NetworkJutsu

Networking & Security Services | San Francisco Bay Area

General

show ip flow top-talkers

By 7 Comments

Who is hogging your precious WAN bandwidth? That’s probably one of the things that you’re asking on your mind when you receive an alert about a certain WAN link has reached its full capacity. Well, you’re in luck. In newer Cisco IOS, it will allow you to enable NetFlow and Top Talkers which gives you the ability to view who are the current top talkers in your network. I really believe that the commands that I am about to show you should be part of your standard configuration on routers.

To enable Top Talkers, issue these commands:

ip flow-top-talkers
 top 10
 sort-by bytes

Enabling Top Talkers is not enough, you also need to enable NetFlow on an interface. According to Cisco, if the router is running Cisco IOS prior to release 12.2(14)S, 12.0(22)S, or 12.2(15)T, the command used to enable NetFlow on an interface is ip route-cache flow. If the router is running Cisco IOS release 12.2.(14)S, 12.0(22)S, 12.2(15)T, or later the command used to enable NetFlow on an interface is ip flow ingress. However, I’ve used ip route-cache flow on a router running Cisco IOS 15.0 and it worked just fine. Try the first one first before using the latter. I have not tried it yet, but you may need to use ip flow egress as well if ip route-cache flow does not work.

In this scenario, I enabled NetFlow on Serial0/2/0.

configure terminal
interface Serial0/2/0
 ip route-cache flow

Once you are done configuring NetFlow on the interface, then you can now issue:

Router#sh ip flow top-talkers
SrcIf    SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Bytes
Se0/2/0  10.1.1.33    Fa0/0 10.2.2.9     06 050E 1BC7  2156K
Se0/2/0  10.1.1.140   Fa0/0 10.2.2.78    06 0A26 10C0  1629K
Se0/2/0  10.1.1.144   Fa0/0 10.2.2.55    06 0A26 0CA6  1352K
Se0/2/0  10.1.1.120   Fa0/0 10.2.2.77    06 0A26 05E8   535K
Se0/2/0  10.1.1.106   Fa0/0 10.2.2.86    06 0A26 086A   361K
Se0/2/0  10.1.1.131   Fa0/0 10.2.2.90    06 0A26 0A7A   135K
Se0/2/0  10.1.1.112   Fa0/0 10.2.2.80    06 0A26 0C28   109K
Se0/2/0  10.1.1.137   Fa0/0 10.2.2.80    06 0A26 0D95    75K
Se0/2/0  10.1.1.142   Fa0/0 10.2.2.82    06 0A26 120B    71K
Se0/2/0  10.1.1.116   Fa0/0 10.2.2.83    06 0A26 0922    47K
10 of 10 top talkers shown. 30 flows processed.

I really think this is a great tool to have in your routers. It will basically help you identify who is congesting your WAN link. I’ve seen scenarios where Security (Loss Prevention) guys, like to see what’s going on in the remote branch and they use their little PC to remotely view the security cameras inside the remote branch. In some environment, that’s a no-no especially if the mission critical applications are being affected. If the QoS (Quality of Service) was designed and implemented correctly, then you shouldn’t have to worry about Security guys viewing and streaming recoded videos because the mission critical applications should have guaranteed bandwidth when there’s a congestion.

I hope this has been helpful and thank you for reading!

Reference

NetFlow MIB and Top Talkers

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.

CCIE R&S v4 Home Lab

By 5 Comments

Update: New home lab for CCIE R&S v5.

As you may know, I am studying for the CCIE written and lab exam. To help with my CCIE studies, I have decided to build my own CCIE home lab. Sure, you can rent CCIE racks and there are tons of them out there. However, you don’t get the convenience of being able to turn it on and off at your own time. Another alternative of having a rack is building a GNS3 or Dynamips server to run Cisco IOS. It is a very inexpensive way to study for CCIE and it works great for other people. While Cisco uses IOU (IOS on Unix) on their troubleshooting section, they’re not running any emulators for the configuration section. That said, configuring routers and switches on a real gear will mimic the same results. Other CCIE aspirants will disagree on this logic; however, I’ve met and read forum member’s posts who has the same reasoning as I do. Besides, I started building my home lab back in 2005 when I first entered the Cisco Network Academy Program (CNAP). I added more routers and switches to my home lab when I studied for my CCNP exams, so few more routers and switches here and there wouldn’t be such a big deal. Though, it did cost me a lot of money.

Internetwork Expert (INE) was my first choice in CCIE lab preparation. At the time I decided that I am going to pursue CCIE, it was the most talked about CCIE training vendor and all of them were positive. It probably still is, but I haven’t had a chance to visit and read forums lately. That said, I decided to build my lab as close as possible with what they use for their CCIE workbooks since they have a specific topology for their CCIE workbooks. Fortunately, the hardware specifications and topology for the CCIE workbooks are open for public and can be found here. As mentioned earlier, I started building my home lab back in my CCNA days. That said, the gears are quite different compared to INE’s specs. Having different equipment turned out to be a challenge because the interfaces are different. I find myself trying to figure out which interface is which when I am doing labs. That said, I created my own topology with the right interfaces so I can at least save some time when I am labbing.

CCIE Home Lab

I think I should stop talking now and give you an idea of how my CCIE home lab looks like. Here’s the list of my CCIE home lab equipment:

DevicePlatformDRAMFlashWIC(s)Software
Backbone 1 (BB1)2620XM128MB48MB1 x NM-8A/SAdvanced Enterprise Services 12.4(18)A
Backbone 2 (BB2)252016MB16MBN/A12.2(15)T17
Backbone 3 (BB3)252016MB16MBN/A12.2(15)T17
Router 1 (R1)2620XM128MB48MB1 x WIC-2TAdvanced Enterprise Services 12.4(18)A
Router 2 (R2)2620XM128MB48MB1 x WIC-2TAdvanced Enterprise Services 12.4(18)A
Router 3 (R3)2620XM128MB48MB2 x WIC-2TAdvanced Enterprise Services 12.4(18)A
Router 4 (R4)2801256MB64MB1 x WIC-2TAdvanced Enterprise Services 12.4(24)T4
Router 5 (R5)2801256MB64MB1 x WIC-2TAdvanced Enterprise Services 12.4(24)T4
Router 6 (R6)2801384MB128MB1 x WIC-2TAdvanced Enterprise Services 12.4(24)T4
Switch 1 (SW1)3560-24TS128MB32MBN/AEnhanced Multilayer Image (EMI) 12.2(44)SE
Switch 2 (SW2)3560-48TS128MB32MBN/AEnhanced Multilayer Image (EMI) 12.2(44)SE
Switch 3 (SW3)3550-48TS64MB16MBN/AEnhanced Multilayer Image (EMI) 12.2(25)SEC2
Switch 4 (SW4)3550-48TS64MB16MBN/AEnhanced Multilayer Image (EMI) 12.2(25)SEC2
Terminal Server251116MB16MBN/A12.2(15)T17

The image below is the picture of my home lab without the cables.

The image below is the Frame Relay topology.



The image below is the Ethernet connectivity topology.

I hope I can inspire more network engineers to pursue Cisco’s highly coveted and prestigious CCIE Routing & Switching certification. It will take a lot of your time and money, but it will be all worth it once you get your own five-digit number! Heck, by just studying for the exam will make you a better network engineer.

Disclosure

NetworkJutsu.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.