Wednesday, May 3, 2017

WAN issues

Loss of Internet connectivity—The top of the list of WAN issues is loss of connectivity. Assuming the account with the WAN service provider is up to date and there are no issues with the CPE, then try to ping the other end of your WAN connection. If the ping fails, call your provider. If, on the other hand, you can ping the other side, but can’t reach a specific location, such as corporate headquarters, then use tools such as traceroute to determine where the traffic is blocked. Most likely, the issue is on the remote end, such as a new policy implementation, bad interface card, or equipment failure.

Image Interface errors—The vendor-specific show commands on the router can reveal the quantity of interface errors. Network monitoring tools can be configured to poll interfaces periodically for these same statistics. If an unacceptable threshold of errors is exceeded, an alert can be sent to the administrator. The errors could be due to a variety of factors, such as an interface starting to fail or poor cable connections.

Split horizon—To avoid routing loops, a router does not advertise a network over the same interface that it learned about a network. However, in some WAN topologies, such as hub-and-spoke, where the hub router is using one physical interface to connect to multiple branch locations, it may be necessary to disable the split horizon rule. This will allow the headquarters router (the hub) to advertise routes learned from one branch to other branches.

DNS issues—DNS issues regarding WAN connectivity relate specifically the DNS configurations on your border devices. In larger organizations, local DNS servers help alleviate demands for WAN bandwidth by replying to local DNS requests. However, if the local DNS server does not have a record for a domain name, it must request the record from another DNS server. If the configuration for that remote DNS server is wrong, there will be issues resolving domain names. If DNS issues arise, be sure that border devices and internal DNS servers are configured with a remote DNS server for name resolutions.

Interference—Recall from Day 4, “Troubleshoot Copper and Fiber Cabling Issues,” that several sources of interference can cause cabling issues. The same holds true for WAN cabling. Use cable management to avoid sources of electromagnetic interference. If problems occur, use tools such as cable testers to track down the source of the issue. Wireless connectivity on the WAN side can be impacted by a number of factors, which we review a bit later when discussing satellites.Image Router configurations—A border router sits between an organization’s network and the WAN service provider’s network. Changes to the router configuration should be done by authorized administrators using proper change-control procedures. Backups of router configurations should be stored periodically and available if the system needs to be restored due to a complete loss of a router.Image Customer premises equipment—CPE is equipment located at the WAN customer’s site. Some of the equipment may be owned or leased from the service provider. Service level agreements (SLAs) establish who is responsible for which management tasks. Care should be taken to protect against unauthorized access and changes to this equipment. The following list of terms normally apply to CPE:Image The demarcation point, or demarc or point of demarcation (POD), is the physical point where the customer’s responsibility for the network begins. This interface between the service provider and the company receiving WAN services is also sometimes referred to as the network interface unit (NIU).Image A smart jack, also known as an intelligent network interface device (INID), can be used as the demarc. Smart jacks can be configured to code the signaling to match the customer’s equipment.Image Smart jacks typically use loopbacks to send diagnostic information back to the WAN service provider to test functionality of the WAN circuit. This is how they might be able to determine that an issue is on their side of the connection.Image A channel service unit/data service unit (CSU/DSU) is a device that converts the digital signals that are used by the customer’s router interfaces to make the signals compatible with the signals used on the wide area network. In today’s equipment, this functionality is built in to the router WAN interface card, which can directly connect to a WAN circuit such as a T1.Image Copper line drivers are used when the distance of a specific cable run needs to be extended beyond its limitation. These WAN-side repeaters regenerate and amplify the signal to keep it at an acceptable level.Image Company security policy—For WAN implementations, the security policy could include the throttling or the limiting of certain types of traffic that could help protect against a DoS attack. A security policy also can indicate that certain types of websites should not be accessible from company computers. This type of URL filtering based on type is a form of blocking. Blocking can also be applied to certain types of inbound requests to public-facing servers to help protect against attacks targeting those servers. A corporate policy might also include details regarding fair access and utilization limits to protect against misuse of network resources and services, including Internet access.Image Satellites—These wireless connections are susceptible to the following unique issues:Image Rain fade—The smaller the dish, the more susceptible it is to moisture interference.Image Latency—The time lapse between sending and requesting information is high due to the distance it has to travel.Image Line of sight—The path between the satellite dish and the satellite should be as unobstructed as possible.x

TCP Three-Way Handshake – Como capturar e entender o conceito

TCP Three-Way Handshake – Como capturar e entender o conceito Os dois primeiros pacotes são fáceis porque são os dois únicos que possue...