Netjitsu Dojo

Ever had slow WAN links and wanted to see exactly who was using up the bandwidth. What you need is the Top Talkers feature. You will first need to turn on NetFlow against the interface in question like so... interface serial 0/0 ip flow egress ip flow ingress Then we enable the top talkers feature ip flow-top-talkers top 20 sort-by bytes cache-timeout 3600000 The top command defines how many flows you want in the list in this case we will display the top 20 flows. The sort-by command determines how the flows are ordered. The choices are either bytes or packets. Generally bytes is more useful as it shows the weightier flows as top. You can also sort by packets this can help show a server which is perhaps sending a lot of smaller packets. The last command is cache-timeout this specifies the length of time the list of top talkers remains before being recalculated. The shorter the period the more system resources it uses. Once you have this configured you can view the top talker list by

Netflow is a great feature which provides detailed information on connection flows passing through your router or switch. You can use the data raw from the IOS CLI or export it to a Netflow collector for graphing and analysis. There are many free software packages out there for this and a google search will point you in the right direction. To get Netflow up and running you first need to configure the interfaces you want to get the flow data from. interface serial0/0 ip flow egress ip flow ingress The Egress command obviously turns on NetFlow for transmitted data whilst Ingress is data into the interface. (On older IOS version ip flow ingress was turned on with the command ip route-cache flow ) Now we can configure the NetFlow collector we wish to export the data to. ip flow-export source Loopback0 ip flow-export version 5 ip flow-export destination x.x.x.x 9996 The first command specifies the interface the NetFlow data will be sourced from. In this case we are using a loopback int

I came across an interesting problem the other day where someone had a 15Gb usage cap on their ADSL during the day but unlimited usage from midnight to 8am. Someone who lived in their house was partial to downloading large files and they wanted to restrict them from doing this until they were in the unlimited usage period. What was required was essentially a class map which matches based on both the time of day and the protocols in use. I could then drop traffic by applying a policy-map against an interface. The first thing I did was to create a class-map which would match any of the peer to peer protocols like so.... class-map match-any Peer2Peer match protocol bittorrent match protocol edonkey match protocol gnutella match protocol kazaa2 match protocol fasttrack match protocol winmx match protocol directconnect Next I created a time range called OFFPEAK. I made the time range between 08:00 and 23:59 which is the period where the restrictions apply. time-range OFFPEA