Resources
    The RITE Stuff, CCIE 10.0 ...
    29 December 09

    The RITE Stuff, CCIE 10.04

    Posted byINE
    facebooktwitterlinkedin
    news-featured

    What does RITE and the v4 CCIE blueprint have in common? Section 10.04 :) If you are new to RITE, or would like to know more about it, read on.

    Router IP Traffic Export, (RITE), allows the forwarding of unaltered IP packets from a router interface to memory or to a specific MAC address on a locally attached network. A likely candidate being the MAC address of a network analyzer or Intrusion Detection System.

    As an example, lets configure RITE on R2. Setting it up is simple. We first create a profile, and apply that profile to an interface. But what if we don't want to export all of the traffic? No problem. We can also filter to specify exactly which traffic should be captured and exported, and we can even specify a smaller sample of the overall traffic flow if desired.

    In this example, we will create an access-list that only matches if the source traffic is from R5’s loopback 0 address of 150.1.5.5

    R2:

    ip access-list extended FROM-R5
    permit ip host 150.1.5.5 any

    Next lets create a simple profile, (we will call this one “R5”), and specify the interface where we will export the packets to, as well as the MAC address that is reachable locally by R2. We will also leverage the access-list to filter on what may be captured, as well as a sampling rate of 1 in every 5 packets, (20%).

    R2:

    ip traffic-export profile R5
    interface FastEthernet0/0
    incoming access-list FROM-R5
    mac-address 0123.4567.89ab
    incoming sample one-in-every 5
    exit

    Next we will apply the profile to the interface which will be receiving the packets sourced from R5 loopback 0.

    R2

    interface Serial0/0
    ip traffic-export apply R5

    Turning on debugging will assist in seeing the activity behind the scene.

    R2:

    debug ip traffic-export events

    Next, we generate some traffic, sourced from R5 loopback 0. This traffic does pass through the serial 0/0 interface of R2.

    R5:

    R5#show ip int brief
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 unassigned YES NVRAM up up
    Serial0/0 unassigned YES NVRAM administratively down down
    FastEthernet0/1 136.1.45.5 YES NVRAM up up
    Serial0/1 unassigned YES NVRAM administratively down down
    Loopback0 150.1.5.5 YES NVRAM up up

    R5#
    R5#ping 150.1.2.2 repeat 50 source loopback 0

    Type escape sequence to abort.
    Sending 50, 100-byte ICMP Echos to 150.1.2.2, timeout is 2 seconds:
    Packet sent with a source address of 150.1.5.5
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Success rate is 100 percent (50/50), round-trip min/avg/max = 4/12/32 ms
    R5#

    Back to R2, to see the results of the debug.

    R2#RITE: exported input packet # 1
    RITE: exported input packet # 2
    RITE: exported input packet # 3
    RITE: exported input packet # 4
    RITE: exported input packet # 5
    RITE: exported input packet # 6
    RITE: exported input packet # 7
    RITE: exported input packet # 8
    RITE: exported input packet # 9
    RITE: exported input packet # 10

    R2#

    Now lets look at some of the statistics.

    R2#show ip traffic-export
    Router IP Traffic Export Parameters
    Monitored Interface Serial0/0
    Export Interface FastEthernet0/0
    Destination MAC address 0123.4567.89ab
    bi-directional traffic export is off
    Input IP Traffic Export Information Packets/Bytes Exported 10/1000
    Packets Dropped 43
    Sampling Rate one-in-every 5 packets
    Access List FROM-R5 [named extended IP]
    Profile R5 is Active
    R2#

    Out of the 50 pings, 10 of them were exported, due to the profile we created. The packets dropped reflect packets that were not exported, including 40 from R5, and 3 other packets that did not match the ACL in the profile.

    Keep up the great studies, and good luck!

    © 2024 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo