Difference between revisions of "Bandwidth Management and Optimisation Training"

From KENET Training
Jump to: navigation, search
(BMO Tools)
(DHCP Snooping)
Line 207: Line 207:
  
 
===DHCP Snooping===
 
===DHCP Snooping===
 +
 +
DHCP snooping should be configured for edge switches (provided it is supported by the switch). The objective
 +
is to prevent incorrectly configured clients from behaving as DHCP servers and hence assigning false IP
 +
addresses to other clients. This has become a problem and can be avoided by implementing DHCP snooping
 +
with its associated blocking function. It is important that this function is only implemented in client ports and not
 +
on trunk or network ports.
  
 
===Traffic Storm Control===
 
===Traffic Storm Control===

Revision as of 07:05, 6 July 2013

Bandwidth Management and Optimisation Training

This will be an intense hands-on five (5) day training to teach skills required for bandwidth management and optimization at the Campus environment

Objective

The main objective of the training is to empower the various network administrators from the various institutions with skills that will enable them to effectively manage the networks of the various institutions that they represent. This will enable them to ensure the bandwidth they are been provided with is been used for academic work and not been consumed by viruses, spam, peer-to-peer traffic and other malware.

Who Should Attend?

This course is designed for technical staff that operates a TCP/IP network and intends to provide connectivity to both students and faculty.

Requirements

The participants are required to be conversant with Linux/Unix commands. All participants are required to submit current network diagrams for discussion during the Case Studies. Each participant is also required to bring a laptop.

Course content

This is a hands on training experience where the participants will setup a Bandwidth Management and Optimization Box using a wide variety of tools in both Unix and Linux.

The training will begin by introducing the students to the importance of network management and best campus design principles. The training will also give them skills on how to troubleshoot common campus network problems and teach them how to install and manage network monitoring tools. They will also be taught bandwidth management principles within a campus environment and how to develop and implement bandwidth policies.

Course Cost

This is a cost recovery based training and the Participants will contribute an amount to cater for their accommodation and the trainers time. This cost will cost USD...... Per Participant.

Registration

All participants will be nominated by the ICT Director/ ICT Head at the Institution . All nominations should be received by 15th July 2013

Timetable



DAY/TIME


8.00-10.00am


10.00-10.15am


10.15am-1.00pm


1.00pm-2.00pm


2.00pm-4.00pm

 4.00pm-4.15pm


4.15pm-6.00pm



Monday


Introduction

Tea break

Why Network Management

Lunch

Campus Network design

Tea break

Campus Network design


Tuesday

Network management Basics

Tea break

The bandwidth Challenge

Lunch

Solving network Problems

Tea break

Case Study: Campus A and B



Wednesday


Network Monitoring tools

Tea break

Network Monitoring tools

Lunch

Network Monitoring tools

Tea break

Case Study: Campus C and D


Thursday

Network Monitoring tools

Tea break

Network Monitoring tools

Lunch

Squid: Delay Pools

Tea break

Case Study: Campus E and F


Friday

Policy development

Tea break

Policy development

Lunch

Network Monitoring tools

Tea break

Case Study: Campus G and H


Saturday

Network Monitoring tools

Tea break

Closing Ceremony

Lunch













BMO Tools

Cacti

Nagios

Smoking

mtr

Iperf

Smokeping

Wireshark

Dig

DHCP Snooping

DHCP snooping should be configured for edge switches (provided it is supported by the switch). The objective is to prevent incorrectly configured clients from behaving as DHCP servers and hence assigning false IP addresses to other clients. This has become a problem and can be avoided by implementing DHCP snooping with its associated blocking function. It is important that this function is only implemented in client ports and not on trunk or network ports.

Traffic Storm Control

The port should be configured so that broadcast traffic is blocked when its volume exceeds a pre-defined acceptable threshold (e.g. 10 %).

Port security

The port security functions can be used to enable better access control to a given switch port. This allows only a certain number of machines (MAC addresses) behind a given port. The configuration should be such that authorised machines still have network access after any additional machines are connected. Only the additional machines are blocked. The function is recommended especially in connection with printers in open areas, so that these switch ports are not misused. As a minimum requirement, all client ports should be configured with a high value which exceeds practical usage, so as to prevent flooding of the CAM table. Note that network ports (ports connecting to other network equipment) must not have this type of configuration.

IP source gaurd/ Dyanmic IP lockdown

This is a mechanism which prevents forgery of IP addresses from the client machine. Only the IP address assigned to the client by DHCP or any statically registered address can be used behind the port. If a switch supports this function, it is recommended that it be actuated on client ports. The function may require that DHCP snooping is also being used.

Squid Delay Pools

IP Plan

Nmap

Rancid

Tcpdump