General Networking Flashcards
mTLS
- Mutual TLS; zero trust security model–no network traffic is trusted by default
- Both sending/receiving entities verify each other’s identity when communicating
- analogy: alice sends message in an ssl envelope and places personal seal on it. bob replies in his ssl envelope and stamps his personal seal on it. Both parties know what each other’s seals look like
- not extremely common due to extra overhead in managing certificates and TLS handshake process; maybe about 1/3 of applications
OSPF
Open shortest path first (oh, so pretty fast)–layer 3 routing protocol that uses LSAs to learn about neighboring OSPF routers.
- Primarily used when routing within an autonomous system /interior
-Used in enterprise networks - fast convergence
- finds best route based on total cost of the path (bandwidth)
BGP
Border Gateway Protocol (big global player)–L3 routing path vector protocol that facilitates routing across different autonomous systems (internet routing)
- requires more granular control compared to OSPF
- BGP typically won’t be used for internal routing unless its within the same AS (iBGP)
- provides redundancy across carriers/ISPs
- Best routing path criteria can be unique to different vendors
Difference between Wifi 6 and Wifi 6e
-6e is an extension on 6
-up to 8 160mhz channels
-6e is not backwards compatible with wifi5 and below
SNMP Manager
Piece of software that runs on Network Management Stations (NMS) that can retrieve or push config to SNMP capable terminals.
The SNMP manager would provide a topology of all the connected devices and inform the network admin of any potential issues with specific devices such as bandwidth/CPU issues or any other hardware faults that need to be addressed.
SNMP Managers send commands via GET/SET
SNMP Agent
A software component on the managed device that relays information to the snmp manager or sets configuration sent from the manager.
E.g., GET VLAN info for 1/0/1 or SET VLAN 50 for 1/0/1
Management Information Base (MIB)
Database or collection of information or components that can be viewed or configured via SNMP.
Each component within the MIB is known as an Object Identifier (OID) that the SNMP manager can reference.
SNMP Trap / SNMP Inform
A trigger configured on an SNMP agent that alerts the SNMP manager when a certain condition is met.
An SNMP Inform is the same as the trap but requires ACK from the manager. Agent will resend INFORM if no ACK is received
SNMP Community String
The password in order to carry out SNMP operations in SNMPv2c. Plain text string
SNMPv3
Provides security and modularity over SNMPv2c. Allows administrator to control what “view” an authorized user is allowed to read/write.
SNMP “View”
A set of OID structures that the set of users can perform actions on.
SNMP Group
The group is a container that has a set of permissions and the set of users that can read/write to the existing SNMP View
Core layer
Backbone of the network and connects to other network “blocks” (if there are enough blocks to justify the use of a core switch). Core switches are high capacity/performance and connect to other switches or devices/services such as:
-Core routers
-Aggregation Switches
-WAN optimizers/accelerator
-Data centers/servers
-Can collapse into distribution layer
Distribution layer
Runs between access layer and core layer. Layer 3 capable devices that provides routing, policy-based connectivity, or WAN access. Can connect to:
-Internet
-Firewalls/IPS/IDS
-Can also collapse into access layer
-WAN router
-VPN concentrators
FHRPs
First hop redundancy protocol assists with routing end devices outside of their subnet when the primary default gateway goes down.
This is through the use of the SVIs at layer 3 and the creation of a virtual IP between redundant L3 switches. The redundant L3 switches negotiate who is the ‘active’ switch that uses the virtual IP.
VRRP
Virtual router redundancy protocol that utilizes a pair of routers/L3 devices in a master/backup architecture.
In VRRP, the master router can use their own IP address as the virtual IP. Priority values between the two routers are no longer considered. This setup saves IP address space.
VRRP vMAC: 0000.5300.01xx (xx is the group ID)
VRRP mcast: 224.0.0.18
VRRP v2: IPv4
VRRP v3: IPv6
HSRP
Cisco standard called hot standby redundancy protocol. Pair of routers go through an election process determined by priority value or highest IP (if priority is tied). This determines which router is the primary router that controls the virtual IP which would be the default gw for end devices.
wifi 6e
-WPA3 required
-adds 6ghz spectrum for use
-wifi6e is only ‘compatible’ with 6ghz bands. 6e can still be configured to work with 2.4g and 5g bands but it will not use the 6g spectrum.
Administrative distance (AD)
A value or metric that is used by routers to determine the best (trustworthy) route when multiple paths to the destination are available.
Different routing protocols have a default AD values on a given router. Based on these AD values, the router will use the protocol with the lower AD value to determine the best path.
RSTP
802.1W improves on STP by:
-condensing port states to just “discarding” and “learning”; eliminates traditional port states in STP
-uses BPDUs as keep alives whether there are network changes or not
-implemented edge ports or p2p ports which improve convergence calculation times
-backwards compatible with STP
Area border router
The router that is directed connected to two different OSPF areas.
Mandatory BGP Path Attributes
- When communicating with other BGP routers, routes exchanged MUST include the following:
+ AS-Path
+ Next-hop
+ Origin (where the route was originally learned by that router)
Discretionary BGP attributes
When communicating with BGP routers, the router can choose to utilize these attributes when making routing decisions
- Local preference
- Atomic aggregate
BGP Neighbors/Peers
- Manually configured and does not need to be directly connected to each other
- Neighbors are formed over TCP
- Communications between BGP neighbors involve: open, keep-alive, update and notifications.
