Hewlett Packard · 2015-04-16 · 3) The router receives the ARP request on port 1. It responds with its MAC Address on port 1. 4) Host A receives the ARP reply and adds a line to

1

2

3

A network model is a vendor neutral blueprint that defines how the components of a network should operate. These documents define protocols and standards which help ensure compatibility across networking software and hardware. By using an open network model rather than proprietary standards, you can go out to the store and buy a network device such as a switch and be relatively certain that you can plug it in to your network and it’s going to work with the other devices on your network.

The network model used in contemporary networks is the TCP/IP model. TCP/IP was created by a group of researchers at various universities working on a DoD contract. The original TCP/IP model consisted of 4 layers: Application, Transport, Internet, and Network Interface. This has been updated to split the network interface layer into the Data Link and Physical layers, and Layer 3 is now called the Network Layer.

It’s also common to refer to the OSI (Open Systems Interconnect) model which was created by ISO (International Organization for Standardization). Both models are usually included in networking exams and you’ll hear terminology from both but the model used in today’s networks is TCP/IP.

4

Here is a comparison of the OSI and TCP/IP network models, examples of protocols at each layer, and the devices that use them.

5

Each layer of the TCP/IP architecture provides a service to the next layer. This is known as adjacent layer communication.

Application - Create and encapsulate the application data and includes any required application layer headers. Ex. HTTPTransport – Takes the data from the Application layer and adds a transport layer header. Typically TCP/UDP.Network – Adds a Network Layer header to the Transport Layer data. IP defines the network address. Data Link – Encapsulates the data from the Network Layer with a L2 header and trailer. Physical - Transmits the bits on the physical medium.

The receiving device processes the data back up the stack to the application.

6

Here is a representation of encapsulation at Layers 2, 3, and 4. Notice that the layer 2 frame also includes a trailer for the FCS.

7

A broadcast frame uses a destination address of ff:ff:ff:ff:ff:ff at layer 2 and either the network broadcast address or broadcast address 255.255.255.255 at layer 3.

These frames are forwarded by a switch out all interfaces except the one on which it was received. This is also true for unknown unicast frames and multicast frames when IGMP is not enabled.

A switch forwards unicast frames out the port connected to the device with the correct destination MAC Address.

8

A hub is essentially a multi-port repeater. Hubs forward frames out every interface except the one on which it was received. A hub is a shared medium where all ports belong to the same collision domain. Only one device can send a frame at any given point in time and when devices send frames at the same time it can result in a collision. In the event of a collision, carrier sense multiple access with collision detection (CSMA/CD) is used to resolve the collision. Each device backs off for a random period of time and then retransmits the frame. As more devices are connected to the same collision domain, collisions become more likely. It is also important to remember that hubs operate in half-duplex mode, meaning a device can only transmit or receive frames at a given time.

9

Unlike a hub, network switches have memory and maintain a list of known devices connected to each port in order to make intelligent forwarding decisions. This list is the MAC Address Table. When a switch receives a packet on a port, it adds the source MAC Address to the MAC table.

Each port on a switch is a separate collision domain and supports full duplex operation (edge devices are able to send and receive traffic simultaneously).

Switches can support features such as VLANs, port trunking (link aggregation), access-lists, and layer 3 switches can function as routers providing services such as static and dynamic routing.

10

A router is connected to multiple networks and routes the traffic between them.Routers make forwarding decisions based on the destination address in the Layer 3 header of the packet and checking against its routing table. The routing table is populated with directly connected networks, statically configured networks, as well as networks learned by way of dynamic routing protocols such as RIP or OSPF.

11

The MAC Address is a 48 bit address used by the Media Access Control (MAC) sublayer of the Data Link Layer of the TCP/IP model. A MAC Address can be represented in several ways with various delimiters which varies by the manufacturer and sometimes even the device platform. The MAC Address is unique to each device with the first 3 bytes representing the manufacturer’s Organizationally Unique Identifier and the last 3 bytes specific to the device interface. The MAC Address is used to make forwarding decisions by network switches at Layer 2.

12

13

14

15

16

17

18

19

20

21

Address Resolution Protocol is a mechanism for mapping IP Addresses to physical (MAC) addresses. If Host A needs to communicate with 192.168.1.2, it looks in its ARP cache to see if it already has an entry. If not, it sends a broadcast frame requesting the physical address associated with the IP 192.168.1.1. Host B replies with a unicast frame that includes its MAC Address. Host A adds the entry to its ARP cache and can proceed to communicate with Host B.

ARP is used by hosts and devices that function at Layer 3. A Layer 2 switch only uses ARP for management communication.

22

Here is an example network where 2 hosts are connected to a single layer 2 switch. Both PC’s are configured with static IPv4 settings including IP Addresses in the same 192.168.1.0 network with a 24 bit subnet mask (255.255.255.0).

If Host A needs to send traffic to Host B, the following steps occur:

1) Host A sends an ARP frame – “who has 192.168.1.2”. 2) The ARP frame is received by the switch and several things happen. The switch

adds the MAC Address for Host A to its forwarding (MAC) table. Since the destination IP Address of an ARP request is a broadcast MAC address (FF-FF-FF-FF-FF-FF) the switch forwards the frame out every port except the one where the frame was received.

3) Host B receives the ARP request and responds with its own MAC Address in a unicast ARP reply sent to Host A.

4) The switch receives the response and adds the MAC Address of Host B to its forwarding table. It forwards the frame back to Host A.

5) Host A associates the MAC Address of Host B with the IP Address 192.168.1.2 and adds that information to its ARP cache.

6) Host A is now able to send a unicast frame to Host B with the destination IP

23

Address in the layer 3 packet header and MAC Address in the layer 2 frame header.

Note that in the case of a duplicate IP Address, the MAC Address of the ARP reply that reaches the device that sent the request will be added to its ARP table (whether the device the correct one or not). Looking at the ARP cache is a good way to confirm whether there is a duplicate IP Address.

23

Here is an example of a basic layer 3 topology. Again, both PC’s are configured with static IPv4 settings including IP Addresses in the same 192.168.1.0 subnet with a 24 bit subnet mask (255.255.255.0). There is also a second network with 2 servers in a separate 192.168.2.0 network. The 2 networks are connected by a router with interfaces connected to each network. If Host A wants to request a web page from Server A, the following steps occur:

1) Host A determines that Server A does not belong to the same network based on its own IP Address and Subnet Mask, therefore Host A will need to send the traffic to its default gateway. Host A sends a broadcast ARP request for the gateway address 192.168.1.254.

2) Switch A receives the broadcast ARP and forwards it out every interfaces except the one where it was received.

3) The router receives the ARP request on port 1. It responds with its MAC Address on port 1.

4) Host A receives the ARP reply and adds a line to its ARP cache associating the MAC Address ABABAB-111111 with the gateway address 192.168.1.254.

5) Now host A can send the request for the web page to the destination IP Address of Server A and the destination MAC Address of its default gateway. Switch A

24

already has the MAC Address of the gateway in its forwarding table and forwards the frame out port 24 to the gateway router.

6) The router receives the frame, and checks the destination IP Address in the layer 3 header against its routing table. The destination network is 192.168.2.0 which is a directly connected network. The router strips off the layer 2 header from the frame and replaces the source MAC Address with its own MAC Address on port 2 ABABAB-111112. It then forwards the frame out port 2 to Switch B.

7) Switch B checks the destination MAC Address against its forwarding table. If there is already an entry for the destination MAC, the switch forwards the frame out port 1. If not, the switch forwards the UNKNOWN UNICAST frame out every port except the one where it was received.

8) Server A receives the request for the web page and the reply completes the same process in reverse order.

24

25

Network devices can be grouped into unmanaged, web-managed, and managed. - Unmanaged devices are just that – out of the box functionality and

work in a predefined way. - A web-managed device has a web interface only and usually basic

functionality. - A managed device usually includes more remote management

options including:- Console- Telnet- SSH- HTTP/HTTPS- SNMP

To access remote management the device will require an IP Address, subnet mask, and a default gateway if the management station is in a different subnet.

26

The front panel LEDs on a network device can provide basic troubleshooting that should not be overlooked. Check that the fault light is not on (amber) and that there’s a link LED on the port.

27

28

Typically, you will only use the switch console cable to perform the initial configuration on the switch in order to manage the switch remotely using telnet, SSH, or the Web UI. Some other reasons you might use the console to manage the switch include recovery from a lost password when the front-panel buttons are disabled, if you have lost the ability to manage the switch remotely for some reason, to enter BOOTROM mode for troubleshooting an issue with support, or to perform a software update.

Terminal emulation settings: - 9600 bps - 8 data bits- no parity- 1 stop bit- No flow control

You can use TeraTerm Pro, PuTTY, SecureCRT, HyperTerminal,

29

etc.

29

The CLI is a text-based interface for configuring and monitoring HP switches. You can access the CLI can through either a direct serial connection or through a Telnet session (enabled by default) or SSH session.

The commands in the CLI are organized into the following levels:

• User EXEC – Lets you display information and perform basic tasks such as pings and trace routes. • Privileged EXEC – Lets you use the same commands as those at the User EXEC level plus configuration commands that do not require saving the changes to the startup-config file. • CONFIG – Lets you make configuration changes to the device. To save the changes across reboots, you need to save them to the startup-config file. The CONFIG level contains sub-levels for individual ports, for VLANs, for routing protocols, and other configuration areas.

30

Here are the configuration levels for VLAN and Interface configuration. This shows moving from the Global config prompt to a VLAN 10 prompt, exit back to a configprompt, and then to an interface prompt. You can also configure multiple interfaces at once using “interface 1-2” or similar. You move backwards using the exit command or CTRL-Z. Logout using the logout command. There are a limited number of remote sessions available, and if they aren’t exited properly you can leave the device in an inaccessible state. This can be prevented using a “console inactivity timer” which will automatically logout inactive sessions after a specified time (usually 15 minutes).

31

Here are the configuration levels for VLAN and Interface configuration. You move backwards using the exit command or CTRL-Z. You can logout using the logout command.

32

To display a list of available commands or command options, enter “?” or press Tab. If you have not entered part of a command at the command prompt, the commands supported at the current CLI level are listed. If you enter part of a command, then enter “?” or press Tab, the CLI lists the options you can enter at that point in the command string.

The CLI supports command completion, so you do not need to enter the entire name of a command or option. As long as you enter enough characters of the command or option name to avoid ambiguity with other commands or options, the CLI understands what you are typing.

33

Here’s an example of a near default configuration. Some of the pieces of information shown are the product part number and the software version the switch was running when it was configured.

34

The password command allows you to configure the operator or manager password, or both. Many HP switches can also use either RADIUS or TACACS authentication but that is outside the scope of this training.

35

HP ProCurve switches use define subnets and IP Addressing in the VLAN context. To configure the management IP Address on VLAN 1, change to the VLAN 1 context, then use the “ip address” command to define the IP Address and Subnet Mask. You can use either dotted decimal or CIDR notation for the subnet mask.

36

If a switch will be managed remotely from a different subnet, then you will need to define a default-gateway. This is done from the global config prompt using the “ipdefault-gateway” command.

37

Synchronizing switch time with a time server is important for logging purposes. When the time is synchronized, the logs will show an accurate timestamp that you can use to correlate events on the switch with other devices.

38

39

The “show config status” command will show whether the configuration has been changed since the last time it was saved. Save the running-config using the “write memory” command. It’s good practice to check whether the running-config needs to be saved. If there are changes that haven’t been saved and you reboot using the reload or boot commands, the switch will ask if you want to save the changes. If power is lost, you would lose any configuration changes that haven’t been saved.

40

1. Start PuTTY2. Click SessionLogging3. Click Printable output option for Session logging.4. Browse to the folder where you want to store the log file. Use of variables can

help to name the files so they’re easily identified.5. Click Session and enter the connection details, then click Open.6. Login and then run any commands from the device.7. Log out of the switch OR right-click the title bar and choose Change Settings

and then turn off logging.

41

1. Start PuTTY2. Click Window. 3. Change Lines of scrollback to the desired number (2000 should be plenty for

most situations).

42

43

VLANs or Virtual LANs are defined in the 802.1Q specification. VLANs allow an administrator to configure multiple broadcast domains (subnets) within the same device. This has a number of benefits including:

Security – Limit access to other devices based on subnet, and potentially place access restrictions at the router level. Performance/Bandwidth – Create separate broadcast domains reducing broadcast and multicast traffic. Broadcast/Traffic Flow – Control the flow of client traffic through the network. Departments/Roles - Separate clients based on type or business function.

44

Here are 2 networks without VLANs. All of the devices connected to switch 1 are in one subnet and all of the devices connected to switch 2 are in a second subnet.

- They are physically and logically separate networks.- There are 2 broadcast domains.

45

VLANs allow the administrator to connect devices from different networks to the same physical switch. The administrator has configured a second VLAN and made all of the ports connected to the devices in network 2 members of that second VLAN.

- The networks are still logically separate and they are in different IP subnets. - There are still 2 broadcast domains.- There is no change in the traffic between the hosts.

46

Here is another topology with 2 VLANs except this time we have multiple switches, each with hosts in VLAN 1 and VLAN 2.

The ports connected to the hosts are untagged in their respective VLANs. We configure the switch ports as members of the correct VLAN - this separates the traffic in the switch and created a separate MAC Address table for each of the VLANs.

The single switch-to-switch link has to carry traffic for both VLAN 1 and VLAN 2 so that the hosts in both VLANs can communicate with devices connected to the other switch. When a link carries traffic for multiple VLANs, we have to mark the packets to identify which VLAN the traffic belongs to. This is done by configuring the ports as tagged members of the VLAN. This tells the switch to add a 4 byte VLAN tag to the Layer 2 header of the packet with a VLAN identifier. Since we have 2 VLANs, we can configure the switch-to-switch links as tagged in one of the VLANs and untagged in the other. This will be sufficient to identify the traffic in the 2 VLANs.

A port connected to an individual host does not require tagging because it is a member of only 1 VLAN.

47

Here are some valid configurations:

Port 1 is showing the default configuration for all ports in an HP switch – they are all untagged members of VLAN 1. Port 2 has been moved to VLAN 2 as an untagged member. Notice that it is removed from VLAN 1. A port cannot be an untagged member of more than 1 VLAN. Port 3 is an untagged member of VLAN 1 and a tagged member of VLAN 2 and VLAN 3. Port 4 is a tagged member of VLANs 2 through 4. It is not required to have a port configured as an untagged member of a VLAN.

Also, a port cannot be removed from ALL VLANs. This would leave the port in an “orphaned state” and is not allowed.

48

When a port is a tagged member of a VLAN, packets that egress that port include a 4-byte VLAN tag inserted into a L2 packet header.

49

50

51

Step 1) Move from the privileged exec (manager)

prompt to the global config prompt.

Step 2) Create VLAN 10.

Step 3) Add port 1 and 2 as untagged members.

This will remove the default untagged membership

in VLAN 1 because a port can be an untagged

member of only 1 VLAN at a time.

Step 4) Add ports 3 and 4 as tagged members.

These ports retain the default untagged

membership in VLAN 1.

52

You can show the VLANs that are configured using the “show vlan” command. This displays general configuration information about each VLAN including the VLAN ID (VID), Name, Status, Voice, and Jumbo.

53

Optionally, you can give the VLAN a friendly name. This just provides a way to identify the VLAN and has no impact on how the VLAN functions.

54

55

56

Cisco terminology regarding VLAN configuration differs from HP E-Series switches. Ports are defined as either access or trunk ports. Access ports are typically connected to edge devices and have no VLAN tagging. Trunk ports are typically switch-to-switch or server connections and carry tagged VLAN traffic.

There can be some confusion when the word “trunk” is used since the same word refers to link aggregation when talking in HP network terms.

57

58

The goals of link aggregation and load balancing are to:

- Create fault tolerance at multiple levels – network adapter, cable, switch port, switch, and power.- Balance traffic load across multiple links

59

There are many types of link aggregation and load balancing available on the market. The types that are supported on the StoreVirtual SAN are:

- Active/Passive (aka NFT)- Link Aggregation Control Protocol (802.3ad / LACP)- HP Trunking (HP specific)- Distributed Trunking (HP Specific)- Adaptive Load Balancing (ALB)

60

Active/Passive provides fault tolerance only. The active interface passes traffic and the passive interface is in standby until a failure event occurs. The interfaces can be connected to the same switch or different switches.

61

802.3ad / LACP balances traffic across multiple links using the source and destination MAC Address. It uses all links and provides fault tolerance at the NIC, cable, switch port level. LACP does not provide fault tolerance in the event of a switch or power failure.

62

This method creates a trunk group that operates independently of specific trunking protocols and does not use a protocol exchange with the device on the other end of the trunk. With this choice,the switch simply uses the SA/DA method of distributing outbound traffic across the trunked ports without regard for how that traffic is handled by the device at the other end of the trunked links.Similarly, the switch handles incoming traffic from the trunked links as if it were from a trunked source.

63

The IEEE standard 802.3ad requires that all links in a trunk group originate from the same switch. Distributed trunking uses a proprietary protocol that allows two or more port trunk links distributed across two switches to create a trunk group. The grouped links appear to the downstream device as if they are from a single device. This allows third party devices such as switches, servers, or any other networking device that supports trunking to interoperate with the distributed trunking switches (DTSs) seamlessly.

Distributed trunking provides device-level redundancy in addition to link failure protection.

64

Adaptive Load Balancing provides both transmit and receive balancing. Transmit load balancing is achieved based on current load relative to speed. Receive load balancing is achieved via ARP negotiation.

ALB also provides fault tolerance. This does not require any special switch support but does require the ability to change the MAC address of a network device while it's open. The bond can be created between network ports that are on the same switch or different switches.

While it's technically possible to create an ALB bond with a 1GbE and a 10GbE interface it makes no sense practically. Since receive balancing is done through ARP negotiation some clients will get a 1GbE link and other clients will get a 10GbE link. The balance may change over time and the transmit link would vary between 1GbE and 10GbE. This is not a configuration that would be desirable or allowed.

65

66

67

When there are redundant paths present in a Layer 2 network as shown in this slide, it is known as a loop. A switch will forward a broadcast, multicast, or unknown unicast frame out all ports except the port where it was received – in this topology that means the frame is looped back to it’s source, and the frame is duplicated exponentially over time. This is one of the causes of a broadcast storm and can cripple an entire network in a short timeframe.

The Spanning Tree configures the active topology within a layer 2 network to prevent layer 2 loops.

68

The Spanning Tree algorithm ensures the existence of a loop-free topology in networks that contain redundant paths. The algorithm provides a single path between any two nodes in such an extended network. It also provides a high degree of fault tolerance by allowing for the automatic reconfiguration of the spanning tree topology in the event of bridge or data path failure.

In constructing a loop-free topology, the bridges within the extended network first determine the root bridge, the bridge with the highest priority value. This bridge serves as the root of the loop-free topology. After determining the identity of the root bridge, all other bridges calculate path costs, that is the cost of the path to the root bridge offered by each bridge port. Each bridge designates the port that offers the lowest path to the root bridge as the root port. In the event of equal path costs, the bridge designates the port with the highest priority as the root port.

On each LAN within the extended network, one bridge (the one whose root port offers the lowest cost path to the root bridge) is selected as the designated bridge. The port that connects the LAN to the designated bridge is selected as the designated port. This port is said to be in the forwarding state - carries all extended network

69

traffic to and from the LAN.

69

Multiple instance spanning-tree adds the capability to define multiple spanning tree instances so that separate spanning-tree paths can be created, typically per VLAN. Traffic can be balanced and make better use of the infrastructure.

70

It is best practice to disable spanning-tree on ports connected to StoreVirtual nodes. If spanning-tree is enabled on switches where storage nodes are connected, the following commands will place the ports in a forwarding state immediately when the port is up:

admin-edge-port - Applies only to RSTP/MSTP. When correctly set for eachport it improves the protocol operation. Indicate whether the port isconnected to LAN segment that doesn't have any bridge or switchconnected to it. If a bridge or switch is detected on the segment,the port will automatically operate as if Edge = 'No' has been set.

auto-edge-port - Applies only to MSTP. Used to set the automatic edgeport detection.

71

72

[Course Title] [Module Title]

[Rev. # or date]

Reference:http://www.ieee802.org/3/frame_study/0409/blatherwick_1_0409.pdf802.1AB Overview - Link Layer Discovery ProtocolIEEE 802.3 Frame Expansion Study GroupOttawa Sept 30, 2004Paul Congdon, HP ProCurve Networking and Peter Blatherwick, Mitel Networks

[Course Title] [Module Title]

[Rev. # or date]

There are multiple discovery protocols in use depending on vendors, software versions, etc... The industry standard and most prevalent today is LLDP or link layer discovery protocol. This is used by HP and in current Cisco IOS.

CDP is Cisco Discovery Protocol and is used on Cisco IOS, and also in older HP ProCurveswitches. HP was able to both send and receive CDP PDU’s in older software. In current software HP is able receive but not send CDP frames.

FDP is used on Foundry/Brocade switches.

All of these protocols provide similar information about directly connected neighboring devices.

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

To enable flow control on a Windows host, open the network adapter properties from Device Manager, then click on the Advanced tab and select Flow Control from the Property list.

91

92

93

94

95

The “show tech” command is a way to capture a lot of information from a switch with a single command. Entering “show tech” by itself will give the majority of the information needed for most cases. Because of the amount of output, “no page” should be entered, and logging should be turned on.

Note: The MAC address table is NOT included in the show tech output.

96

The “show running-config” command gives the current configuration running in VRAM.

97

The “show mac-address” command will output the mac address table on the switch showing what mac addresses are associated with each port.

98

The “show interfaces brief” command shows the current status of all interfaces. This allows an admin to confirm that a port is administratively enabled, up, and operating at the desired speed and duplex. If a port is a member of a trunk group, the trunk name (ex. TRK1) will be shown next to the port number. This command also shows whether Flow control is enabled on the port.

Other details:

Intrusion Alert – If there are security features enabled on a port such as aaa port-access, a failed authentication attempt or other action would cause the port to be disabled and/or an intrusion flag to be set on the port. If the port shows “Yes”, the customer should investigate with their network support to clear the flag and/or enable the port.

MDI Mode – The MDI mode is set when the port comes online. MDI/MDIX allows the use of either a straight-through or crossover cable on the port. When the link comes up, there’s a negotiation that configures one side as MDI and the other as MDIX. This is a coin-toss and it really doesn’t matter if this is MDI or MDIX. It’s common to see some ports set to MDI and others set to MDIX. Occassionally an admin will notice a

99

port is different than others and question why.

Broadcast Limit – This is a feature on ProCurve switches which allows the network admin to set a threshold percentage of broadcast traffic which is considered acceptable. A setting of zero means the feature is disabled. Any broadcast or multicast traffic exceeding that threshold is dropped. It is not recommended to enable broadcast limit on ports in an iSCSI network.

99

The show interfaces command is useful in troubleshooting network performance issues. It displays the total number of bytes, frames, receive errors, and drops on each interface. It also shows whether flow control is enabled on the port and if any broadcast limit has been set.

Using the show interface command can give a quick way to see if there is network congestion. It’s important to know the path of the traffic to focus on the ports that are significant. For instance, if troubleshooting a connectivity issue between the CMC and a storage node (or nodes), you would want to know every network device and connection between the server hosting the CMC and the node(s). If there are drops on any interfaces in the path, you can investigate further.

Clearing the counters – When you’re investigating a congestion or performance issue, you may see drops that are old and no longer relevant. You can either run the show commands several times to see if the drops are incrementing, or you can use the “clear statistics Ethernet [port-list]” command to zero the counters. This will clear the port counters for the current telnet or SSH session only. If you log in to a new session, the counters will show as though they had not been zeroed.

100

The show interface <port> gives more detailed counters on an individual port. In addition to the port counters and errors, the output includes a 5 minute weighted traffic average that can be revealing.

101

102

iPerf is a useful tool to test network bandwidth and performance. It is important to note that iPerf is a host based tool and so the results are limited to the resources on the host system. If the host has limited resources or issues, it will impact the results of the test. There are hardware based performance appliances available that can provide more configuration options, specific throughput, and accurate results.

103

To start an iPerf test, first run the server side with the –s parameter and any options. If there is a firewall running on the server, it must not block the port used (default is 5001). After the server is running, start the client side test with the –c parameter, the server IP Address and any options. Without any options, the test will run for 10 seconds and then give an average bandwidth.

104

To start an iPerf test, first run the server side with the –s parameter and any options. If there is a firewall running on the server, it must not block the port used (default is 5001). After the server is running, start the client side test with the –c parameter, the server IP Address and any options. Without any options, the test will run for 10 seconds and then give an average bandwidth. The follow may give more information:

Set the reporting interval with the –i parameter. This shows the results more frequently.Change how ling to run the test with the –t parameter. It may be useful to run the test for 5 minutes, for example. Change the TCP window size with the –w switch. Alternatively, you can use the –W (capital W) for an adaptive TCP window size.

105

jPerf is a Java based graphical front-end for iPerf. It is available for Windows and Linux platforms. jPerf can be useful to set options without having to remember the command line arguments. It also includes both a live graph and the same output you would expect to see at the command line.

106

This screenshot shows the difference in results after changing only the TCP window size.

107

108

tcpdump and Wireshark are both packet sniffers that capture raw traffic from one or more network interfaces. tcpdump is a command line program while wiresharkprovides a graphical UI with many analysis tools included. Both have the option of capture filters so that you can capture only interesting traffic as well as display filters that can narrow down traffic in a large capture so that only the interesting traffic is shown.

109

Here’s an example of a tcpdump capture running at the shell of a storage node during some pings from a PC to the node. There are a couple of parameters added to the command syntax and they are:

-i specifies the interfaceBond0 is interface we’re capturing onhost 10.2.10.50 – specifies that we only want to capture traffic with a source OR destination of 10.2.10.50and – This is adding a Boolean “and” to the captureicmp – Specifies that we only want to capture icmp packets.

The captured frames have a lot of information:

-- Timestamp showing exactly when the frames were captured based on local system time. You can change the format with a –j parameter. -- Source and destination IP Address OR hostname. You can stop tcpdump from converting the IP to hostname with –n if you like.

Some of the details shown in the summary on-screen are:

110

DescriptionFrame id Sequence numbersFrame length

110

Here’s an example almost identical to the previous except that it’s using a –w filename parameter which outputs the capture to a file instead of to the standard display. You can then open the capture file using tcpdump, wireshark or another application.

111

112

You can select the interface on the main Wireshark screen and just click start. This will start a capture of all traffic that passes on that interface (ingress or egress traffic).

If you are unsure of which interface to capture on, you can click on the Interface list to see where packet counts are incrementing.

You can also click on Capture Options to configure settings such as capture filter and capture files.

To stop the capture, click the red square next to the start capture button in the toolbar.

113

To perform a more specific capture you can use a capture filter. Click Capture, Options. Select the interface(s) and enter the capture filter. This will restrict the capture to the frames that you specify and ignore all other traffic.

Sources for capture and display filters:

http://wiki.wireshark.org/CaptureFiltershttp://packetlife.net/blog/2008/oct/18/cheat-sheets-tcpdump-and-wireshark/

You also have some options on this screen to capture to multiple files, stop the capture automatically, and change the way the capture is displayed.

114

115

116

From the man page:Nmap ("Network Mapper") is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

117

118

119

120

121

Ipconfig and ipconfig/all provides some very useful information about the IP settings on Windows hosts including hostname, MAC Address, IP Address, Subnet Mask, and Default gateway.

122


123


124


125

PING can be of the most useful command line tools available to troubleshoot basic network connectivity. One method of narrowing down the source of a connectivity, performance, or even MTU issue is to “ping around”. Starting from the closest connected device in the path, ping each device in the path between devices to find where an issue begins.

126

127

128

129

130

131

132

133

134

Documents

Hewlett Packard · 2015-04-16 · 3) The router receives the ARP request on port 1. It responds with its MAC Address on port 1. 4) Host A receives the ARP reply and adds a line to