CompNtwk : Lab 4.5.5 Diagramming Extranet Traffic Flows

Step 1: Cable and configure the current network

a. Cable the topology given in the diagram. Ensure that power has been applied to both the host

computer and router.

b. Establish a HyperTerminal or other terminal emulation program to the routers and configure the

hostname and interfaces shown in the table.

c. Set a clock rate on the DCE interface of the serial link between R2 and R3. Routing will have to be

configured on the three routers to establish data communications.

d. From PC1, ping PC2 and Discovery Server to confirm network connectivity. Troubleshoot and

establish connectivity if the pings fail.

Step 2: Configure NetFlow on router FC-CPE-1 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-1.

FC-CPE-1(config)#interface fastethernet 0/0

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#interface fastethernet 0/1

FC-CPE-1(config-if)#ip flow ingress

FC-CPE-1(config-if)#ip flow egress

FC-CPE-1(config-if)#end

Step 3: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-1, issue the show ip flow interface

command.

FC-CPE-1#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-1#clear ip flow stats

Step 4: Configure NetFlow on router FC-CPE-2 interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router FCCPE-2:

FC-CPE-2(config)#interface fastethernet 0/0

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#interface fastethernet 0/1

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#interface serial 0/1/0

FC-CPE-2(config-if)#ip flow ingress

FC-CPE-2(config-if)#ip flow egress

FC-CPE-2(config-if)#end

Step 5: Verify the NetFlow configuration

a. From the privileged EXEC mode on router FC-CPE-2, issue the show ip flow interface

command.

FC-CPE-2#show ip flow interface

FastEthernet0/0

ip flow ingress

ip flow egress

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

FC-CPE-2#clear ip flow stats

Step 6: Configure NetFlow on router ISP interfaces

From the global configuration mode, issue the following commands to configure NetFlow on the router ISP:

ISP(config)#interface fastethernet 0/1

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#interface serial 0/1/0

ISP(config-if)#ip flow ingress

ISP(config-if)#ip flow egress

ISP(config-if)#end

Step 7: Verify the NetFlow configuration

a. From the privileged EXEC mode on router ISP, issue the show ip flow interface command.

ISP#show ip flow interface

FastEthernet0/1

ip flow ingress

ip flow egress

Serial0/1/0

ip flow ingress

ip flow egress

Confirm that the output shown above is displayed. Troubleshoot your configuration if this output is not

displayed.

b. From the privileged EXEC mode, issue the following command to ensure that flow cache statistics are

reset:

ISP#clear ip flow stats

Step 8: Create network data traffic

Ideally, a range of network application data flows between the trusted extranet host PC2 and PC1 on the

FilmCompany LAN should be generated and captured. Generate as many of the data flows shown below as is possible in your lab. Your instructor will advise you of the particular applications that are available and to be used in this lab.

To simulate data traffic between the two PCs:

a. Ping between them.

b. Attempt to establish a Telnet session between the two PCs.

c. If you have rights, enable file sharing and copy a file in both directions between the two PCs.

Step 9: View the data flows

a. At the conclusion of the data flow, view the details by issuing the show ip cache verbose flow

command from privileged EXEC mode on each router.

FC-CPE-1#show ip cache verbose flow

FC-CPE-2#show ip cache verbose flow

ISP#show ip cache verbose flow

Router 1 – Output

FC-CPE-1#show ip cache verbose flow

IP packet size distribution (12 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .000 1.00 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

0 active, 4096 inactive, 12 added

192 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

0 active, 1024 inactive, 8 added, 8 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:03:38

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

UDP-DNS 2 0.0 1 70 0.0 0.0 15.7

UDP-other 10 0.0 1 87 0.0 0.0 15.5

Total: 12 0.0 1 84 0.0 0.0 15.5

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

FC-CPE-1#

Router 2 – Output

FC-CPE-2#show ip cache verbose flow

IP packet size distribution (5223 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .303 .030 .142 .031 .034 .001 .002 .001 .000 .000 .004 .000 .075 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .020 .351 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

9 active, 4087 inactive, 62 added

1970 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

0 active, 1024 inactive, 20 added, 20 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:04:31

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 18 0.0 3 45 0.2 3.6 10.9

TCP-other 4 0.0 1 40 0.0 0.0 15.5

UDP-DNS 2 0.0 1 70 0.0 0.0 15.4

UDP-other 22 0.0 1 53 0.0 0.0 15.3

ICMP 8 0.0 14 60 0.4 13.9 15.2

Total: 54 0.2 3 54 0.7 3.2 13.8

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

Fa0/1 0.0.0.0 Null 255.255.255.255 11 00 10 222

0044 /0 0 0043 /0 0 0.0.0.0 604 1356.9

Fa0/1 10.0.0.200 Se0/1/0 10.20.0.200 06 00 18 1368

01BD /0 0 06AA /0 0 0.0.0.0 970 184.9

Fa0/1 10.0.0.200 Se0/1/0* 10.20.0.200 06 00 18 1368

01BD /0 0 06AA /0 0 0.0.0.0 970 184.9

FFlags: 01

Se0/1/0 10.20.0.200 Fa0/0 172.17.1.1 11 00 10 5

0404 /0 0 0035 /0 0 0.0.0.0 62 4.3

Se0/1/0 10.20.0.200 Fa0/0* 172.17.1.1 11 00 10 5

0404 /0 0 0035 /0 0 0.0.0.0 62 4.3

FFlags: 01

Fa0/0 172.17.1.1 Se0/1/0* 10.20.0.200 11 00 10 5

0035 /0 0 0404 /0 0 0.0.0.0 62 4.3

FFlags: 01

Fa0/0 172.17.1.1 Se0/1/0 10.20.0.200 11 00 10 5

0035 /0 0 0404 /0 0 0.0.0.0 62 4.3

Se0/1/0 10.20.0.200 Fa0/1 10.0.0.200 06 00 18 1152

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

06AA /0 0 01BD /0 0 0.0.0.0 71 184.9

Se0/1/0 10.20.0.200 Fa0/1* 10.0.0.200 06 00 18 1210

06AA /0 0 01BD /0 0 0.0.0.0 71 194.7

FFlags: 01

Fa0/0 10.10.0.1 Null 224.0.0.9 11 C0 10 1

0208 /0 0 0208 /0 0 0.0.0.0 52 0.0

IPM: 0 0

FC-CPE-2#

Router 3 – Output

ISP#show ip cache verbose flow

IP packet size distribution (6724 total packets):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.000 .306 .029 .138 .031 .032 .001 .001 .001 .000 .000 .003 .000 .080 .001

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608

.000 .000 .000 .008 .362 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes

5 active, 4091 inactive, 54 added

1881 ager polls, 0 flow alloc failures

Active flows timeout in 30 minutes

Inactive flows timeout in 15 seconds

IP Sub Flow Cache, 21640 bytes

1 active, 1023 inactive, 12 added, 12 added to flow

0 alloc failures, 0 force free

1 chunk, 0 chunks added

last clearing of statistics 00:05:44

Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)

——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow

TCP-Telnet 18 0.0 3 45 0.1 3.6 10.7

TCP-other 4 0.0 1 40 0.0 0.0 15.7

UDP-DNS 4 0.0 3 63 0.0 2.1 15.5

UDP-other 16 0.0 1 77 0.0 0.0 15.4

ICMP 8 0.0 14 60 0.3 13.4 15.5

Total: 50 0.1 4 58 0.6 3.6 13.7

SrcIf SrcIPaddress DstIf DstIPaddress Pr TOS Flgs Pkts

Port Msk AS Port Msk AS NextHop B/Pk Active

Se0/1/0 10.0.0.200 Fa0/1 10.20.0.200 06 00 18 1794

01BD /0 0 06AA /0 0 0.0.0.0 989 245.1

Se0/1/0 10.0.0.200 Fa0/1* 10.20.0.200 06 00 18 1794

01BD /0 0 06AA /0 0 0.0.0.0 989 245.1

FFlags: 01

Fa0/1 10.20.0.200 Se0/1/0 10.0.0.200 06 00 18 1502

06AA /0 0 01BD /0 0 0.0.0.0 69 245.0

Fa0/1 10.20.0.200 Se0/1/0* 10.0.0.200 06 00 18 1502

06AA /0 0 01BD /0 0 0.0.0.0 69 245.0

FFlags: 01

ISP#

b. Examine the output and record the different data flows for each router.

c. Discuss and compare the data flows for each router. Particularly consider how these flows differ from

the previous Labs and the implications this has in understanding which network devices and

resources are used for particular flows.

Step 10: Clean up

Erase the configurations and reload the routers and switches. Disconnect and store the cabling. For PC hosts that are normally connected to other networks (such as the school LAN or to the Internet), reconnect the appropriate cabling and restore the TCP/IP settings.

Challenge

This lab simulates the flow of traffic to and from FilmCompany and from selected trusted partners and

customers. These data flows for a production network would be much more extensive and recorded over a greater period of time, perhaps a full working week. Additionally, remote access from trusted sites would most likely be established using VPNs (Virtual Private Networks) across the Internet or a WAN.

On the FilmCompany initial current network topology shown on the next page, add two trusted remote site

hosts attached to the “far” side of the cloud icon. Draw a circle that encloses the remote access links to the FilmCompany network and server. In this case study, initially the FilmCompany remote sites access its network across the Internet. One of the objects of this analysis is to establish the benefits of using a dedicated WAN link using Frame Relay for the stadium-based remote sites to access the FilmCompany network. Then, using the data flows recorded in this lab as a starting point, use different colors to mark on the diagram the different extranet data flows between the trusted remote hosts and devices on the FilmCompany network. Diagram traffic flows to and from selected trusted partners, customers, and vendors.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: