Module 10: Intermediate TCP/IP / Overview

Module 10: Intermediate TCP/IP

Overview

Routers use the IP address information in an IP packet header to determine the interface to which a packet should be switched based on its destination. Since IP does not ensure that the packet reaches the destination, it is described as an unreliable, connectionless protocol, that uses best-effort delivery. If packets are dropped in route, arrive in the wrong order, or are transmitted faster than the receiver can accept them, IP alone cannot correct the problem. To address these problems, IP relies on TCP. This module describes TCP and its functions and introduces UDP, another important Layer 4 protocol.
Each layer within the OSI reference model has various functions. These functions are independent of the other layers. Each layer expects to receive services from the layer beneath it, and each layer provides certain services to the layer above it. The application, presentation, and session layers of the OSI model, which are all considered to be part of the application layer in the TCP/IP model, access the services of the transport layer through logical entities called ports. This module will introduce the concept of ports and will explain the critical importance of ports and port numbers in data networking.
This module covers some of the objectives for the CCNA 640-801, INTRO 640-821, and ICND 640-811 exams. - 
Students who complete this module should be able to perform the following tasks: 

• Describe TCP and its functions
• Describe TCP synchronization and flow control
• Describe UDP operation and processes
• Identify common port numbers
• Describe multiple conversations between hosts
• Identify ports used for services and clients
• Describe port numbering and well known ports

Understand the differences and the relationship between MAC addresses, IP addresses, and port numbers 

Module 9: Summary

Summary
The show ip route command is used to gather detailed information about the routes installed on the router. It displays the contents of the IP routing table. New routes may be added with static routing, which allows an administrator to manually define routes, or with dynamic routing, which uses the rules defined by a routing protocol to exchange information and determine the best path.
Default routes are used when the router is unable to match a destination network with a more specific entry in the routing table. The router uses this default route to reach the gateway of last resort in an effort to forward the packet.
The path determination function occurs at the network layer of the OSI model. It enables a router to evaluate the available paths to a destination and to establish the preferred handling of a packet. This information is configured manually or collected dynamically. The administrative distance of the route is used by the router to decide what the best path is to a particular destination. The administrative distance is a number that measures the trustworthiness of the source of the route information. Lower administrative distances indicate more trustworthy sources.
To determine the best route to a destination, routing protocols use a value that measures the desirability of a route called a metric. The metric is usually determined by factors such as hop count, bandwidth, delay, load, reliability, and cost. Typically, the smaller the metric number, the better the path.
Troubleshooting should be an orderly process based on the networking standards set in place by an administrator. Documentation is an important part of the troubleshooting process. Indicator lights are a useful tool for troubleshooting at Layer 1. At Layer 3, ping is used to test network connectivity. Telnet connections are used to verify the application layer software between a source and a destination.
The show interfaces command shows the status of two important portions of the interfaces. They are the physical or hardware portion and logical or software portion. These can be related to the Layer 1 and the Layer 2 functions. If the interface is up and the line protocol is down, a Layer 2 problem exists. If the physical layer is properly functioning, then all other directly connected Cisco devices should be displayed. If no known device appears, a Layer 1 problem likely exists.
To debug connectivity issues, the show cdp neighbors command is used to display information about directly connected neighbors. Use the traceroute command to trace the routes that packets take to destinations. This command can be used to test the network layer at each hop and provide performance benchmarks.
To verify the routing protocol configuration, use the show ip protocols and show ip route commands. These commands display information about routing protocols and the routing table. To determine the type of cable connected without inspecting the cables, use the show controllers command.
The debug command is used to display dynamic data and events. Since the show commands only display static information, they provide a historical picture of the router operation. The debug command output gives more insight to the current events of the router.

Introduction to debug

Introduction to debug 
9.3.7 This page will explain the functions of the debug command.
The debug commands assist in the isolation of protocol and configuration problems. The debug command is used to display dynamic data and events. Since the show commands only display static information, they provide a historical picture of the router operation. The debug command output gives more insight into the current events of the router. These events could be traffic on an interface, error messages generated by nodes on the network, protocol-specific diagnostic packets, and other useful troubleshooting data. The dynamic output of the debug command creates performance issues. This command produces high processor overhead that may disrupt normal router operation. For this reason, debug should be used conservatively. Use debug commands to examine specific types of traffic or problems after likely problems have been narrowed a few causes. The debug command should be used to isolate problems and not to monitor normal network operation.

WARNING: The debug all command should be used sparingly as this can disrupt router operations.

By default, the router sends the debug output and system messages to the console. If a Telnet session is used to examine the router, then the debug output and system messages can be redirected to the remote terminal. This is done through the Telnet session with the terminal monitor command. Use extra caution when the debug commands are selected from a Telnet session. No command should be selected that will cause the debug output to create additional traffic that creates debug output. If this occurs, the Telnet session will rapidly saturate the link with traffic or the router will exhaust one or more resources. A good rule to follow to prevent this recursion of traffic is to never debug any activity on the port where the session is established.
The output of the different debug commands varies. Some may frequently generate many lines while others produce a line or two of output every few minutes.  
Another IOS software service that will enhance the usefulness of the debug output is the timestamps command. This command will put a timestamp on a debug message. This information provides the time when the debug event occurred and the duration of time between events.
This is often very useful when troubleshooting intermittent problems. By time stamping the output, a pattern of occurrence is often recognized. This helps to isolate the source of the problem. This also prevents the technician from intently watching the debug output for what may seem like hours.
The following command configures a timestamp that will show the hour:minute:second of the output, the amount of time since the router was last powered up, or when a reload command was executed:

GAD(config)#service timestamps debug uptime

The output from this is useful to determine the time between events. To determine how long since the last occurrence of the debug event, the time since the last reload has to be used as a reference. This time can be found with the show version command.
A more practical use of the timestamps is to have it display the time and date that the event occurred. This will simplify the process of determining the last occurrence of the debug event. This is done using the datetime option:

GAD(config)#service timestamps debug datetime localtime

It should be noted that this command is only useful if the clock is set on the router. Otherwise, the timestamp shown in the debug output is not an accurate time. To ensure that the timestamps are correct, the router clock should be set to the correct time from privileged EXEC mode with the following command:

GAD#clock set 15:46:00 3 May 2004

Note: On some Cisco platforms, the router clock is not backed up with a battery source, so the system time will need to be reset after a router reload or power failure.

The no debug all and undebug all commands turn off all diagnostic output. To disable a particular debug command, use the no form of the command. For example, if the debug ip rip command is used to monitor RIP, it can be disabled with no debug ip rip. To view what is currently being examined by a debug command, use show debugging.
The Lab Activity will help students become more familiar with the debug command.
This page concludes this lesson. The next page will summarize the main points from this module

Troubleshooting using show controllers

Troubleshooting using show controllers 
9.3.6 

This page will teach students about troubleshooting using the show controllers command. Router configuration and troubleshooting can be performed remotely when physical inspection of the connections is not possible. The show controllers command is useful to determine the type of cable connected without inspecting the cables.  The output displayed by the show controllers command indicates the type of cable detected by the controller. This is useful for finding a serial interface with no cable, the wrong type of cable, or a defective cable. The show controllers serial 0/0 command queries the integrated circuit, or controller chip, that controls the serial interfaces and displays information about the physical interface serial 0/0. This output varies for different controller chips. Regardless of the controller chip type, the show controllers command produces a large amount of output. Other than the cable type, most of this output is internal technical detail about the controller chip status. Without specific knowledge of the integrated circuit, this information is of little use. The Lab Activity will show students how to troubleshoot with the show controllers command. The Interactive Media Activity will help students link network problems to the corresponding layer of the OSI model. The next page will introduce the debug command.

Troubleshooting routing issues

Troubleshooting routing issues 
9.3.5 This page will describe the show ip protocols and show ip route commands. These commands display information about routing protocols and the routing table. The output from these commands can be used to verify the routing protocol configuration.

The show ip route command may be the most important command used to troubleshoot routing issues. This command displays the contents of the IP routing table. The output from the show ip route command shows the entries for all known networks and subnetworks, and how that information was learned. 

If there is a problem reaching a host in a particular network, then the output of the show ip route command can be used to verify that the router has a route to that network.

If the output of the show ip route command does not show the expected learned routes, or any learned routes, then the problem may be that routing information has not been exchanged. In this case, use the show ip protocols command on the router to check for a routing protocol configuration error.

The show ip protocols command displays values about IP routing protocol information on the entire router. This command can be used to confirm which protocols are configured, which networks are being advertised, which interfaces are sending updates, and the sources of routing updates. The show ip protocols output also shows timers, filters, route summarization, route redistribution, and other parameters that are specific to each routing protocol that is enabled on the router. When multiple routing protocols are configured, the information about each protocol is listed in a separate section. 

The show ip protocols command output can be used to diagnose many routing issues. For example, it can be used to identify a router that may advertise incorrect routing information. This command may be used to confirm that expected protocols, advertised networks, and routing neighbors are present. It is important to have documentation that indicates the expected results, or baseline information, when a problem occurs. It may be impossible to identify the problem without such documentation.

The Lab Activity will teach students how to use the show ip route and show ip protocols command.

The next page will discuss the show controllers serial command.

Troubleshooting using show cdp / traceroute

Troubleshooting using show cdp 
9.3.3 This page will explain the functions of the show cdp command.
CDP advertises device information to its direct neighbors. This includes MAC and IP addresses and outgoing interfaces.
The output from the show cdp neighbors command displays information about directly connected Cisco device neighbors. This information is useful for debugging connectivity issues. If a cabling problem is suspected, enable the interfaces with the no shutdown command and then execute the show cdp neighbors detail command before any other configuration. The command displays specific device detail such as the active interfaces, the port ID, and the device. The version of Cisco IOS that is running on the remote devices is also shown.
If the physical layer functions properly, then all other directly connected Cisco devices should be displayed. If no known device appears, this usually indicates a Layer 1 problem.
One area of concern with CDP is security. The amount of information CDP provides is so extensive that it can be a potential security hole. For security reasons CDP should be configured only on links between Cisco devices and disabled on user ports or links that are not locally managed.
In the Lab Activity, students will use the show cdp command to learn about network devices.
The next page will discuss the traceroute command.

Troubleshooting using show traceroute

9.3.4  This page will describe the functions of the traceroute command.

The traceroute command is often referred to as the trace command in reference materials. However, the correct command syntax is traceroute. The traceroute command displays the routes that packets take to their destinations. The traceroute command can also be used to test each hop at the network layer and provide performance benchmarks.

The output of the traceroute command generates a list of hops that were successfully reached.  If the data successfully reaches the intended destination, then the output indicates every router that the datagram passes through. This output can be captured and used for future troubleshooting of the internetwork.

Traceroute output will also indicate the specific hop at which the failure occurs. A line of output is generated on the terminal for each router in the path. This indicates the IP address of the interface that the data entered. If an asterisk (*) appears, the packet failed. To isolate the problem area, obtain the last good hop from the traceroute output and compare it to a diagram of the internetwork.

The traceroute command also provides information about the performance of links. The round trip time (RTT) is the time required to send an echo packet and get a response. This is useful for an approximate idea of the delay on the link. These figures are not precise enough to be used for an accurate performance evaluation. However, this output can be captured and used for future performance troubleshooting of the internetwork.

Notice that the device receiving the traceroute also has to know how to send the reply back to the source of the traceroute. For the traceroute or ping data to make the round trip between routers, there must be known routes in both directions. A failed response is not always an indication of a problem because ICMP messages could be rate-limited or filtered at the host site. This is especially true across the Internet.

Traceroute sends out a sequence of User Datagram Protocol (UDP) datagrams from the router to an invalid port address on the remote host. For the first sequence of three datagrams, a TTL field value is set to 1. The TTL value of 1 causes the datagram to time out at the first router in the path. This router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.

Three more UDP messages are now sent, this time with the TTL value set to 2. This causes the second router to return ICMP TEMs. This process continues until the packets actually reach the other destination or the maximum TTL has been reached. The default maximum TTL for traceroute is 30.

Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned instead of ICMP TEMs. This indicates an unreachable port and signals the Traceroute program to end the process.

The Lab Activity will help students become more familiar with the traceroute command.

The next page will discuss some other commands that are used to troubleshoot routing issues.

Troubleshooting Layer 2 using show interfaces

Troubleshooting Layer 2 using show interfaces 
9.3.2 This page will further explain why the show interfaces command may be the most important tool to discover Layer 1 and Layer 2 problems with the router. The first parameter, which is line, refers to the physical layer. The second parameter, which is protocol, indicates if the IOS processes that control the line protocol consider the interface usable. This is determined by whether keepalives are successfully received. Keepalives are defined as messages sent by one network device to inform another network device that the virtual circuit between the two is still active. If the interface misses three consecutive keepalives, the line protocol is marked as down.
When the line is down, the protocol is always down, because there is no useable media for the Layer 2 protocol. This will be true when the interface is down due to a hardware problem and when it is administratively down.
If the interface is up and the line protocol is down, a Layer 2 problem exists. Possible causes are as follows:

• No keepalives
• No clock rate
• Mismatch in encapsulation type

The show interfaces command should be used after configuring a serial interface to verify the changes and that the interface is operational.
The Interactive Media activity will help students understand the show interfaces command.
The next page will discuss the show cdp command