Router/Network Upkeep

Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Greetings All:

I would like to know what are best practices for router/switch/network upkeep. I am trying to see what preventive measures are best for keeping the network in tip top shape. Any suggestions anyone?

Comments

  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Just maintaining a proper topology diagram of the network and utilizing segmentation is usually enough for me. The core and distribution should rarely change so once you have those zones optimized you just have to monitor bandwidth. Most changes occur at the edge so that's where upkeep usually happens depending on the level of switch security you're using and the number of adds, moves, and changes you make.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • hypnotoadhypnotoad Banned Posts: 915
    Although not part of the network (unless you are part of the network) but don't get caught with your pants down when it comes to things like screwdrivers, flash lights, cable toner, crimper, console cable, power cable, power strip, management software, os/app media, etc...
  • rsuttonrsutton Member Posts: 1,029 ■■■■■□□□□□
    I have all of my switches/routers being monitored by my SNMP server (Cacti) so I am alerted when certain utilization thresholds are met.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    rsutton wrote: »
    I have all of my switches/routers being monitored by my SNMP server (Cacti) so I am alerted when certain utilization thresholds are met.

    +1 on some kind of SNMP trap collector. Syslog is also a must in a large network.

    We also have scripts that run every night that backup configs, check the configuration of interfaces, ACLs, CPU, memory etc. to make sure nothing has been altered. You never know what those crazy techs are doing out there on the network during the day. We have ran into a lot of instances where CEF is disabled on interfaces after changes are made so we have script that checks that every night. We have a couple guys that are pretty good at scripting so any need that arises they can either write a new one or modify a current one to check things. I think the last one we came up with was to check duplex settings on all the ethernet interfaces and send a report for anything running in half. Scripting is definitely something I'd like to work on so that I can come up with somethings on my own and not rely on things written by others.
    An expert is a man who has made all the mistakes which can be made.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    +1 on some kind of SNMP trap collector. Syslog is also a must in a large network.

    We also have scripts that run every night that backup configs, check the configuration of interfaces, ACLs, CPU, memory etc. to make sure nothing has been altered. You never know what those crazy techs are doing out there on the network during the day. We have ran into a lot of instances where CEF is disabled on interfaces after changes are made so we have script that checks that every night. We have a couple guys that are pretty good at scripting so any need that arises they can either write a new one or modify a current one to check things. I think the last one we came up with was to check duplex settings on all the ethernet interfaces and send a report for anything running in half. Scripting is definitely something I'd like to work on so that I can come up with somethings on my own and not rely on things written by others.

    We use EM7 for all of these purposes. I wish that I could get more involve with the configs however (right now they only let me do show/basic troubleshooting commands, icon_sad.gif). However since they want CCXP level work (expecially CCSP and CCVP) I may need to think about IDS/IPS upkeep and monitoring as well. As it stands right now I do have access to some pix and asas but I haven't had to do anything with them yet. It is only day 2 icon_wink.gif.
  • Paul BozPaul Boz Member Posts: 2,620 ■■■■■■■■□□
    Learn the ASA and IDS/IPS hardware and get the CCSP. Network engineers who specialize in security are worth quite a lot and it is difficult for most people to get hands-on experience managing these types of devices. The CCSP is in my immediate future's plans for these reasons.
    CCNP | CCIP | CCDP | CCNA, CCDA
    CCNA Security | GSEC |GCFW | GCIH | GCIA
    pbosworth@gmail.com
    http://twitter.com/paul_bosworth
    Blog: http://www.infosiege.net/
  • networker050184networker050184 Mod Posts: 11,962 Mod
    The NOC and capacity groups use Vital Net and a crap load of other systems for monitoring. We just use the scripts and syslog for our own sake to make our jobs easier.
    An expert is a man who has made all the mistakes which can be made.
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    The NOC and capacity groups use Vital Net and a crap load of other systems for monitoring. We just use the scripts and syslog for our own sake to make our jobs easier.

    I personally think that EM7 looks sloppy but since it monitors so much (about 100,000 ports) on many different types of devices, it seems to do its job.
Sign In or Register to comment.