What does RITE and the v4 CCIE blueprint have in common? Section 10.04 If you are new to RITE, or would like to know more about it, read on.
Router IP Traffic Export, (RITE), allows the forwarding of unaltered IP packets from a router interface to memory or to a specific MAC address on a locally attached network. A likely candidate being the MAC address of a network analyzer or Intrusion Detection System.
As an example, lets configure RITE on R2. Setting it up is simple. We first create a profile, and apply that profile to an interface. But what if we don’t want to export all of the traffic? No problem. We can also filter to specify exactly which traffic should be captured and exported, and we can even specify a smaller sample of the overall traffic flow if desired.
In this example, we will create an access-list that only matches if the source traffic is from R5’s loopback 0 address of 18.104.22.168
ip access-list extended FROM-R5 permit ip host 22.214.171.124 any
Next lets create a simple profile, (we will call this one “R5”), and specify the interface where we will export the packets to, as well as the MAC address that is reachable locally by R2. We will also leverage the access-list to filter on what may be captured, as well as a sampling rate of 1 in every 5 packets, (20%).
ip traffic-export profile R5 interface FastEthernet0/0 incoming access-list FROM-R5 mac-address 0123.4567.89ab incoming sample one-in-every 5 exit
Next we will apply the profile to the interface which will be receiving the packets sourced from R5 loopback 0.
interface Serial0/0 ip traffic-export apply R5
Turning on debugging will assist in seeing the activity behind the scene.
debug ip traffic-export events
Next, we generate some traffic, sourced from R5 loopback 0. This traffic does pass through the serial 0/0 interface of R2.
R5#show ip int brief Interface IP-Address OK? Method Status Protocol FastEthernet0/0 unassigned YES NVRAM up up Serial0/0 unassigned YES NVRAM administratively down down FastEthernet0/1 126.96.36.199 YES NVRAM up up Serial0/1 unassigned YES NVRAM administratively down down Loopback0 188.8.131.52 YES NVRAM up up R5# R5#ping 184.108.40.206 repeat 50 source loopback 0 Type escape sequence to abort. Sending 50, 100-byte ICMP Echos to 220.127.116.11, timeout is 2 seconds: Packet sent with a source address of 18.104.22.168 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (50/50), round-trip min/avg/max = 4/12/32 ms R5#
Back to R2, to see the results of the debug.
R2#RITE: exported input packet # 1 RITE: exported input packet # 2 RITE: exported input packet # 3 RITE: exported input packet # 4 RITE: exported input packet # 5 RITE: exported input packet # 6 RITE: exported input packet # 7 RITE: exported input packet # 8 RITE: exported input packet # 9 RITE: exported input packet # 10 R2#
Now lets look at some of the statistics.
R2#show ip traffic-export Router IP Traffic Export Parameters Monitored Interface Serial0/0 Export Interface FastEthernet0/0 Destination MAC address 0123.4567.89ab bi-directional traffic export is off Input IP Traffic Export Information Packets/Bytes Exported 10/1000 Packets Dropped 43 Sampling Rate one-in-every 5 packets Access List FROM-R5 [named extended IP] Profile R5 is Active R2#
Out of the 50 pings, 10 of them were exported, due to the profile we created. The packets dropped reflect packets that were not exported, including 40 from R5, and 3 other packets that did not match the ACL in the profile.
Keep up the great studies, and good luck!
20 Responses to “The RITE Stuff, CCIE 10.04”
Leave a Reply