CNE Network Assessment

Overview

The purpose of the network assessment is to measure, analyze, and document network functionality and performance. Areas of assessment include:

  • Local Area Network (wired and wireless)
  • Wide Area Network
  • TCP/IP, DNS/DHCP, and other network protocols
  • Operations support systems
  • Security

The network assessment team will employ protocol analyzers and performance monitoring tools to gather network performance data for the client LAN and WAN. In addition, configuration and general network health data for all relevant network devices will be collected using the appropriate GUI and/or CLI. The techniques employed include:

  • Physical-layer analysis: Perform an automated network discovery and develop and/or verify network map. Examine data captured by protocol analyzers and identify physical errors related to networking devices.
  • Network design and configuration analysis: Collect device configuration information. Compare design and configuration data against best practices.
  • Network utilization analysis: Examine network utilization for WAN and Internet access connections.
  • Network throughput analysis: Measure actual data transfer rates for WAN and Internet access connections and compare against expected results.
  • End-to-end performance analysis: Measure network latency across the network. Examine data retransmission rates and the route/path of packets through the network.
  • Security vulnerability analysis: High level security assessment to include switch and interface security as well as VLAN security (e.g. student access versus staff access). Assessment scans and credentialed scans can be included in the assessment pending client approval. Credentialed scans allow access to systems and selected end-user devices to enumerate services, applications, and patch levels.

The information collected during the assessment will be analyzed, compared against best practices, and incorporated into an assessment final report. Approximately 2 to 4 weeks after the on-site visit, the final report will be distributed to the client for review and discussion.

Schedule

The network assessment will take place over a period of 4-6 weeks and will occur in several steps. The steps are defined as follows:

  1. Conduct pre-assessment conference call
    1. Review known problems
    2. Define the scope of the network assessment – determine the network components to be included in the assessment.
    3. Client technical personnel compile and/or develop network documentation and forward to network assessment team
  2. Develop assessment plan
    1. Identify network devices for which configuration and general network health data will be collected
    2. Identify network segments to be monitored and appropriate monitoring points
    3. Configure network probes for network monitoring
  3. Site Visit
    1. Install network probes and initiate data collection, and collect required configuration and network health data
    2. Perform physical-layer testing
    3. Perform security vulnerability testing if requested
  4. Retrieve network probes and associated data
  5. Analyze data and develop assessment report
    1. Develop assessment report including a corrective action plan if appropriate
  6. Conduct conference call or on-site meeting to review assessment report

Data Collection

Network Documentation

Immediately following the pre-assessment conference call, the client representative should provide the following to the network assessment team:

  • Current network diagrams of the client LAN and WAN
  • IP addresses for all network devices including switches, routers, and network servers

Site Visit Data Collection

During the site visit, the SolarWinds LANsurveyor network discovery tool will be used to map the client network. Network sniffer tools will be employed to perform a physical layer analysis. A sample visual inspection of the data communications cabling infrastructure will also be performed to help assess the quality of the physical infrastructure.

Performance data for the client LAN and WAN will be collected by MCNC personnel using network probes installed on the client network. Performance monitoring applications installed on the network probes may include:

  • Cacti to gather SNMP-accessible data for all core network switch and router interfaces including utilization and errors
  • Smokeping to gather latency data for all WAN links
  • ntop to characterize network traffic
  • Nessus for vulnerability scan
  • Network Diagnostic Tool (NDT) for network throughput testing

During the site visit, configuration and status information will be collected for key network infrastructure. The collection of this information is automated and includes the output from the following commands: (Note: the commands shown are for Cisco network devices. Use equivalent commands when using network devices from alternative vendors, e.g. Hewlett Packard.)

Useful for analyzing configuration:


show running-config
To display the status and configuration of the module or Layer 2 VLAN
show interfaces trunk
To display the interface-trunk information
show vlan
To display VLAN information,
show version
To display the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images
show auto qos
To display the quality of service (QoS) commands entered on the interfaces on which automatic QoS (auto-QoS) is enabled.
show spanning-tree
To display spanning-tree state information.
show interfaces summary
To display a summary of statistics for one interface or for all interfaces that are configured on a networking device
**Look for dropped packets (IQD, OQD)
Some dropped packets are normal, a large amount of dropped packets indicate a problem with the interface or the end point connected to it
show interfaces status
To display the interface status or a list of interfaces in an error-disabled state on local area network (LAN) ports only
**Look for error-disabled state
show ip traffic
To display statistics about IP traffic
**Look for "bad options" or “format errors”, points to possible problems on the network
show processes cpu
To display information about the active processes and their corresponding CPU utilization statistics
**Look for processes that monopolized the CPU
show processes cpu history (if available)
Displays in ASCII graphical form, the total CPU usage over a period of time
show log
Use the show log command to display the error log for the system or a specific module
**Look for errors in the log

 

Post-Site Visit Data Collection

The network probes are typically left on the client site for one to two weeks following the CNE site visit. The extended data collection period ensures an adequate data sampling interval. The client representative will typically be asked to return the network probes to MCNC using packaging, shipping information, and account information provided by MCNC.

In addition, MCNC may request remote access to the client network to validate data collected on-site and/or gather additional information needed for the final report.

Final Report

The final report is typically comprised of four main sections which include the following:

  • Executive Summary
  • Data Collection and Testing Process Summary
  • Results and Observations
  • Recommendation Summary

Network diagrams, photographs, device configuration and status information, and detailed performance data are included in appendices to the final report.

Contact:
David Furiness
Sr. Director Network Consulting/K12 Advocate
MCNC
919-248-1812
dfuriness@mcnc.org