Comp Networks- Pre-study | WAN vs LAN, bridging and routing, IP networks Flashcards
A ______ ____ _____ (____) is defined as a telecommunications network that helps to connect devices (end-user devices and servers) that are situated several kilometers or even hundreds of kilometers away from each other.
wide area network (WAN)
A WAN may be public – for example, _______is a type of WAN as it enables connectivity and data exchange between devices situated on opposite ends of the world.
the internet
a _____ WAN in an enterprise, useful for securely sharing data and resources between geographically distributed headquarters, branch offices, retail stores, logistical hubs, and other similar locations. The key factor characterizing WAN is that it spans a geographically wide area.
private
A _____ _____ ____ (______) is defined as a telecommunications network that helps connect devices (end-user devices and servers) that are situated close to each other, typically inside a radius of one kilometer.
local area network (LAN)
LAN is widely used in both consumer and enterprise use cases. For example, you may have a collection of connected devices like a smart refrigerator, a laptop, a voice recognition-enabled TV, and a smart home console inside a person’s house. This setup uses LAN technology to enable _____ exchange between these devices so that the homeowner can access and control their functionalities seamlessly.
data
a medium-sized office campus may have hundreds of laptops and workstations, several meeting room systems, connected printers, and attendance kiosks, servers, and other devices, also set up using LAN. as long as the devices are within a compatible geographic range, you can connect them via ____ _____. This need for proximity is the key factor characterizing LAN.
LAN technology
LAN is a component of a larger WAN environment
This is a critical differentiating factor between WAN and LAN. Multiple local area networks together form a _____ _____ _____. For example, each individual consumer may have a separate local area network at their home. Multiple personal LANs may be connected via a wide area network managed by the region’s government. Thousands of LANs around the globe form the public internet, which is also a wide area network. In an enterprise context, each office location may be connected via LAN, and all LANs may communicate with the company’s headquarters and with each other through a secure private WAN.
wide area network
WAN and LAN involve two or more nodes that are being connected
As a prerequisite for both WAN and LAN, you need two or more computing nodes that are being connected.
This could be two end-user devices, an end-user device and a server, smart office or home appliances, or any other networked endpoint. You cannot have either a WAN or LAN environment without at least two separate nodes in place, which are at some distance from each other.
WAN and LAN use TCP/IP protocols
While LAN and WAN have different underlying technologies, both rely on the transmission control protocol/internet protocol (TCP/IP) model. TCP/IP is a collection of internet connectivity standards and protocols first developed by the department of defense in the 1960s.
It segments a network environment into four discrete layers: the application, transport, internet, and network access layers. Both WAN and LAN rely on TCP/IP.
Both LAN and WAN may be wireless or wired in nature
You may leverage both LAN and WAN to connect devices using wires or through wireless transmission. Fiber-optic, coaxial, and twisted-pair cabling are the three main types of wires used for LAN and WAN connectivity.
Wireless WAN and LAN environments both rely on 3G, 4G, 5G, and Wi-Fi signals to enable network connectivity.
Both LAN and WAN can be used by consumers and enterprises alike
Consumers typically use publicly owned WAN infrastructure, although visitors in an enterprise or official establishment may also use private WAN connectivity. Consumers may also have privately owned local area networks in their homes and may lease LAN services from local providers.
Enterprises may design local area networks for individual offices and operational locations or for mid-sized to large campuses. They may also have privately owned WAN spanning multiple cities or even connecting different countries for secure data transmissions.
WAN providers
Silver Peak, a provider of WAN appliances, WAN optimization, and SD-WAN solutions
Aryaka, a cloud-first managed SD-WAN service provider
Meraki, Cisco’s portfolio of WAN hardware and software solutions
Masergy, a leading cloud and MPLS-based WAN provider
LAN providers
Mist, a provider of AI-powered wireless and wired LAN
Cisco, a leading LAN hardware and security company
Aruba, an HPE subsidiary specializing in wireless LAN solutions
Extreme Networks, a cloud-based LAN management provider
IP was designed to support global packet switching network infrastructure. Ethernet bridging was designed to emulate a single shared cable. Various design decisions made in IP or Ethernet bridging were always skewed by these perspectives: scalability versus transparency.
design scope
IP routers forward IP datagrams according to their IP routing tables and never make multiple copies of the same datagram. They drop datagrams sent to unknown destinations and tell the sending hosts they did so. Bridges have to emulate a shared cable and thus forward frames sent to unknown destinations to all active ports but the one on which the frame was received (flooding). In short, routing is “forwarding based on presumption of knowledge”, bridging is “forwarding by guessing”.
Forwarding
IP (and most other layer-3 protocols) has a hop count in its header. Ethernet header does not have a hop count (neither do most other layer-2 protocols). Using hop count, loops can be detected even when they cannot be prevented (uRPF does a decent job of loop prevention in non-asymmetric networks, but that’s a different story).
Even worse, the forwarding by guessing bridging paradigm can create multiple copies of a looped packet sent to unknown destination. The number of copies grows exponentially with each iteration of the loop, quickly resulting in a total network meltdown.
Loop detection
Routers stop multicast or broadcast packets unless they are configured to forward them. Decent multicast implementations allow hosts to register to multicast streams and the routers deliver multicast packets only to those hosts or segments that actually need them.
Transparent bridges have to emulate a shared cable where every station can receive a broadcast or multicast frame. They are thus bound to flood multicast/broadcast frames.
Some layer-2 bridges support IGMP snooping and other mechanisms that should limit the amount of IP multicast propagated in unwanted directions. These measures work only for known (IP) multicast addresses; bridges still have to flood frames sent to unknown multicast destinations.
Most bridges can rate-limit the flooding process, reducing the chances of a single runaway host bringing the whole network to a standstill. Nonetheless, a determined intruder can use the rate-limiting mechanisms for an effective DoS attack where the bogus multicast traffic interferes with crucial protocols like ARP.
Multicast
IP routing tables are built by routers exchanging (somewhat) authoritative information: their connected subnets and their static routes. Bridging tables are built by guessing – by listening to the traffic and extracting source MAC addresses from the frames. The guessed information is never exchanged between the bridges (ESADI in TRILL is an exception, but even ESADI information is not authoritative).
Forwarding tables
Layer-3 addresses are configurable and usually include some topology information, allowing the layer-3 routing to scale. Layer-2 addresses are supposed to be static (hardwired) and are (within a single network) randomly scattered around the network.
Addressing
All layer-3 protocols have some mechanism that aggregates forwarding information, allowing them to scale. The “desktop protocols” (Cisco’s invention, not mine), including AppleTalk, IPX and Banyan Vines performed routing based on networks (cable ranges in Appletalk), which were very similar to fixed-prefix IP subnets. DECnet, CLNS and SNA have areas and perform host-based routing within an area, but still use only area addresses in “long-distance” (inter-area) routing to scale. Classless routing with IP prefixes allows you to build a multi-layer hierarchy.
Transparent bridging forwards frames to randomly scattered layer-2 addresses and thus cannot have a scaling mechanism.
Novel approaches to bridging (TRILL and 802.1ad) introduce a bridging hierarchy (or a bridging/routing hierarchy in case of TRILL), in which inner bridges (provider bridges in 802.1ad) know just the MAC address of edge bridges. VLANs deployed on edge bridges further limit the amount of information a single edge bridge must carry. Still, a single bridged domain cannot scale.
scalability
The “forwarding by learning” paradigm makes it extremely easy to spoof a bridged network: send frames with wrong source MAC address. Spoofing a routed network is somewhat harder; you have to hack the routing protocol.
Bridges reduce the risk of spoofing by implementing port security, dynamic ARP inspection and DHCP snooping; workaround measures trying to solve a problem that shouldn’t have existed in the first place. You cannot secure an environment designed to emulate a single shared cable (at least not without breaking some eggs).
spoofing
