Principles for Network Fault Diagnosis [transferred from www.cnitblog.com/wildon]

Principles of Network Fault Diagnosis

Network faults are manifested by some symptoms, including general symptoms (such as the user cannot access a server) and special ones (such as the router is not in the routing table ). You can use specific fault diagnostic tools and methods to find one or more Fault Causes for each symptom. The Troubleshooting mode is as follows:

Step 1: When analyzing network faults, you must first understand the fault phenomenon. The fault severity and potential causes should be described in detail. To this end, determine the specific fault phenomenon and then determine the type of the cause of the fault. For example, the host does not respond to customer requests. The possible causes are host configuration problems, Interface Card faults, or loss of router configuration commands.

Step 2: Collect information needed to help isolate possible causes of failure. Ask users, network administrators, managers, and other key personnel about faults. Collect useful information from network management systems, protocol analysis tracking, router diagnostic command output reports, or software manuals.

Step 3: Consider possible causes of faults based on collected information. Some fault causes can be ruled out according to relevant situations. For example, you can eliminate hardware faults based on some information and focus on the software causes. At any opportunity, efforts should be made to reduce the possible causes of faults, so as to plan an effective fault diagnosis plan as soon as possible.

Step 4: Create a diagnosis plan based on the possible cause of the fault. You can start to diagnose the fault with only one of the most likely causes, so that the fault can be easily restored to its original state. If you consider more than one fault source at a time, it is much more difficult to attempt to return the original fault status.

Step 5: Execute the Diagnosis Plan and carefully test and observe each step until the fault symptoms disappear.

Step 6: confirm the result for each parameter change. The analysis results determine whether the problem is resolved. If the problem persists, continue until the problem is resolved.

Layered Network Fault Diagnosis Technology

1. the physical layer and its diagnostic physical layer are the most basic layers in the OSI layered structure system. Based on the communication media, the physical interfaces of the system and the communication media are implemented to transparently transmit data link entities, provides services to establish, maintain, and remove physical connections between computers and networks. Physical Layer faults mainly occur when the physical connection mode of the device is correct, the connection cable is correct, and the configurations and operations of devices such as modem, CSU, and DSU are correct. The best way to determine whether the physical connection of a vro port is intact is to use the show interface command to check the status of each port, explain the screen output information, and view the port status, protocol establishment status, and EIA status.

2. The main task of the data link layer and its diagnostic data link layer is to ensure reliable transmission at the network layer without understanding the features of the physical layer. The data link layer provides packaging, package, error detection, and correction capabilities for data through the link layer, and coordinates shared media. Before data is exchanged at the data link layer, the Protocol focuses on frame formation and synchronization devices. To find and eliminate faults at the data link layer, You need to view the router configuration and check whether the connection port shares the encapsulation of the same data link layer. Each pair of interfaces must have the same encapsulation with other devices that communicate with them. Check the encapsulation of A vro by checking its configuration, or use the show command to view the encapsulation of the corresponding interface.

3. The network layer and its diagnostic network layer provide methods to establish, maintain, and release network layer connections, including route selection, traffic control, transmission validation, moderate disconnections, errors, and fault recovery. The basic method for troubleshooting network layer faults is to view the route table of the router along the path from the source to the target, and check the IP address of the router interface. If the route does not appear in the routing table, check whether a proper static route, default route, or dynamic route has been entered. Then manually configure some lost routes, or eliminate some faults in the dynamic routing selection process, including rip or IGRP routing protocol faults. For example, for IGRP routing selection information, data is exchanged only between systems with the same autonomous system number (AS) to check the matching of the autonomous system number configured by the router.

Router interface troubleshooting

1. When a connectivity problem occurs during serial port troubleshooting, to troubleshoot a serial port failure, the show interface serial command is generally used to analyze the report content on the screen and locate the problem. At the beginning of the serial port report, the interface status and line protocol status are provided.

The possible combinations of interfaces and line protocols are as follows: 1) serial port running and line protocol running, which are completely work conditions. The serial port and line protocol have been initialized and are switching protocol survival information. 2) serial port running and line protocol disabling. This display indicates that the router is connected to the device that provides the carrier detection signal, indicating that the carrier signal appears between the local and remote modem, however, the Protocol survival information at both ends of the connection is not correctly exchanged. Possible faults occur when the router is configured, modem Operation Problems, lease line interference or remote router failure, and Digital Modem clock problems, this report is reported if the two serial ports connected through the link are not in the same subnet. 3) Both the serial port and line protocol are closed, which may be due to line faults, cable faults, or modem faults of the Telecommunications Department. 4) management close and line protocol close of the serial port. In this case, the shutdown command is entered in the interface configuration. Run the no shutdown command to enable management shutdown. When both interfaces and line protocols are running, although the basic communication of the serial port link is established, however, many potential faults may still occur due to information packet loss and information packet errors. During normal communication, the interface input or output information package should not be lost, or the loss volume is very small and will not increase. If the loss of information packets increases regularly, the traffic transmitted through this interface exceeds the traffic that can be processed by the interface. The solution is to increase the line capacity. Find other information packages that were lost due to the original cause, and view the input and output in the output report of the show interface serial command to maintain the queue state. When the number of information packets in the keep queue reaches the maximum allowed value, the size of the keep queue settings can be increased.

2. Ethernet interface troubleshooting typical Ethernet interface faults are: over-utilization of bandwidth, frequent collision conflicts, and incompatible swap types. You can use the show interface Ethernet command to view the throughput, collision conflicts, packet loss, and Shard-type information of the interface. You can check the network utilization by checking the interface throughput. If the percentage of the network broadcast information package is high, the network performance starts to decline. The information package from the optical fiber network to the Ethernet segment may overwhelm the Ethernet port. When this happens on the Internet, you can use the optimization interface. That is, you can use the no IP route-Cache command on the Ethernet interface to disable fast conversion, adjust the slow-forward zone, and maintain the queue.

When the two interfaces attempt to transfer information to the ethernet cable at the same time, a collision occurs. Ethernet requires a small number of conflicts, and different network requirements are different. Generally, you should find the cause of the conflict three or five times per second. The cause of the collision is that the cables are too long, over-utilized, or "deaf" nodes. Ethernet cables should be considered in Physical Design and Management of Cable Laying systems. Over-standard cables may cause more conflicts. If the interface and line Protocol report the running status, and the node's physical connection is in good condition, but cannot communicate. The cause of the problem may also be that two nodes use an incompatible sequence type. The solution is to reconfigure and use the same category type. If two devices in the same network of different router types need to communicate with each other, you can use a sub-interface on the router interface and specify different encapsulation types for each sub-interface.

3. asynchronous communication port troubleshooting interconnection network operation, the task of asynchronous communication port is to provide users with reliable services, but it is also a fault-prone part. The main problem is that when the LAN-based traffic is transmitted through an asynchronous link, the amount of lost information packets is minimized.

The common external factors of asynchronous communication port faults are: poor performance of the dialing link, connection quality of the telephone network switch, and setting of the modem. Check the modem used at both ends of the link: there are not many problems connecting to the remote PC port modem, because the modem is usually initialized every time a new dial is generated, most communication programs can send appropriate setting strings before sending a dialing command. There are many problems connecting to the vro port. The Modem usually waits for a connection from the remote modem. Before the connection, the specified string is not received. If the modem loses its settings, you should use one method to initialize the remote modem. A simple method is to use a modem that can be configured through the front panel. Another method is to connect the modem to the asynchronous interface of the router, establish reverse telnet, and send the configuration command to configure the modem. The show interface async and show line commands are the most widely used tools for diagnosing asynchronous communication port faults. In the show interface async command output report, the only condition that the interface status report is closed is that the encapsulation type is not set for the interface. The line protocol status is displayed the same as that of the serial port. The show line command displays the interface receiving and transmission speed settings, and the EIA status. The show line command can be considered as an extension of the show interface async command.

The EIA signal and network status output by the show line command: nocts nodsr dtr rts: the modem is not connected to an asynchronous interface. CTS nodsr dtr rts: the modem and the asynchronous interface are normally connected, but the remote modem is not connected. Cts dsr dtr rts: Remote modem dial-up access and establish a connection. To determine the asynchronous communication port failure, perform the following steps: Check the cable line quality, check the modem parameter settings, and check the modem connection speed; check whether rxspeed and txspeed match the modem configuration. Use the show interface async command and the show line command to check the port communication status. Check the EIA Status display from the Report of the show line command; check interface encapsulation; check information package loss and buffer loss. Conclusion network faults are inevitable. After the network is built and run, network fault diagnosis is an important technical task of network management.

To do a good job in network operation management and Fault Diagnosis and improve the level of fault diagnosis, you must pay attention to the following issues: study network technology theories carefully; understand the network structure design, including network topology, device connection, system parameter settings, and software usage; understanding the normal running status of the network, collecting various statuses and reporting output parameters when the network is running normally; familiar with common diagnostic tools, accurately describe fault phenomena.
//////////////////////////////////////// //////////////
Summary
1. after talking a lot, it is actually "from the bottom up" (physical layer-> data link layer-> network layer) to find the cause for testing. Remember to develop a test plan and record it (to help restore)
2. For the router check, the author can see that it is a Cisco device, the command is not difficult to show anything, just do it when you forget the command? Just like show?
At the same time, Cisco also supports the abbreviation show int0. It will also understand that it is the abbreviation of show interface0.
3. It can be said that the network layer has the most common causes of faults. It is helpful to use some analysis tools. (sniffer's package does not understand that the Protocol is useless. ^_^)