Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
31 Cards in this Set
- Front
- Back
|
What are Cisco Application Network Services?
|
Is a collection of Cisco solutions that fall under the SONA Framework, that can help optimize and enhance the performance of network applications, as well as baselining application traffic.
|
|
|
What are the 4 steps of the application optimization process?
|
1. Baseline: Baseline the performance metrics of existing application traffic. 2.Optimize: Once understand the current behavior of the application traffic you can optimize identified applications. 3. Monitor: After optimizing, monitor network traffic to determine how traffic patterns are impacted. Deploy: Because the deployments of new applications or upgrades can effect the behavior of network applications, these steps should be repeated.
|
|
|
What is a traffic flow and how can it be tracked?
|
Is a series of packets, all of which share header info such as src and dst IP addresses, protocol numbers and ToS field info. Netflow can keep track of the number of packets and bytes observed in each flow, and stores this info in the "flow cache".
|
|
|
The IP SLA feature measures how a network treats traffic for specific applications by generating traffic of a similar nature (e.g. identical port numbers and packet size). What are steps involved to configure the feature?
|
1. Configure a as an IP SLA responder. 2. Configure the type of IP SLA operation. 3. Determine the config options for the IP SLA operation. 4. Specify any thresholds (which could trigger other events when exceeded). 5. Specify when IP SLA should run. 6. View the results (e.g. via CLI or a SNMP -based Network Management System (NMS)).
|
|
|
What is Network-Based Application Recognition?
|
Most routers just look at traffic at Layer 3, but with NBAR, routers can also look at Layers 4 through 7. This means that a router can recognize and classify various applications. Once it can recognize the applications, it can then take some action to ensure that the application gets higher priority, drop packets from that application, or take some other action.
|
|
|
What ports does the LWAPPP use when sending packets between a WAP and a WLC?
|
LWAPP data traffic uses a UDP dst port of 12222, whereas LWAPP Control Traffic uses a UDP dst port of 12223.
|
|
|
What are some of the Potential issues you must consider with Site-to-Site VPNs?
|
Overlapping IP addresses, dynamic routing protocols (Ipsec tunnels transport only unicast), MTU size (When encapsulated can adds overhead to packet, so can exceed MTU of interface), Misconfiguration, P-t-P nature of GRE (sub-optimal routing) and out processor overhead (type of security algorithm and number of tunnels)
|
|
|
What are some of the Potential issues you must consider with Remote-access VPNs?
|
Authentication (user credentials), user profiles (polices assign rights), MTU size, misconfiguration and client s/w security (f/w or antivirus night deny traffic required for VPN establishment).
|
|
|
What is a Dynamic Multipoint VPN (DMVPN)?
|
It allows a VPN connection to be created dynamically, which overcomes the performance issues of a hub and spoke topology (and suboptimal routing), while simultaneously overcoming the scalability issues presented by a full mesh topology.
|
|
|
What is a Generic Routing Encapsulation (GRE) Tunnel?
|
Are a type of tunnel that can carry multiple packet types, unlike Ipsec tunnels that can only carry unicast IP traffic. Therefore, all IP traffic (including multicast and broadcast, so could be dynamic routing protocol updates) can initially be encapsulated within GRE packets, which are unicast packets. Those GRE packets can then be encapsulated inside IPsec packets to secure their transmission.
|
|
|
What is Recursive Routing?
|
Recursive routing is a result of the destination of the tunnel being learned through the tunnel itself. Kind of like the same problem you can have with redistributed routes. When the best path to the tunnel destination is via the tunnel itself, recursive routing causes the tunnel interface to flap. So in the routing table, the route to the IP address of the tunnel dst should be through a physical interface, and not the tunnel interface.
|
|
|
|
|
|
|
To make a router act as an IP SLA Responder (Some versions of IOS omit "monitor" keyword").
|
R1(config)# ip sla monitor responder
|
|
|
To configure the type of IP SLA probe to be received by this responder router, including dst IP address and port number of the probe. The dst is going to be the IP of an interface on this responder.
|
R1(config)# ip sla monitor responder type [type] ip address [dst ip] port [port]
|
|
|
To create an IP SLA monitor instance and enter the IP SLA config mode from where the probe is defined. This is done on the IP SLA source router.
|
R1(config)# ip sla monitor [instance]
|
|
|
The IP SLA config mode cmd that defines the type of IP SLA probe to be sent is a TCP connect probe. TCP Connect measures the response time taken to perform a TCP Connect operation between a Cisco router and devices using IP. The dst device can be any device using IP.
|
R1(config-sla-monitor)# type tcpconnect dest-ipaddr [ip add] dest-port [port] source-port [port]
|
|
|
To specify ToS byte in the IP header of an IP SLA operation. If you need to measure traffic in a specific QoS queue, the ToS value associated with that queue should be specified. If the ToS is not specified, the TCP Connect operation will not include a QoS tag in the packet.
|
R1(config-sla-monitor-tcp)# tos [0-255]
|
|
|
Global config cmd that immediately starts a specified IP SLA entry, which runs forever.
|
R1(config)# ip sla monitor schedule entry] life forever start-time now
|
|
|
To view the collected IP SLA info on the IP SLA source router. Includes the latest Round Trip Time (RTT) measured for a probe, the number of success & failure probes, and the Operation time to live.
|
R1# show ip sla monitor statistics
|
|
|
To view the info collected by the IP SLA responder router. It shows total number of control messages and errors received, as well as the IP addresses of the sources to which the responder recently responded.
|
R1# show ip sla monitor responder
|
|
|
|
|
|
|
To enable NBAR protocol discovery feature on an interface to determine the applications consuming the most b/w on that interface. Can be as useful as NetFlow and IP SLA as a baselining tool.
|
R1(config-if)# ip nbar protocol-discovery
|
|
|
To expand a routers NBAR signature recognition capability by adding 1 or more PDLM files to a router. PDLM files can be downloaded from cisco.
|
R1(config)# ip nbar pdlm [pdlm-file]
|
|
|
To view the NBAR collected traffic statistics for an interface. It lists the top protocols, and for each one shows packet count, byte count, average bit rate and maximum bit rate statistics.
|
R1# show ip nbar protocol-discovery
|
|
|
For applications that are recognized based on TCP or UDP port numbers, you can modify the port numbers that NBAR uses. You can specify multiple port numbers to be used by the one protocol.
|
R1(config)# ip nbar port-map [protocol] [tcp | udp] [port -number] [port -number] etc.
|
|
|
To see what port or ports are associated with a specific protocol.
|
R1# show ip nbar port-map [protocol]
|
|
|
|
|
|
|
To see info about Ipsec security association settings, including IP address info for tunnel peers and info about encryption and hashing algorithms being used to protect the tunnel traffic.
|
R1# show crypto ipsec sa
|
|
|
To see in table format configuartion info for all active Ipsec sessions. For each session shows the local interface and IP address, encryption and hashing algorithms being used, and the state.
|
R1# show crypto engine connections active
|
|
|
To display the crypto map configuration, including such info as the peer IP address, the ACL used to classify traffic to be sent over the tunnel, and the interfaces using a particular crypto map.
|
R1# show crypto map
|
|
|
To display status and configuration info for a specified tunnel. Includes info like src and dst IP addresses of the tunnel, tunnel protocol in use (e.g. GRE) and traffic statistics.
|
R1# show interface tunnel [number]
|
