CBT Nuggets introduced an online training course highlighting the most challenging issues facing admins configuring...
Cisco routers and switches.
People hope for the best, but they don't invest the time to know they have a truly fault-tolerant system.
Cisco Certified Internetwork Expert
The course, Cisco R&S Troubleshooting Mastery, covers some of the most common problems associated with understanding the vendor's routing and switching technologies, said Anthony Sequeira, a CBT Nuggets trainer and co-host of the course.
"We really sat down to determine the particular aspects of router and switch configuration that have notoriously plagued students and to identify the particular configuration problem that might exist and [how] to resolve it," Sequeira said, who, like co-host Keith Barker, is a Cisco Certified Internetwork Expert.
Issues range from WAN problems to Layer 3 routing, Sequeira said, but of all the challenges administrators face in configuring Cisco routers and switches, four in particular stand out: security policies, network management, network redundancy and change management. The fifth issue, a reluctance to adapt to or adopt new technologies, also colors configuration strategies, Sequeira said.
Fuzzy security policies cause problems
A lack of a cohesive security policy, Barker said, "is one of the biggest failures most companies make.
"A technician can easily configure a firewall or access control lists, but unless they know what's required by law or the corporation's C-level executives, that's probably the first major failure. It's not just our data on the network. It could be our customer's data flowing over it, so there are different requirements that have to be met. A clearly defined security policy is critical."
Network management, meanwhile, must become proactive rather than reactive, Sequeira said. "For a lot of organizations today, management is a reactive discipline; it needs to become proactive through the use of tools that will alert [organizations] long before there is a problem." Some companies that already have network performance monitoring tools in place don't adequately train engineers to use them, creating another level of confusion.
Network redundancy, more specifically engineering for fault tolerance, is another culprit, Barker said.
"It's not [a matter of] if the network will fail; it's a matter of when. So adding fault-tolerant technologies like Gateway Load Balancing Protocol or Hot Standby Router Protocol, these are critical to engineering the network for fault tolerance. But here's the kicker; what happens if one of these devices fails and they aren't using NetFlow or Simple Network Management Protocol? They could have a situation where you have a partial failure of the network. Their fault-tolerant systems kick in to the limit, but if they aren't aware they had a failure to begin with, they wouldn't know to repair the down half of their fault-tolerant solution. Integrating the feedback mechanism, knowing how to get the reporting on that, and having fault-tolerant systems working together are all part of the equation where people go wrong. People hope for the best, but they don't invest the time to know they have a truly fault-tolerant system."
Changes are going to come; document them
The lack of a strict and well-regulated change control policy also plagues networking teams, Barker said. "Think about it; a technician has administrative access to the network, then does a change that brings down a large portion of the network. At the end of the day, that causes a financial loss." The remedy: Have a firm policy dictating how change management works and who can authorize a change, and then have an easily accessible control system in place to govern any configuration modifications. In addition, "have a firm rollback procedure," Barker said.
Finally, fears about adopting new technologies is also causing companies to miss out on ways to improve their routing and switching performance. "Virtualization is a big area, but there are still some companies reluctant to deploy technologies like WLAN and Voice over IP," Sequeira said. "The key here is that it doesn't have to be a forklift upgrade or rip-and-replace. These things can start out with small pilots or prototypes and then [be] implemented in segments."
Videos in the 20-part course run from 12 minutes to 40 minutes and are available as part of CBT Nuggets' $99 per month subscription fee.