Shulou(Shulou.com)06/01 Report--

Return, come back with full of practical information.

Hello, everyone. I'm ginger beer.

You may be puzzled that since February this year, this often front-page online worker brother suddenly disappeared from 51cto, and the blog has not been updated. Didn't you, man, go to Mars with Elon Musk?

In fact, I need to explain to you that I have accomplished two great things in three months.

I wrote a column in 51cto: "Old driver Network Operation and maintenance Collection of practical Information", which covers routing, switching, security, QOS four module knowledge points, you are interested can poke this link for more information: https://blog.51cto.com/cloumn/detail/2. At present, the routing section of the column still needs to be updated, and other modules have been completed.

In the past three months, I have changed from a senior engineer to a chief design network officer, and there have been a lot of things. Plus you have to pretend when you just arrive in a new place, old Youtiao, you know.

Because of the above two things, I have been so busy recently that I have no time to update my blog.

After my official return today, I wanted to continue to update my previous data center series. But after thinking about it again and again, I just want to talk to you about my views on network operation and maintenance, and the starting point of writing this column. I also hope to share the views of network operation and maintenance with like-minded friends.

Network operation and maintenance staff are in pain and happy.

When you are attracted by the title of this article, especially the four words of network operation and maintenance.

I probably know that you are also a member of the network operation and maintenance colleagues, I believe you have a passion for network technology and the ultimate pursuit of technical details.

However, sometimes the real work and the pursuit of ideals are often far from being careful, and the daily network operation and maintenance work is not only tedious, but also the faults are all kinds of strange, people can not figure it out.

Not to mention capricious overtime, overnight adjustment, cutting and other operations.

But having fun in bitterness, when every fault is solved, the kind of satisfaction in your heart will always allow you to briefly forget the fatigue of your body and enjoy a moment of joy and serenity.

However, I went to the bottom of the well and asked a question. Do you think that when the problem is solved, it is thoroughly analyzed and solved at the root? Or did you find a workaround to deal with the problem temporarily?

Think about it carefully, in fact, the heart is mixed, you do not have to say, I also understand.

There are as many failures as there are stories 1: unfiltered route redistribution

Recently, after joining the new company as chief designer, I spent some time figuring out the company's network architecture. Listen to colleagues talk about previous failure cases, as well as solutions.

After hearing this, I couldn't help feeling funny, but I shuddered again.

A classic two-point two-way redistribution scenario. Both An and B redistribute the routes of MPLS and LAN to each other into the network at both ends. As a result, one day a route inside the LAN oscillates, and as a result, the route does not disappear. Instead, it leads to the three-layer loop of the whole network.

The final solution is to disconnect the backup link at point B. the problem is solved, but the B link has never been opened since then.

This is the so-called solution.

I think it's funny because it's obvious that this kind of redistribution must do route filtering on An and B, and never let the routes on both ends publish each other between points An and B.

While I shudder, I feel that such an important network node is actually running on a single point, and it will take time and effort to rework and modify it again in the future.

The most fundamental reason is that when something goes wrong, we fail to analyze the root cause of the problem and solve it. But ended hastily, waiting for the next hidden danger.

Story 2: a murder caused by a small switch

Is the above story a separate case?

The answer must be "no".

I don't know if you have ever experienced the panic of plugging in a new switch and flushing out the VLAN of the whole network.

Perhaps, when some inexperienced engineers receive numerous complaints, they are still puzzled about how to plug in a switch, how can it cause the network of other buildings hundreds of meters away to be down.

I believe that if he knew that after all the VLAN information of the whole network had disappeared, and if the VLAN database was never backed up, this accident would be an unforgettable lesson.

In view of the above problems, the solution of many friends is: prohibit all Cisco switches from using VTP protocol, and all VLAN is manually configured throughout the network.

Originally, the great convenience brought by VTP was completely lost because of the lack of a thorough understanding of the agreement.

Story 3:Port-channel kills the whole network.

A friend of mine told me that their configuration of Port-channel actually killed the whole network.

I said, the Port-channel should not be blamed on VTP, but he completely lay down the gun. In fact, he does not quite understand why the configuration of a simple Port-channel can actually spread the whole network, and how fragile the network has to be. Moreover, Port-channel has been configured countless times in its daily work, so why did it fall on it this time?

No, it must be the software bug problem, or some unexplained mysterious force?

Similarly, the root cause of the problem has not been clearly analyzed. Instead, the use of port-channel is banned throughout the network.

Story 4: the "streaking" network

I believe we all know what the computer "streaking" means, and what is the "streaking" network?

In my opinion, the network of streaking has two meanings.

First: this network does not have any security measures to speak of, malicious * * can come from internal or external, network equipment is very easy to fall.

Second: the purpose of the existence of the network is to transmit data packets, if the sent data packets can not reach the receiver as completely as possible, and the network equipment does not have any QoS protection measures to ensure the transmission of data packets, then this network device can also be called "streaking" network.

Especially the second point, the design and deployment of Qos requires high theoretical knowledge of engineers. If you have little knowledge of QoS, the problem of deployment Qos is even more serious than that of no deployment.

The story goes on.

Story 5: a firewall that is never secure

This title is interesting because it goes against common sense.

In theory, the firewall is deployed to strengthen network security, how to say that the firewall is not safe?

In fact, the firewall is safe, but it is the people who are not safe.

Think carefully about the daily operation and maintenance, there are often a lot of people who do not understand network technology to tell you what to do:

Who, why can't my network work?

Why can't you go to this website?

Why is the Internet speed so slow?

In the end, these non-IT people all come to the conclusion that there is something wrong with the firewall and they do not understand routing and switching. All I know is that the firewall is the chief culprit in blocking everything.

This pot is on the back of the firewall.

If there are people who take the blame, there must be people who unload the pot. As a result, the network operation and maintenance engineer becomes a bomb disposal expert, you need to carefully check the firewall security policy, routing, step by step troubleshooting to ensure that it is not the firewall problem.

How to check, what is the detailed working principle of the firewall and the packet processing flow? What is the logic of problem analysis? How to wait?

This kind of problem often bothers you and me.

Conclusion: we are only a layer of window paper from the truth.

In fact, there are many problems. If we take a little step forward, we can see the truth.

But many friends of operation and maintenance staff choose to step back and ask for the second place when they encounter strange problems, just cover up the problems, so why bother to move forward?

Perhaps the problem was covered up in a short time and was so-called "solved". But one day, the problem will be like a spark, making a comeback and burning the operation and maintenance staff on the outside.

Therefore, as an experienced person, I think it is necessary to share my daily experience in pursuing the root causes of problems for your reference.

More importantly, in addition to sharing experience, I hope to show you a way to deal with failures and problems through limited examples.

In daily operation and maintenance, it is impossible for you to apply the specific treatment of one fault to another, but the idea of fault analysis can be used repeatedly.

For this reason, I decided to write this column in the hope that what I have learned and thought can help and enlighten you.

This column introduces the network design ideas and some technical problems in operation and maintenance respectively through four typical technical modules: "Network routing", "Network switching", "Network Security" and "QoS". I believe that after you have read through each module, you will refresh your understanding of some knowledge.

The portal is as follows:

Collection of practical information of network operation and maintenance of veteran drivers

If you need to know other problems in daily operation and maintenance, please leave me a message. According to your feedback, I will continue to iterate over "Network Operation and maintenance practical Information Collection II" and "Network Operation and maintenance practical Information Collection III".

Similarly, if you find any mistakes, please correct them at any time.

Your support, my motivation.

Remember to go in and have a look.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.