CompTIA Network+ Guide to Networks, Ninth Edition - Module 12 PDF
Document Details
Uploaded by UserReplaceableScholarship9254
Jill West
Tags
Summary
This document provides an overview of network performance and recovery strategies, including tools for collecting network data, and environmental monitoring. It also introduces various traffic monitoring tools and techniques.
Full Transcript
CompTIA Network+ Guide to Networks, Ninth Edition Module 12: Performance and Recovery Jill West, CompTIA Network+ Guide to Netw...
CompTIA Network+ Guide to Networks, Ninth Edition Module 12: Performance and Recovery Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Module Objectives By the end of this module, you should be able to: 1. Use appropriate tools to collect data about the network 2. Identify methods to optimize network performance 3. Identify best practices for incident response and disaster recovery Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Collect Network Data Network management refers to the assessment, monitoring, and maintenance of all network aspects Network management can include the following: Controlling user access to network resources Checking for hardware faults Ensuring optimized QoS (quality of service) for critical applications Maintaining records of network assets and software configurations Determining what time of day is best for upgrading a router, server, or application Goals Enhance efficiency and performance Prevent costly downtime and loss Predict problems before they occur Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Environmental Monitoring (1 of 3) It is essential to monitor the following environmental factors: Device, rack, or room temperature Device, rack, or room humidity, dew point, or barometric pressure Flooding as sensed by liquid detectors Smoke or fire Airflow Vibration Motion as sensed by security cameras Room lights on or off Room or rack doors open or closed Power (main or UPS voltage, battery level, outages, power consumption) Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Environmental Monitoring (2 of 3) Figure 12-1 Sensors feed data to the network monitor, which outputs information to dashboards and alerts or notifications Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Environmental Monitoring (3 of 3) Figure 12-4 Custom dashboards provide insights at a glance Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (1 of 10) A network monitor is a tool that continually monitors network traffic A protocol analyzer is a tool that can monitor traffic at a specific interface between a server or client and the network A network monitor can monitor traffic that a single device encounters, however, a protocol analyzer can monitor traffic patterns throughout a particular network Wireless monitoring – run monitoring software on a computer connected wirelessly to the network Port mirroring – all traffic sent to any port on a switch can be sent to a mirrored port In-line monitoring – install a device, called a network TAP (test access point) or packet sniffer, in line with network traffic Reporting – many devices can be configured to report their traffic and other statistics to a network monitor Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (2 of 10) Figure 12-5 Methods to monitor network traffic Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (3 of 10) All network monitoring tools can perform the following functions: Set the NIC to run in promiscuous mode to pass all traffic to the monitoring software Continuously monitor network traffic on a segment Capture network data transmitted on a segment Capture frames sent to or from a specific node Reproduce network conditions by transmitting a selected amount and type of data Generate statistics about network activity Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (4 of 10) A network monitor or protocol analyzer can use traffic analysis to identify the following: Runts Giants Jabber Ghosts Packet loss Discarded packets Interface resets Alerts might be transmitted by email or text via SMS (Short Message Service) or they can automatically prompt support ticket generation Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (5 of 10) Event Viewer in Windows On Windows-based computers, events are logged in an event log that can be viewed with the Event Viewer application Syslog Messages Syslog is a utility for generating, storing, and processing messages about events on Linux or UNIX The syslog standard addresses three primary components: event message format, event message transmission, and event message handling Syslog defines roles for each computer that participates in logging: Generator – the device that is monitored by a syslog-compatible application and issues event information Collector – the server that gathers event messages from generators Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (6 of 10) SNMP Communications Organizations often use enterprise-wide network management systems in which the following entities work together: NMS (network management system) – collects data from multiple managed devices at regular intervals in a process called polling Managed device – any network node monitored by the NMS Network management agent – software routine that collects information about device’s operation and provides it to the NMS MIB (Management Information Base) – the list of objects managed by the NMS, as well as the descriptions of these objects ▶ The MIB is designed in a top-down, hierarchical tree structure Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (7 of 10) Figure 12-12 Network management architecture Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (8 of 10) Most agents use SNMP (Simple Network Management Protocol) SNMP is part of TCP/IP suite Three versions of SNMP include the following: SNMPv1 is the original version and is rarely used today SNMPv2 improved on SNMPv1 with increased performance and slightly better security SNMPv3 is similar to SNMPv2 and adds authentication, validation, and encryption for messages exchanged between managed devices and the network management console Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (9 of 10) Figure 12-14 Most SNMP conversations are initiated by the NMS server, except when a managed device sends an SNMP Trap message Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Traffic Monitoring Tools (10 of 10) NetFlow NetFlow is a proprietary traffic monitoring protocol from Cisco that tracks all IP traffic crossing any interface where NetFlow is enabled A NetFlow analyzer, or NetFlow collector, collates flow records from throughout the network to provide insights into traffic patterns A NetFlow analyzer can be hardware-based or software-based A significant challenge with NetFlow is determining the optimal balance between tracking all traffic and tracking enough traffic to sufficiently observe network behavior Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 2-1 Which of the following is not defined by syslog? a. Message transmission b. Message format c. Message handling d. Message security Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 2-1: Answer Which of the following is not defined by syslog? Answer: d. Message security The syslog standard addresses three primary components, including event message format, event message transmission, and event message handling. Syslog does not define or require message security. Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Performance Baselines (1 of 2) A baseline is a report of the network’s normal state of operation and might include a range of acceptable measurements Network performance baselines are obtained by analyzing network traffic information and might include the following: Network backbone utilization rate Number of users logged on per day or per hour Number of protocols running on network Error statistics Runts, jabbers, or giants Frequency of application use Bandwidth usage Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Performance Baselines (2 of 2) Baseline measurements serve as a basis of comparison for future performance increases or decreases caused by network changes with past network performance Most critical network, user functions More data provides more accuracy Several software applications can perform baselining This software ranges from freeware to expensive, customizable hardware and software Common performance KPIs (key performance indicators) include the following: Device availability and performance Interface statistics Utilization Error rate Packet drops Jitter Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Bandwidth Management Bandwidth management refers to a collection of strategies to optimize the volume of traffic a network can support These techniques might include any of the following technologies: Flow control – configure interfaces and protocols to balance permitted traffic volume with a device’s capability of handling that traffic Congestion control – adjust the way network devices respond to indications of network performance issues caused by traffic congestion so they don’t make the problem worse QoS (quality of service) – prioritize some traffic over other traffic so the most important traffic gets through even during times of congestion Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Flow Control (1 of 3) Flow control is a bandwidth management technique configured on a local connection between two devices The purpose is to ensure the receiver is not overwhelmed with the rate of data transmission Common-approaches of flow control include the following: Stop-and-wait method Go-back-n sliding window method Selective repeat sliding window method Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Flow Control (2 of 3) Figure 12-18 Go-back-n sliding window method Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Flow Control (3 of 3) Figure 12-19 Selective repeat sliding window method Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Congestion Control (1 of 2) Congestion control techniques are designed to prevent congestion before it occurs (called open-loop congestion control) and also to remedy congestion after it starts (called closed- loop congestion control) Open-loop congestion techniques include the following: Retransmission policy – retransmission timers help reduce increasing congestion Window policy – senders might be required to use the selective repeat sliding window method to reduce the number of frames that must be present Acknowledgement policy – receivers can be required to send a single ACK message for multiple received frames Discarding policy – less sensitive frames are discarded so important traffic can survive the congestion Admission policy – routers and switches can temporarily reject new traffic that will contribute to or create congestion rather than admitting that new traffic onto the network Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Congestion Control (2 of 2) Closed-loop congestion techniques include the following: Implicit signaling – a sending device detects congestion on the network after experiencing several missed acknowledgement messages Explicit signaling – a congested networking device alters existing data packets to indicate to either the sender or the receiver that the network is congested Choke packet – a router experiencing congestion creates and sends a choke packet to the traffic source, informing it of the congestion so the sender can reduce its rate of transmission Backpressure – a node downstream from sender to receiver stops accepting traffic, which transfers the pressure of congestion upstream toward the source Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. QoS (Quality of Service) Assurance (1 of 6) Voice and video transmissions are considered delay-sensitive Voice and video are considered loss-tolerant Preventing delays, disorder, and distortion requires more dedicated bandwidth QoS is a group of techniques for adjusting the priority a network assigns to various types of transmissions Optimized QoS translates into uninterrupted, accurate, faithful reproduction of audio or visual input Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. QoS (Quality of Service) Assurance (2 of 6) Traffic shaping (packet shaping) involves manipulating packets, data stream, or connections to manage the type and amount of traffic traversing network or interface Traffic shaping goals include the following: Assure timely delivery of most important traffic Offer best possible performance for all users Traffic shaping can involve: Delaying less important traffic, which is called buffering Increasing priority of more important traffic Limiting traffic volume flowing in and out of interface during specified time period Limiting momentary throughput rate for an interface Last two techniques above are known as traffic policing Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. QoS (Quality of Service) Assurance (3 of 6) Figure 12-20 Traffic volume before and after applying limits Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. QoS (Quality of Service) Assurance (4 of 6) Several types of traffic prioritization exist where more important traffic is treated preferentially Prioritizing traffic can be accomplished using any of the following characteristics: Protocol IP address User group DiffServ (Differentiated Services) flag in an IP packet VLAN tag in Data Link layer frame Service or application Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. QoS (Quality of Service) Assurance (5 of 6) DiffServ (Differentiated Services) is a simple technique that addresses QoS issues through traffic prioritization at Layer 3 DiffServ considers all network traffic, not just the time-sensitive services Can assign different streams different priorities To prioritize traffic, DiffServ places information in the DiffServ field of an IPv4 packet The first 6 bits of this field are called DSCP (Differentiated Services Code Point) In IPv6 packets, DiffServ uses a similar field known as the Traffic Class field DiffServ defines two forwarding types: EF (Expedited Forwarding) – a data stream is assigned a minimum departure rate AF (Assured Forwarding) – data streams are assigned different router resource levels Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. QoS (Quality of Service) Assurance (6 of 6) CoS (Class of Service) refers to techniques performed at layer 2 on Ethernet frames CoS is most often used to route Ethernet traffic between VLANs Priority Code Point (PCP) is a 3-bit field in the frame header of a frame that has been tagged (addressed to a specific VLAN) CoS sets these bits to one of eight levels ranging from 0 to 7 A network’s connectivity devices and clients must support the same set of protocols to achieve their QoS benefits Networks can combine multiple QoS techniques Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Plan Response and Recovery Strategies Disasters and security breaches do happen Training and preparation can make all the difference in your company’s ability to respond and adapt to these situations An incident is any event that has adverse effects on a network’s availability or resources Could be a security breach, infection, or an environmental issue A disaster is an extreme type of incident involving a network outage that affects more than a single system Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Incident Response Incident response plans specifically define the characteristics of an event that qualifies as a formal incident and the steps that should be followed A six-stage process (actually begins before the incident occurs): Step 1: Preparation Step 2: Detection and identification Step 3: Containment Step 4: Remediation Step 5: Recovery Step 6: Review Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Data Preservation Steps to take in order to safeguard sensitive information, logged data, or other legal evidence until the first responder or incident response team can take over: 1. Secure the area 2. Document the scene 3. Monitor evidence and data collection 4. Protect the chain of custody 5. Monitor transport of data and equipment 6. Create a report Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Disaster Recovery Planning Business continuity is the ability of a company to continue doing business with the least amount of interruption as possible A disaster recovery plan details the processes for restoring critical functionality and data after an outage A disaster recovery plan should include the following: Contact names and phone numbers for emergency coordinators Details on which data and servers are being backed up, how frequently backups occur, where backups are kept, and how backed-up data can be recovered in full Details on network topology, redundancy, and agreements with national service carriers Regular strategies for testing the disaster recovery plan A plan for managing the crisis Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Disaster Recovery Contingencies Disaster recovery contingencies are commonly divided into three categories: Cold site – components necessary to rebuild the network exist, but they are not appropriately configured, updated, or connected Warm site – components necessary to rebuild the network exist, with some appropriately configured, updated, and connected Hot site – components necessary to rebuild the network exist and match the network’s current state They are all appropriately configured, updated, and connected DRaaS (disaster recovery as a service) provides a highly scalable, inexpensive DR option by establishing a cloud configuration that could take over many or most business processes in the event of a disaster Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Power Management (1 of 5) Part of managing a network involves managing power sources to account for outages and fluctuations Power surges can cause serious damage to sensitive computer equipment Arm yourself with an understanding of: The nature of an electric circuit Electrical components that manage electricity Power flaws that can damage your equipment: Surge – momentary increase in voltage due to lightning strikes, solar flares, or electrical problems Noise – fluctuation in voltage levels caused by other devices on the network or EMI Brownout – momentary decrease in voltage; also known as a sag Blackout – complete power loss Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Power Management (2 of 5) A PDU (power distribution unit) might be attached to a nearby wall, the outside of a rack, or within a rack to connect the rack’s equipment with a power source A UPS (Uninterruptible Power Supply) is a battery-operated power source directly attached to devices and to a power supply It prevents undesired fluctuations of power from harming the device or interrupting its services UPSs are classified into two general categories, as follows: Standby UPS (standby power supply) – provides continuous voltage to a device by switching to the battery when it detects a loss of power from the wall outlet Online UPS – uses the AC power from the wall outlet to continuously charge its battery, while providing power to the device through its battery Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Power Management (3 of 5) Figure 12-25 Install this PDU on a rack and plug into a UPS Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Power Management (4 of 5) Figure 12-26 Standby UPS vs. online UPS Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Power Management (5 of 5) To decide which UPS is right for your network, consider the following: Amount of power needed Required time to keep a device running Line conditioning Cost A generator serves as a backup power source, providing power redundancy in the event of a total blackout They can be powered by diesel, liquid propane gas, natural gas, or steam Generators can be combined with large UPSs to ensure that clean power is always available If an organization relies on a generator, fuel levels and quality should be checked regularly Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Backup Systems (1 of 2) A backup is a copy of data or program files created for archiving or safekeeping When creating a backup system, keep in mind: Decide what to back up Select backup methods (consider cloud backups) Decide what types of backup will be made regularly Decide how often backups are needed Develop a backup schedule Regularly verify backups are being performed Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Backup Systems (2 of 2) The 3-2-1-1 Rule defines the following backup principles: 3 – Keep at least three complete copies of the data 2 – Save backups on at least two different media types 1 – Store at least one backup copy offsite 1 – Ensure that at least one backup copy is stored offline When designing contingency plans and choosing backup options, factors that will affect your decisions include the following: RTO (recovery time objective) – the time your network can reasonably tolerate an outage RPO (recovery point objective) – the amount of historical data you’ll need to be able to restore from backup in response to an outage Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 2-2 Which power device prevents a critical server from losing power, even for an instant? a. Surge protector b. Generator c. PDU d. UPS Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Knowledge Check Activity 2-2: Answer Which power device prevents a critical server from losing power, even for an instant? Answer: d. UPS Because the server never needs to switch from the wall outlet’s power to the UPS’s power, there is no risk of briefly losing service Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part. Summary Now that the lesson has ended, you should be able to: Use appropriate tools to collect data about the network Identify methods to optimize network performance Identify best practices for incident response and disaster recovery Jill West, CompTIA Network+ Guide to Networks, 9th Edition. © 2022 Cengage. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
