Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
40 Cards in this Set
- Front
- Back
|
What could cause the CPU of a router to become overloaded?
|
Processes running on the router that are taking up an unusual high percentage of its CPU resources, such as ARP input requests, NET background processes, IP background processes or TCP timer processes.
|
|
|
What is the ARP input process?
|
It is charge of ARP requests, and can consume an inordinate percentage of resources if the router has to send numerous ARP requests. This could be the result of an attacker performing a ping sweep on the subnet.
|
|
|
What is the Net Background Process?
|
Allows an interface to allocate one of the globally available buffers from the main pool that the router maintains, due to the interface needing to store a packet in its buffers but they are all full. Is likely happening if the throttles, ignored and overrun parameters are incrementing on an interface.
|
|
|
What is the IP Background Process?
|
It handles an interface changing its state, like from up to down.
|
|
|
What is the TCP Timer Process?
|
It runs for each TCP router connection, so therefore many connections can result in a high CPU utilization.
|
|
|
What are the 3 primary modes a Cisco router uses for packet switching?
|
Packet Switching involves the router making a decision about how a packet should be forwarded and then forwarding it out of the appropriate interface. The 3 are Packet Switching, Fast Switching and Cisco Express Switching.
|
|
|
How does Process Switching work?
|
When a router routes a packet it first removes the L2 header, examines L3 addressing, decides on how to forward it, and then re-writes the L2 header changing src & dst MAC and computing a new CRC before routing the packet out of the appropriate interface. The routers CPU (control plane) is heavily involved with packet switching decisions and as a result the performance of a router can suffer significantly.
|
|
|
How does Fast Switching work?
|
It uses a fast cache (maintained in Data plane) which contains info about how traffic from different data flows should be forwarded. The first packet in a data flow is process switched by the CPU, and after the router has determined how to forward that, the info is stored in the fast cache, and subsequent packets are forwarded based on the info in the fast cache rather than being Process Switched.
|
|
|
How does Cisco Express Forwarding (CEF) work?
|
It maintains 2 tables in the dataplane, the FIB which maintains L3 forwarding info and the adjacency table which maintains L2 info for the next hops listed in the FIB. These are populated from the routers IP routing table and ARP cache. Unlike Fast switching, it doesn't require any process switching, so the entire data frame can be forwarded at the data plane.
|
|
|
What are buffers?
|
The Router Processor (RP) divides its memory into pools, with each pool containing a number of memory blocks of equal size. The memory blocks are called Buffers. There are 6 buffer pools; Small (104 Bytes), Middle (600), Big (1524), Very Big (4520), Large (5024), and Huge (18024). For example, if an interface needs to pass a 20 byte packet to the RP, it asks for a small buffer. If is a 500 byte packet, a middle buffer, and so forth.
|
|
|
What is a Memory Leak?
|
When a router starts a process that process is allocated a block of memory, and when the process completes the allocated memory should be returned to the routers main pool. If all the allocated memory is not returned to the main pool, a memory leak occurs.
|
|
|
What is a Memory Allocation Failure?
|
It is when a process attempts to allocate a block of memory and fails to do so producing a MALLOCFAIL error message.
|
|
|
What is a Buffer Leak?
|
Similar to a memory leak, a buffer leak occurs when a process doesn't return a buffer to the router when the process has finished using the buffer.
|
|
|
What is a Wedged Buffer Leak?
|
When an interface is wedged the router can no longer forward traffic that comes in to the affected interface. This can be identified with "show interfaces", look at "input queue queue/capacity", if the queue of packets is more than the capacity. You can reload the router to free the input queue and restore traffic until the queue is full again.
|
|
|
To enable Packet Switching, which is done by disabling Fast Switching.
|
R1(config-if)# no ip route-cache
|
|
|
To enable CEF globally. CEF takes precedence over other packet switching methods, but if a packet is CEF punted it will be fast switched instead.
|
R1(config)# ip cef
|
|
|
To enable CEF on a per interface basis.
|
R1(config-if)# ip route-cache cef
|
|
|
To display a collection of interface statistics. If the throttles, overruns, or ignore counters continually increment, the Net Background process might be consuming excessive CPU resources, while it allocates buffer space for an interface from the main buffer pool of the router.
|
R1# show interface [type] [mod/num]
|
|
|
To display the ARP cache on a switch which helps you to keep track of which MAC address is connected to which port on the switch.
|
R1# show mac-address-table
|
|
|
To display the routers ARP cache, containing learned or configured MACs, there associated IPs and interface. ARPS are only for Ethernet. If several entries are in the incomplete state, could suggest the scanning of network resources, which might indicate a malicious reconnaissance attack.
|
R1# show arp
|
|
|
To clear the ARP cache to allow a router to re-learn the info (e.g. use after you make a topology change). By default a routers arp cache stores info for 4 hours.
|
R1# clear ip arp
|
|
|
To display which Frame Relay sub-interfaces correspond to DLCIs. So is the DLCIs associated with different next-hop IP addresses.
|
R1# show frame-relay map
|
|
|
To display the IP routing table, you can add a routing protocol or network address to make it more specific. Adding Longer-prefixes displays all routes that are encompassed by the specific network address and subnet mask.
|
R1# show ip route [Routing Protocol | IP add | [network IP & mask]] longer-prefixes
|
|
|
To display multiple IP interface statistics including which packet switching modes are enabled on the interface. More than one packet switching mode can be enabled incase the packet has to be punted.
|
R1# show ip interface [type] [mod/num]
|
|
|
To display the contents of the fast cache, which a router will begin to populate if fast switching is enabled and CEF disabled.
|
R1# show ip cache
|
|
|
To display the IP input process utilization info, with a high figure suggesting a router is actively process-switching traffic.
|
R1# show process cpu | include IP input
|
|
|
To display the contents of the routers FIB table. If the next-hop is shown as "recieve" means the network is local to the router (e.g. loopback), whilst "attached" indicates that the network is directly connected to the router.
|
R1# show ip cef
|
|
|
To show the destinations reachable via the specified combination of egress interface and next-hop IP address.
|
R1# show ip cef adjacency [egress interface] [ip next-hop] detail
|
|
|
To display the FIB. Is similar to the routing table but contains no Routing Protocol info since is data plane (not control plane).
|
R1# show ip cef [IP add | network IP & mask]
|
|
|
Displays the adjacency that will be used to forward a packet from a specific src IP to a specific dst IP. So shows what interface it will be sent out of and the next hop IP.
|
R1# show ip cef exact route [src IP] [dst IP]
|
|
|
To display info about packets forwarded using a method other than CEF. Some traffic might still need to be switched by another packet switching method. For example,a feature not supported by CEF, so requires the use of the routers processor (RP).
|
R1# show cef not-cef-switched
|
|
|
To show the CEF info that is used to construct the frame headers for the various router interfaces. An egress interface and next hop IP would be in an adjacency entry for a multipoint interface, where as P-t-P interface would require only egress interface info.
|
R1# show adjacency detail
|
|
|
To display the adjacency table, which includes interface, and MACs for IP addresses. When you see a particular adjacency listed in the FIB, you can use this cmd with the egress interface to confirm the router has info about how to reach that adjacency.
|
R1# show adjacency [egress interface] detail
|
|
|
To display info about the number of TCP segments a router sends and receives, including the number of connections initiated, accepted, established and closed. If the output indicates numerous connections, the tcp timer process might be consuming excessive CPU resources while simultaneously maintaining all connections.
|
R1# show tcp statistics
|
|
|
To see average CPU utilization over 5 sec, 1 min and 5 min intervals, in addition to listing all the processes and the % of CPU resourses consumed by each of those processes. The second % shows the amount of CPU recourses being spent on interrupts.
|
R1# show processes cpu
|
|
|
To display a graphical view of CPU utilization over the past 60 secs, 60 mins and 72 hrs. Is useful in determining if a CPU spike is temporary or it is an ongoing condition.
|
R1# show processes cpu history
|
|
|
The cmd to see how many buffers (of various types) are currently free. It shows total, free, min & max allowed in free list, Hits (buffers requested), misses, created, failures and no memory.
|
R1# show buffers
|
|
|
The cmd used to help identify memory leaks. It shows info about the memory available on the router after the IOS image of the router has been decompressed and loaded. There is the summary info followed by more detailed allocation info for each process running on the router.
|
R1# show memory allocating-process totals
|
|
|
To display table of how much memory is being consumed by the various BGP processes of a router. Be aware BGP runs multiple processes and can consume significant amounts of router memory. To reduce you can filter out unneeded BGP routes or upgrade memory of router.
|
R1# show processes memory | include BGP
|
|
|
To display the memory available on specific line cards of a router. A router can have multiple line cards with different amounts of memory available on each.
|
R1# show diag
|
