New Service Provider Operations Track Training and Exams

The Cisco CCNA Service Provider (SP) Operations certification and the written exam for the CCIE Service Provider (SP) Operations certification are now available.
The Cisco CCNA SP Operations certification targets entry-level students with a foundation of network operations skills in SP IP NGN environments required of associate-level operations personnel. Both the Supporting Cisco Service Provider IP NGN Operations (SSPO) course and required # 640-760 exam are now available. Interested students should access the CCNA SP Operations home page for more information.

The Cisco CCIE® SP Operations certification assesses and validates core IP NGN service provider network operations expertise and broad theoretical knowledge of operations management processes, frameworks and network management systems. Registration for the for CCIE SP Operations written exam is now available. In addition, students may download the blueprint for the CCIE SP Operations practical exam from the CCIE SP Operations practical exam overview page. The practical exam for the CCIE SP Operations certification is scheduled to be made available in the third quarter of 2010.

For more info:
https://learningnetwork.cisco.com/community/certifications/ccna_sp_operations
https://learningnetwork.cisco.com/index.jspa?ciscoHome=true
https://learningnetwork.cisco.com/community/certifications/ccie_sp_operations/practical_exam

Cisco: Mark voice packets at the network edge

You know how Cisco always advise to mark the packet as close to the your network edge as you can? Even more you can find a lot of example where Cisco show how to trust the packets directly on the access switch, but not all the time you can do this.

First because not everybody has devices that mark correct packets (like Cisco IP Phones) but we still have to deal somehow with packet marking as maybe your provider treat packets different on their backbone based on their marking.

In this idea what I’m taking care the most are the voice packets as usually this has to be prioritized on the network. Let’s face it, if you have a TCP connection and some FTP packet are retransmitted you don’t notice this too much, but if you have delay on your phone conversation with your boss, that it’s not so good.

Please have a look at the topology below:

In this scenario we have a Voice server and some IP Phones (I know they look like Cisco IP phone, but pretend they are not) connected to the access switch. Let’s assume that  we cannot trust marking on this packets as they arrive from this devices.

Here we run into one of the two issues. First if we trust the marking on the access port, than we don’t know what we are stuck with. If we don’t trust them, then the packets header DiffServ (TOS) bits are rewrite with a value of zero making no difference between voice packets and regular ones.

My solution is the following. I’m not saying that’s the only solution or the best, but it’s working:

On the access switch:

1. enable globally:

mls qos

2. configure and access-list that match the voice packet; this is a very general list:

access-list 101 permit udp any any range 16384 32767
access-list 101 permit udp any range 16384 32767 any
access-list 101 permit udp any any range 5060 5061
access-list 101 permit udp any range 5060 5061 any

3. match the access-list in a class-map

class-map match-all VOIP
match access-group 101

4.configure a policy-map with the class-map above and set the DSCP value to EF (decimal 46) or COS or whatever you need

policy-map ASTERISK
class VOIP
set dscp ef

5.on the access port configure the service-policy direction inbound

int x/y
service-policy input ASTERISK

6.on all trunks from your access switch to your first Layer 3 device trust this DSCP  value (or what you have set, as now we are sure what values we set) with:

mls qos trust dscp

Let me know if it’s working!

Free Netflow Analyzer software

For today, I put together a list with the software that I’m using when I’m testing network behavior in the lab. The software below is free, with some restrictions but is perfect to use it when you need a quick solution to monitor your network with Netflow, sFlow or jFlow.

All the proposed software have commercial version, so if you like then and you consider one for your company please get in touch with the company that develop them for more information about licenses.

sFlowTrend

Free, graphical network monitoring tool. sFlowTrend makes use of the popular sFlow standard to generate real-time displays of the top users and applications making use of network bandwidth.

Some features:

  • Quickly understand who is using the network and what they are doing.
  • Enforce corporate acceptable network use policies.
  • Rapidly identify the cause of any problems or abnormal traffic.
  • Understand trends in usage and accurately target upgrades.
  • Generate management reports on current and historical performance.

sFlowTrend is written in Java and will run on most platforms.

Download sFlowTrend.

Solarwinds Netflow Analyzer

Solarwinds Real-Time NetFlow Analyzer captures and analyzes NetFlow data in real time to show you exactly what types of traffic are on your network, where that traffic is coming from, and where it is going. It displays inbound and outbound traffic separately for granular analysis that makes problem diagnosis quick and easy. You can view the historical NetFlow data broken out by application, conversation, domain, endpoint, and protocol. That way you know exactly how your bandwidth is being used and by whom.
Features:

  • Investigate, troubleshoot, and quickly remediate network slowdowns
  • Easily identify which users, devices, and applications are consuming the most bandwidth
  • Isolate inbound and outbound traffic by conversation, application, domain, endpoint, and protocol
  • Personalize NetFlow data displays to view traffic by specified time periods (up to 60 minutes) and by traffic type
  • Customize refresh rates and display units for NetFlow traffic

Drawback for this free version is that it can record only up to 60 minutes, than you have to restart software to record again.

Available only for Windows platforms.

Download Solarwinds Netflow Analyzer

ManageEngine Netflow Analyzer

ManageEngine NetFlow Analyzer is a, web based (no hardware probes), bandwidth monitoring, network forensics and network traffic analysis tool that has been optimizing thousands of networks across varied industries for peak performance and helping them to put their bandwidth for a better use. NetFlow Analyzer is a NetFlow, sFlow, JFLow (and more) collector, analyzer and reporting engine integrated together.

Features:

  • Real-time visibility into top applications and talkers in the network.
  • Detection of unauthorized WAN traffic.
  • Identify virus, worms and DoS attacks in real-time.
  • Understand the history of security violations with alert reports.
  • Recognize applications that use dynamic ports by performing a deep-packet inspection using Cisco NBAR.
  • Real time reports with 1 minute granularity.
  • Aggregated data stored for ever for historic reports
  • Ability to view reports in different granularity – 10 min, hourly, daily, weekly, monthly, and custom time period.

The bad aspect is that you can use it only for 30 days. Then you have to buy it. There is a trick, that if you reinstall the product you can use it again for 30 days. I advice to use this trick just for personal use or for testing purpose.

Available for Linux and Windows.

Download ManageEngine Netflow Analyzer

Plixer Scrutinizer

Plixer Scrutinizer captures Cisco NetFlow, sFlow and other flow technologies and uses that data to monitor the overall network health. Reports on which hosts, applications, protocols that are consuming network bandwidth.

Custom NetFlow Reports allow you to filter (include/exclude) in on exactly the information you need. They can be saved and run again later.

Features:

  • Adds several additional traffic analysis Report Types (e.g. Flows, Flow Volume, NBAR Support, etc.).
  • Report on Top Applications, Conversations, Flows, Protocols, Domains, Countries, Subnets, etc., across dozens of routers and switches.
  • Any saved report in Scrutinizer can be configured with a threshold to trigger an alarm.
  • DNS resolution becomes automated and a constant process.
  • Network traffic reporting and alarming on the internal network: SYN, NULL, FIN, XMAS Scans, RST/ACK worms, P2P, ICMP Unreachable, illegal IP addresses, excessive Multicast traffic, known compromised Internet hosts and more.

The bad part is that it drops the database after 24 hours. Still you can save the databases before this are dropped by the free version of Scrutinizer.

Available for Windows platforms.

Download Plixer Scrutinizer

Do you have any other alternatives that can help network engineer test their environment? Feel free to suggest in the comments form and if they are good I will add them to  this post.