Network Design Step 2: Network Auditing Methods, Tools, and IOS Commands

On small networks, the auditing process is almost always carried out manually. This is usually accomplished by issuing commands on various network devices to view their configuration, status, and so on. While this is a practical solution for environments that are relatively small, such a method would be exceptionally time consuming on a network that includes hundreds of network devices or more. Depending upon the equipment in use on the network, scripting can often to be to help automate the process, although this depends on the relative skill set of the network designer working on the project.

On larger networks, a variety of tools and utilities are typically used to gather auditing information. In some cases a customer may already have these tools deployed, while in others, specific utilities may need to be purchased or downloaded and installed just for this purpose. Examples of common utilities used to gather network audit information include:

  • Network management systems like HP OpenView, Sun Solstice, IBM Tivoli, TNG Unicenter, CiscoWorks, and What’s Up Gold. Network management systems typically provide a wide variety of data about the current network including physical and logical topology maps, information about the configuration of network equipment, and so forth.
  • Network diagramming and data collection tools like Microsoft Visio Enterprise Network Tools.
  • Security tools like Cisco Secure Scanner to test for security vulnerabilities and issues.
  • SNMP data-gathering utilities like the free Multi Router Traffic Grapher (MRTG).

Although network auditing using the tools listed is very effective and usually highly accurate, some of these applications can be very expensive, and therefore not practical in all situations. The good news is that another highly effective way of auditing a network is by using information provided by existing equipment. For example, accurate information about a network can also be gathered by analyzing the configuration of network devices.

On Cisco equipment, this information is usually gathered through the use of a few key commands.

Some of the common commands used to gather information about existing Cisco equipment include:

  • show running-configuration. When issued on Cisco switches and routers, this command displays the configuration of a device that is currently being used.
  • show version. When issued on Cisco switches, routers, and PIX firewalls, this command displays information about the model in use, system specifications, the device’s IOS version, and more.
  • write terminal. When issued on a Cisco PIX firewall, this command displays the current running configuration of the system.
  • show tech-support. When issued on a Cisco switch, router, or PIX firewall, this command displays complete information about the configuration of the device, aggregating the information provided by various show commands.
  • show processes. This command displays information about all of the processes currently running on a system, including CPU utilization information for the last 5 seconds, 1 minute, and 5 minutes.
  • show buffers. This command displays information about how a system is allocating RAM for the purpose of buffering packets. A high level of buffer misses may mean that the system does not have sufficient memory to function effective on the network.

When attempting to characterize a customer’s existing network, using the configuration of existing equipment (Cisco or otherwise) represents a very accurate method of obtaining information for analysis purposes.

Network Design Step 2: Performing a Network Audit

A far more accurate source of information about the existing customer network is obtained through auditing. Generally speaking, auditing involves using various methods, tools, and IOS commands to gather information about the current status of the network.

For example, a company may already have a network management system like HP OpenView deployed that could be used to generate network topology maps, provide performance-related information, and more. Similarly, various IOS commands can also be used to gather information of the status of any existing Cisco equipment. Ultimately, this auditing information will help to paint a more realistic picture of the current network environment.

Network Design Step 2: Identifying Features of the Current Network

Although all network design projects will ultimately involve a very careful and thorough analysis of the existing network, a great deal of information is often provided in advance by the customer. Sometimes this information is limited to what has been provided in the RFP and RFI documents, while in others, large amounts of supplementary documentation may be passed to the designer. While this provides a useful introduction to the existing environment, documentation can often be well out of date, incorrect, or misleading. For that reason, documentation provided by the customer should never be assumed to be complete and/or accurate.

By the same token, understanding a customer’s existing network will usually involve interviews with various staff and management. Where documentation generally provides the details of an existing implementation, interviews can often help to uncover the rationale for various decisions that were made. Again, the information that is gathered about the existing network from various staff members can seldom be considered entirely complete or accurate. Here again, people have points of view and opinions, and their perspective may not accurately reflect the true current situation.

Conducting interviews and using examining existing documentation are almost always the first steps in attempting to characterize a customer’s existing network. However, always keep in mind that this is generally the least accurate of the different types of information you will collect as part of your assessment.

Network Design Step 2: Identifying and Analyzing the Current Network

Once the initial customer requirement, goals, and constraints associated with a proposed network design project have been determined and documented, it’s time to move on to step 2 of the network design process. Identifying and analyzing the current network involves learning as much information as possible about an organization’s existing network. Having this information is absolutely critical, since it provides the designer with in-depth knowledge of the potential issues that will need to be dealt with as part of designing, implementing, and testing the proposed solution.

As a general rule, three main methods are used to identify and analyze a customer’s existing network environment. These include:

  • Using existing documentation and interviews with the customer
  • Auditing the current network
  • Performing network traffic analysis

Each of these methods may be comprised of many steps that involve different processes and applications to gather the required data. Although each method represents a valid and important part of identifying and analyzing an existing network, the actual accuracy of the information varies between the sources. For example, while the information provided through auditing the existing network is likely to be very accurate, information provided by the customer could often be less accurate based on biases and points of view.

The types of information that need to be gathered about the existing network include:

  • Network topologies in use at different OSI layers
  • Network services currently deployed
  • Network configuration including addressing, routing, and equipment configuration
  • Network applications in use
  • Performance and functionality of the existing infrastructure

The following articles outline each of the methods used to identify and analyze a customer’s existing network, along with an overview of the tools and information sources used by each method.

Network Design Step 1: Documenting Gathered Information

As part of the process of gathering information about a customer’s goals, constraints, and requirements for a new or upgraded network, documentation needs to be created. Ultimately, this documentation will be used to confirm that both the designer and the customer agree on the requirements, as well as associated goals and constraints that will impact the project.

The documentation of the gathered information is not subject to any specific format at this point in the process. However, there are certain methods that can be used to structure the information, making it easier for both the network designer and the customer to review in a more organized and simplified manner. Perhaps the most popular method is through the use of decision matrices.

A decision matrix is not nearly as complex as it sounds. In truth, it’s really nothing more than a table that can be used to document information about specific elements of the network design or data gathering process. For example, a decision table might be used to document all required applications for a new network, as shown below. In this example, the matrix simply lists a particular application type, its name, importance information, and comments.

Example Decision Matrix 

Once created, a decision matrix provides a simplified high-level overview of gathered data or design information that makes it easy for the designer and decision makers to easily review project details.