Causes of Network Problems
Physical Layer Troubleshooting
The table lists common symptoms of physical layer network problems.
Symptom Description
Performance lower
than baseline
• Requires previous baselines for comparison.
• The most common reasons include overloaded or underpowered servers, unsuitable switch
or router
configurations, traffic congestion on a low-capacity link, and chronic frame loss.
Loss of connectivity
• Loss of connectivity could be due to a failed or disconnected cable.
• Can be verified using a simple ping test.
• Intermittent connectivity loss can indicate a loose or oxidized connection.
Network bottlenecks
or congestion
• If a route fails, routing protocols could redirect traffic to sub-optimal routes.
• This can result in congestion or bottlenecks in parts of the network.
High CPU utilization
rates
• High CPU utilization rates indicates that a device is operating at or exceeding its design
limits.
• If not addressed quickly, CPU overloading can cause a device to shut down or fail.
Console error
messages
• Error messages reported on the device console could indicate a physical layer problem.
• Console messages should be logged to a central syslog server.
Symptoms and Causes of Network Problems
Data Link Layer Troubleshooting
The table lists common symptoms of data link layer network problems.
Symptom Description
No functionality or connectivity
at the network layer or above
Some Layer 2 problems can stop the exchange of frames across a link, while others only
cause network performance to degrade.
Network is operating below
baseline performance levels
• Frames can take a suboptimal path to their destination but still arrive causing the network
to experience unexpected high-bandwidth usage on links.
• An extended or continuous ping can help reveal if frames are being dropped.
Excessive broadcasts
• Operating systems use broadcasts and multicasts extensively.
• Generally, excessive broadcasts are the result of a poorly programmed or configured
applications, a large Layer 2 broadcast domains, or an underlying network problems .
Console messages
• Routers send messages when it detects a problem with interpreting incoming frames
(encapsulation or framing problems) or when keepalives are expected but do not arrive.
• The most common console message that indicates a Layer 2 problem is a line protocol
down message
Symptoms and Causes of Network Problems
Network Layer Troubleshooting (Cont.)
The table lists common symptoms of network layer network problems.
Problem Cause Description
General network issues
•Often a change in the topology may unknowingly have effects on other areas
of the network.
•Determine whether anything in the network has recently changed, and if
there is anyone currently working on the network infrastructure.
Connectivity issues
Check for any equipment and connectivity problems, including power
problems, environmental problems, and Layer 1 problems, such as cabling
problems, bad ports, and ISP problems.
Routing table Check the routing table for anything unexpected, such as missing routes or
unexpected routes.
Neighbor issues Check to see if there are any problems with the routers forming neighbor
adjacencies.
Topology database Check the table for anything unexpected, such as missing entries or
unexpected entries.
Transport Layer Troubleshooting - ACLs
The table lists areas where ACL misconfigurations commonly occur.
Misconfigurations Description
Selection of traffic flow An ACL must be applied to the correct interface in the correct
traffic direction.
Order of access control entries The entries in an ACL should be from specific to general.
Implicit deny any The implicit ACE can be the cause of an ACL misconfiguration.
Addresses and IPv4 wildcard masks Complex IPv4 wildcard masks are more efficient, but
are more subject to
configuration errors.
Selection of transport layer protocol It is important that only the correct transport layer
protocol be specified in an ACE.
Source and destination ports Ensuring that the correct inbound and outbound ports are
specified in an ACE
Use of the established keyword The established keyword applied incorrectly, can provide
unexpected results.
Uncommon protocols Misconfigured ACLs often cause problems for protocols other than
TCP and UDP

Transport Layer Troubleshooting - NAT for

IPv4
The table lists common interoperability areas with NAT.
Symptom Description
BOOTP and DHCP
• The DHCP-Request packet has a source IPv4 address of 0.0.0.0.
• However, NAT requires both a valid destination and source IPv4 address,
therefore, BOOTP and DHCP can have difficulty operating over a router running
either static or dynamic NAT.
• Configuring the IPv4 helper feature can help solve this problem.
DNS
• A DNS server outside the NAT router does not have an accurate representation of
the network inside the router.
• Configuring the IPv4 helper feature can help solve this problem.
SNMP
• An SNMP management station on one side of a NAT router may not be able to
contact SNMP agents on the other side of the NAT router.
• Configuring the IPv4 helper feature can help solve this problem.
Tunneling and encryption protocols
Encryption and tunneling protocols often require that traffic be sourced from a
specific UDP or TCP port, or use a protocol at the transport layer that cannot be
processed by NAT