Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Module 5 > Module 5 > Flashcards

Module 5 Flashcards

1
Q

What Is a Network?

A

A network consists of end devices such as computers, mobile devices, and printers. These devices are connected by networking devices such as switches and routers. The network enables the devices to communicate with one another and share data. There are many ways to connect to the network. The most common local area network (LAN) methods, specified by the Institute of Electrical and Electronics Engineers (IEEE), are wired Ethernet LANs (IEEE 802.3) and wireless LANs (IEEE 802.11). These end-devices connect to the network using an Ethernet or wireless network interface card (NIC).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Protocol Suites

A

A protocol suite is a set of protocols that work together to provide comprehensive network communication services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Internet Protocol Suite or TCP/IP

A

The Transmission Control Protocol/Internet Protocol (TCP/IP) protocol model for internetwork communications was created in the early 1970s and is sometimes referred to as the internet model. This is the most common and relevant protocol suite used today. The TCP/IP protocol suite is an open standard protocol suite maintained by the Internet Engineering Task Force (IETF).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Open Systems Interconnection (OSI) protocols

OSI Model

  1. Application
  2. Presentation
  3. Session
  4. Transport
  5. Network
  6. Data Link
  7. Physical
A

This is a family of protocols developed jointly in 1977 by the International Organization for Standardization (ISO) and the International Telecommunications Union (ITU). The OSI protocols include a seven-layer model called the OSI reference model. The OSI reference model categorizes the functions of its protocols. Today OSI is mainly known for its layered model. The OSI protocols have largely been replaced by TCP/IP.

The form that a piece of data takes at any layer is called a protocol data unit (PDU). During encapsulation, each succeeding layer encapsulates the PDU that it receives from the layer above in accordance with the protocol being used. When messages are sent on a network, the encapsulation process works from top to bottom, as shown in the figure.

At each stage of the process, a PDU has a different name to reflect its new functions. Typically, the PDUs are named according to the following layers:

  • Data - The general term for the PDU used at the application layer
  • Segment - transport layer PDU
  • Packet - network layer PDU
  • Frame - data Link layer PDU
  • Bits - physical layer PDU used when physically transmitting data over the medium

At each layer, the upper layer information is considered data within the encapsulated protocol. For example, the transport layer segment is considered data within the internet layer packet. The packet is then considered data within the link layer frame.

An advantage with layering the data transmission process is the abstraction that can be implemented with it. Abstraction of the protocol and services in these models is done through encapsulation.

In general, an application uses a set of protocols to send the data from one host to the other. Going down the layers, from the top one to the bottom one in the sending host and then the reverse path from the bottom layer all the way to the top layer on the receiving host, at each layer the data is being encapsulated. At each layer, protocols perform the functionality required by that specific layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

OSI Model

  1. Application
  2. Presentation
  3. Session
  4. Transport
  5. Network
  6. Data Link
  7. Physical
A

Physical Layer (Layer 1)

This layer is responsible for the transmission and reception of raw bit streams. At this layer, the data to be transmitted is converted into electrical, radio, or optical signals. Ethernet, Bluetooth, and Universal Serial Bus (USB) are examples of protocols that have specifications for the physical layer.

Data Link Layer (Layer 2)

This layer provides NIC-to-NIC communications on the same network. The data link layer specification defines the protocols to establish and terminate connections, as well as the flow control between two physically connected devices. The IEEE 802 family of protocols, which includes Ethernet and wireless LANs (WLANs), subdivide this layer into two sublayers:

  • Medium Access Control (MAC) sublayer – The MAC sublayer is responsible for controlling how devices in a network gain access to the transmission medium and obtain permission to transmit data.
  • Logical Link Control (LLC) sublayer – The LLC sublayer is responsible for identifying and encapsulating network layer protocols, error checking controls, and frame synchronization. IEEE 802.3 Ethernet, 802.11 Wi-Fi, and 802.15.4 ZigBee protocols operate at the data link layer. The MAC sublayer within the data link layer is critically important in broadcast environments (like wireless transmission) in which control to the transmission medium has to be carefully implemented.

Network Layer (Layer 3)

This layer provides addressing and routing services to allow end devices to exchange data across networks. IP version 4 (IPv4) and IP version 6 (IPv6) are the principle network layer addressing protocols. To accomplish end-to-end communications across network boundaries, network layer protocols perform two basic functions:

  • Addressing - All devices must be configured with a unique IP address for identification on the network.
  • Routing - Routing protocols provide services to direct the packets to a destination host on another network. To travel to other networks, the packet must be processed by a router. The role of the router is to select the best path and forward packets to the destination host in a process known as routing. A packet may cross many routers before reaching the destination host. Each router a packet crosses to reach the destination host is called a hop.

The network layer also includes the Internet Control Message Protocol (ICMP) to provide messaging services such as to verify connectivity with the ping command or discover the path between source and destination with the traceroute command.

Transport Layer (Layer 4)

The transport layer defines services to segment, transfer, and reassemble the data for individual communications between the end devices. This layer has two protocols:

Transmission Control Protocol (TCP): provides reliability and flow control using these basic operations:

  • Number and track data segments transmitted to a specific host from a specific application.
  • Acknowledge received data.
  • Retransmit any unacknowledged data after a certain amount of time.
  • Sequence data that might arrive in wrong order.
  • Send data at an efficient rate that is acceptable by the receiver.

TCP is used with applications such as databases, web browsers, and email clients. TCP requires that all data that is sent arrives at the destination in its original condition. Any missing data could corrupt a communication, making it either incomplete or unreadable.

User Datagram Protocol (UDP): a simpler transport layer protocol than TCP. It does not provide reliability and flow control, which means it requires fewer header fields. UDP datagrams can be processed faster than TCP segments. UDP is preferable for applications such as Voice over IP (VoIP). Acknowledgments and retransmission would slow down delivery and make the voice conversation unacceptable.

Application developers must choose which transport protocol type is appropriate based on the requirements of the applications.

Session Layer (Layer 5)

The session layer provides mechanisms for applications to establish sessions between two hosts. Over these end-to-end sessions, different services can be offered. Session layer functions keep track of whose turn it is to transmit data, make sure two parties are not attempting to perform the same operation simultaneously, pick up a transmission that failed from the point it failed, and end the transmission. The session layer is explicitly implemented in applications that use remote procedure calls (RPCs).

Presentation Layer (Layer 6)

The presentation layer specifies context between application-layer entities. The OSI model layers so far, have been mostly dealing with moving bits from a source host to a destination host. The presentation layer is concerned with the syntax and the semantics of the transmitted information and how this information is organized. Differentiation is done at this layer between what type of data is encoded for transmission, for example text files, binaries, or video files.

Application Layer (Layer 7)

The application layer is the OSI layer that is closest to the end user and contains a variety of protocols usually needed by users. One application protocol that is widely used is HyperText Transfer Protocol (HTTP) and its secure version HTTPS. Exchanging information between a client browser and a web server is done using HTTP. When a client browser wants to display a web page, it sends the name of the page to the server hosting the page using HTTP. The server sends back the Web page over HTTP. Other protocols for file transfers, electronic email and others have been developed throughout the years. Some other examples of protocols that operate at the application layer include File Transfer Protocol (FTP) used for transferring files between hosts and Dynamic Host Configuration Protocol (DHCP) used for dynamically assigning IP addresses to hosts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TCP/IP Model

A

Network Access (equal to layers 1 and 2 of OSI)

Internet (equal to layer 3 of OSI)

Transport (equal to layer 4 of OSI)

Application (equal to layers 5, 6 and 7 of OSI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Flow in Layered Models

A

End devices implement protocols for the entire “stack” of layers. The source of the message (data) encapsulates the data with the appropriate protocol header/trailer at each layer, while the final destination de-encapsulates each protocol header/trailer to receive the message (data).

The network access layer operates at the local network connection to which an end-device is connected. It deals with moving frames from one NIC to another NIC on the same network. Ethernet switches operate at this layer.

The internet layer is responsible for sending data across potentially multiple distant networks. Connecting physically disparate networks is referred to as internetworking. Routing protocols are responsible for sending data from a source network to a destination network. Routers are devices that operate at the internet layer and perform the routing function. IP operates at the internet layer in the TCP/IP reference model and performs the two basic functions, addressing and routing.

Hosts are identified by their IP address. To identify network hosts’ computers and locate them on the network, both IPv4 and IPv6 addressed hosts are currently supported on the internet.

The second function of the internet layer is routing packets. This function means sending packets from source to destination by forwarding them to the next router that is closer to the final destination. With this functionality, the internet layer makes possible internetworking, connecting different IP networks, and essentially establishing the internet. The IP packet transmission at the internet layer is best effort and unreliable. Any retransmission or error corrections are to be implemented by higher layers at the end devices, typically TCP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Planes of a Router

  • Management Plane
  • Control Plane
  • Data Plane
A

The logic of a router is managed by three functional planes: the management plane, control plane, and data plane. Each provides different functionality:

  • Management Plane - The management plane manages traffic destined for the network device itself. Examples include Secure Shell (SSH) and Simple Network Management Protocol (SNMP).
  • Control Plane - The control plane of a network device processes the traffic that is required to maintain the functionality of the network infrastructure. The control plane consists of applications and protocols between network devices, such as routing protocols OSPF, BGP, and Enhanced Interior Gateway Routing Protocol (EIGRP). The control plane processes data in software.
  • Data Plane - The data plane is the forwarding plane, which is responsible for the switching of packets in hardware, using information from the control plane. The data plane processes data in hardware.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The Network Interface Layer

A

A network consists of end devices such as computers, mobile devices, and printers that are connected by networking devices such as switches and routers. The network enables the devices to communicate with one another and share data.

All hosts and network devices that are interconnected, within a small physical area, form a LAN. Network devices that connect LANs, over large distances, form a wide area network (WAN).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Ethernet

Ethernet Frame

Preamble | SFD | Destination MAC Address | EtherType | Payload | FCS

A

In Ethernet terminology, the container into which data is placed for transmission is called a frame. The frame contains header information, trailer information, and the actual data that is being transmitted.

The most important fields of the Ethernet frame:

  • Preamble - This field consists of seven bytes of alternating 1s and 0s that are used to synchronize the signals of the communicating computers.
  • Start of frame delimiter (SFD) – This is a 1-byte field that marks the end of the preamble and indicates the beginning of the Ethernet frame.
  • Destination MAC Address - The destination address field is six bytes (48 bits) long and contains the address of the NIC on the local network to which the encapsulated data is being sent.
  • Source MAC Address - The source address field is six bytes (48 bits) long and contains the address of the NIC of the sending device.
  • Type - This field contains a code that identifies the network layer protocol. For example, if the network layer protocol is IPv4 then this field has a value of 0x0800 and for IPv6 it has a value of 0x086DD.
  • Data - This field contains the data that is received from the network layer on the transmitting computer. This data is then sent to the same protocol on the destination computer. If the data is shorter than the minimum length of 46 bytes, a string of extraneous bits is used to pad the field.
  • Frame Check Sequence (FCS) - The FCS field includes a checking mechanism to ensure that the packet of data has been transmitted without corruption.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

MAC Addresses

A MAC address can be displayed in any of the following ways:
* 0050.56c0.0001
* 00:50:56:c0:00:01
* 00-50-56-c0-00-01

A

All network devices on the same network must have a unique MAC address. The MAC address is the means by which data is directed to the proper destination device. The MAC address of a device is an address that is burned into the NIC. Therefore, it is also referred to as the physical address or burned in address (BIA).

A MAC address is composed of 12 hexadecimal numbers, which means it has 48 bits. There are two main components of a MAC. The first 24 bits constitute the OUI. The last 24 bits constitute the vendor-assigned, end-station address, as shown in the figure.

  • 24-bit OUI - The OUI identifies the manufacturer of the NIC. The IEEE regulates the assignment of OUI numbers. Within the OUI, there are 2 bits that have meaning only when used in the destination address (DA) field of the Ethernet header:
  • 24-bit, vendor-assigned, end-station address - This portion uniquely identifies the Ethernet hardware.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MAC Address Format

00 - 50 - 56 - C0 - 00 - 01

OUI NIC
Organizationally Network
Unique Interface
Identifier (OUI) Controller (NIC)

Three Bytes Three Bytes

A

Destination MAC addresses include the three major types of network communications:

  • Unicast - Communication in which a frame is sent from one host and is addressed to one specific destination. In a unicast transmission, there is only one sender and one receiver. Unicast transmission is the predominant form of transmission on LANs and within the internet.
  • Broadcast - Communication in which a frame is sent from one address to all other addresses. In this case, there is only one sender, but the information is sent to all of the connected receivers. Broadcast transmission is essential for sending the same message to all devices on the LAN. Broadcasts are typically used once a device is looking for MAC address of the destination.
  • Multicast - Communication in which information is sent to a specific group of devices or clients. Unlike broadcast transmission, in multicast transmission, clients must be members of a multicast group to receive the information.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Switching

A

The switch builds and maintains a table (called the MAC address table) that matches the destination MAC address with the port that is used to connect to a node. The MAC address table is stored in the Content Addressable Memory (CAM), which enables very fast lookups.

The switch dynamically builds the MAC address table by examining the source MAC address of frames received on a port. The switch forwards frames by searching for a match between the destination MAC address in the frame and an entry in the MAC address table. Depending on the result, the switch will decide whether to filter or flood the frame. If the destination MAC address is in the MAC address table, it will send it out the specified port. Otherwise, it will flood it out all ports except the incoming port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Virtual LANs (VLANs)

A

A virtual LAN (VLAN) is used to segment different Layer 2 broadcast domains on one or more switches. A VLAN groups devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible. For example, the network administrator created three VLANs based on the function of its users: engineering, marketing, and accounting. Notice that the devices do not need to be on the same floor.

VLANs define Layer 2 broadcast domains. Broadcast domains are typically bounded by routers because routers do not forward broadcast frames. VLANs on Layer 2 switches create broadcast domains based on the configuration of the switch. Switch ports are assigned to a VLAN. A Layer 2 broadcast received on a switch port is only flooded out onto other ports belonging to the same VLAN.

You can define one or many VLANs within a switch. Each VLAN you create in the switch defines a new broadcast domain. Traffic cannot pass directly to another VLAN (between broadcast domains) within the switch or between two switches. To interconnect two different VLANs, you must use a router or Layer 3 switch.

VLANs are often associated with IP networks or subnets. For example, all of the end stations in a particular IP subnet belong to the same VLAN. Traffic between VLANs must be routed. You must assign a VLAN membership (VLAN ID) to a switch port on a port-by-port basis (this is known as interface-based or static VLAN membership). You can set various parameters when you create a VLAN on a switch, including VLAN number (VLAN ID) and VLAN name.

A trunk is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across an entire network. IEEE 802.1Q defines a “tag” that is inserted in the frame containing the VLAN ID. This tag is inserted when the frame is forwarded by the switch on its egress interface. The tag is removed by the switch that receives the frame. This is how switches know of which VLAN the frame is a member.

These VLANs are organized into three ranges: reserved, normal, and extended. Some of these VLANs are propagated to other switches in the network when you use the VLAN Trunking Protocol (VTP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The Internetwork Layer

A

Interconnected networks have to have ways to communicate. Internetworking provides that “between” (inter) networks communication method. This topic describes addressing and routing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

IPv4 Addresses

An IPv4 address is 32 bits, with each octet (8 bits) represented as a decimal value separated by a dot. This representation is called dotted decimal notation. For example, 192.168.48.64 and 64.100.36.254 are IPv4 addresses represented in dotted decimal notation.

A

Every device on a network has a unique IP address. An IP address and a MAC address are used for access and communication across all network devices. Without IP addresses there would be no internet.

Despite the introduction of IPv6, IPv4 continues to route most internet traffic today. During recent years, more traffic is being sent over IPv6 due to the exhaustion of IPv4 addresses and the proliferation of mobile and Internet of Things (IoT) devices.

The IPv4 subnet mask (or prefix length) is used to differentiate the network portion from the host portion of an IPv4 address. A subnet mask contains four bytes and can be written in the same format as an IP address. In a valid subnet mask, the most significant bits starting at the left most must be set to 1. These bits are the network portion of the subnet mask. The bits set to 0 are the host portion of the mask

For this example, look at 203.0.113.0/24. The network’s IPv4 address is 203.0.113.0 with a subnet mask 255.255.255.0. The last octet of the subnet mask has all 8 bits available for host IPv4 addresses, which means that on the network 203.0.113.0/24, there can be up to 28 (256) available subnet addresses.

Two IPv4 addresses are in use by default and cannot be assigned to devices:

  • 203.0.113.0 is the network address
  • 203.0.113.255 is the broadcast address

Therefore, there are 254 (256 - 2) host IP addresses available, and the range of addresses available for hosts would be 203.0.113.1 to 203.0.113.254.

There are three types of IPv4 addresses:

  • Network address - A network address is an address that represents a specific network and contains all 0 bits in the host portion of the address.
  • Host addresses - Host addresses are addresses that can be assigned to a device such as a host computer, laptop, smart phone, web camera, printer, router, etc. Host addresses contain a least one 0 bit and one 1 bit in the host portion of the address.
  • Broadcast address - A broadcast address is an address that is used when it is required to reach all devices on the IPv4 network. It contains all 1 bits in the host portion of the address.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Subnets

A

A network can be divided into smaller networks called subnets. Subnets can be provided to individual organizational units, such as teams or business departments, to simplify the network and potentially make departmental data private. The subnet provides a specific range of IP addresses for a group of hosts to use. Every network is typically a subnet of a larger network.

For example, the network IPv4 network address is 192.168.2.0/24. The /24 (255.255.255.0) subnet mask means that the last octet has 8 bits available for host addresses. You can borrow from the host portion to create subnets. For example, you need to use three bits to create eight subnets (23 = 8). This leaves the remaining five bits for the hosts (25 = 32).

This can be more easily visualized when showing the subnet mask in binary format.

  • /24 subnet mask: 11111111.11111111.11111111.00000000
  • Modified /27 subnet mask: 11111111.11111111.11111111.11100000

Because you need to create eight subnets, you designate three bits in the last octet for subnet use. The remaining five bits are for the hosts, and provide each subnet with 32 IP addresses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

IPv6 Addresses

A

IPv6 is designed to be the successor to IPv4. IPv6 has a larger 128-bit address space, providing 340 undecillion (i.e., 340 followed by 36 zeroes) possible addresses. However, IPv6 is more than just larger addresses.

The larger IPv6 address space allows networks to scale and provide global reachability. The simplified IPv6 packet header format handles packets more efficiently. IPv6 prefix aggregation, simplified network renumbering, and IPv6 site multihoming capabilities provide an IPv6 addressing hierarchy that allows for more efficient routing. IPv6 supports widely deployed routing protocols such as Routing Information Protocol (RIP), Integrated Intermediate System-to-Intermediate System (IS-IS), OSPF, and multiprotocol BGP (mBGP). Other available features include stateless autoconfiguration and an increased number of multicast addresses.

IPv6 addresses are represented as a series of 16-bit hexadecimal fields (hextet) separated by colons (:) in the format: x:x:x:x:x:x:x:x. The preferred format includes all the hexadecimal values. There are two rules that can be used to reduce the representation of the IPv6 address:

  1. Omit leading zeros in each hextet
  2. Replace a single string of all-zero hextets with a double colon (::)

Leading zeros in each 16-bit hextet can be omitted. For example:

Preferred

2001:0db8:0000:1111:0000:0000:0000:0200

No leading 0s

2001:db8:0:1111:0:0:0:200

IPv6 addresses commonly contain successive hexadecimal fields of zeros. Two colons (::) may be used to compress successive hexadecimal fields of zeros at the beginning, middle, or end of an IPv6 address (the colons represent successive hexadecimal fields of zeros).

A double colon (::) can replace any single, contiguous string of one or more 16-bit hextets consisting of all zeros. For example, the following preferred IPv6 address can be formatted with no leading zeros.

Preferred

2001:0db8:0000:1111:0000:0000:0000:0200

No leading 0s

2001:db8:0:1111::200

Two colons (::) can be used only once in an IPv6 address to represent the longest successive hexadecimal fields of zeros. Hexadecimal letters in IPv6 addresses are not case-sensitive according to RFC 5952.

19
Q

IPv6 Unicast Addresses

There are several types of IPv6 unicast addresses including:

  • Global unicast addresses
  • Link-local addresses
  • Unique local addresses
  • Multicast addresses
A

An IPv6 unicast address is an identifier for a single interface, on a single device. A packet that is sent to a unicast address is delivered to the interface identified by that address.

  • Global unicast addresses:

A global unicast address (GUA) is an IPv6 similar to a public IPv4 address. IPv6 global unicast addresses are globally unique and routable on the IPv6 internet. The parts of the GUA:

  • Global Routing Prefix: The global routing prefix is the prefix, or network, portion of the address that is assigned by the provider such as an ISP, to a customer or site.
  • Subnet ID: The Subnet ID field is the area between the Global Routing Prefix and the Interface ID. Unlike IPv4, where you must borrow bits from the host portion to create subnets, IPv6 was designed with subnetting in mind.
  • Interface ID: The IPv6 Interface ID is equivalent to the host portion of an IPv4 address. The term Interface ID is used because a single device may have multiple interfaces, each having one or more IPv6 addresses. It is strongly recommended that in most cases /64 subnets should be used, which creates a 64-bit interface ID.

The GUA is not a requirement; however every IPv6-enabled network interface must have an Link-local Address (LLA).

  • Link-local addresses:

An IPv6 Link-local Address (LLA) enables a device to communicate with other IPv6-enabled devices on the same link and only on that link (subnet). Packets with a source or destination LLA cannot be routed beyond the link from which the packet originated.

  • Unique local addresses:

Unique local addresses (range fc00::/7 to fdff::/7) are not yet commonly implemented. However, unique local addresses may eventually be used to address devices that should not be accessible from the outside, such as internal servers and printers.

  • Unique local addresses are used for local addressing within a site or between a limited number of sites.
  • Unique local addresses can be used for devices that will never need to access another network.
  • Unique local addresses are not globally routed or translated to a global IPv6 address.
  • Multicast addresses:

There are no broadcast addresses in IPv6. IPv6 multicast addresses are used instead of broadcast addresses. IPv6 multicast addresses are similar to IPv4 multicast addresses. Recall that a multicast address is used to send a single packet to one or more destinations (multicast group). IPv6 multicast addresses have the prefix ff00::/8.

Note: Multicast addresses can only be destination addresses and not source addresses.

There are two types of IPv6 multicast addresses:

  • Well-known multicast addresses
  • Solicited node multicast addresses
20
Q

Routers and Routing

  • Path Determination
  • Packet Forwarding
A

Recall that a router is a networking device that functions at the internet layer of the TCP/IP model or Layer 3 network layer of the OSI model. Routing involves the forwarding packets between different networks. Routers use a routing table to route between networks. A router generally has two main functions: Path determination, and Packet routing or forwarding.

Path Determination

Path determination is the process through which a router uses its routing table to determine where to forward packets. Each router maintains its own local routing table, which contains a list of all the destinations that are known to the router and how to reach those destinations. When a router receives an incoming packet on one of its interfaces, it checks the destination IP address in the packet and looks up the best match between the destination address and the network addresses in its routing table. A matching entry indicates that the destination is directly connected to the router or that it can be reached by forwarding the packet to another router. That router becomes the next-hop router towards the final destination of the packet. If there is no matching entry, the router sends the packet to the default route. If there is no default route, the router drops the packet.

Packet Forwarding

After the router determines the correct path for a packet, it forwards the packet through a network interface towards the destination network.

A routing table may contain the following types of entries:

  • Directly connected networks - These network route entries are active router interfaces. Routers add a directly connected route when an interface is configured with an IP address and is activated. Each router interface is connected to a different network segment.
  • Static routes - These are routes that are manually configured by the network administrator. Static routes work relatively well for small networks that do not change in time, but in large dynamic networks they have many shortcomings.
  • Dynamic routes - These are routes learned automatically when a dynamic routing protocol is configured and a neighbor relationship to other routers is established. The reachability information in this case is dynamically updated when a change in the network occurs. Several routing protocols with different advantages and shortcomings have been developed through the years. Routing protocols are extensively used throughout networks deployed all over the world. Examples of routing protocols include OSPF, EIGRP, IS-IS, and BGP.
  • Default routes - Default routes are either manually entered, or learned through a dynamic routing protocol. Default routes are used when no explicit path to a destination is found in the routing table. They are a gateway of last resort option instead of just dropping the packet.
21
Q

Ethernet Switches

A

A key concept in Ethernet switching is the broadcast domain. A broadcast domain is a logical division in which all devices in a network can reach each other by broadcast at the data link layer. Broadcast frames must be forwarded by the switch on all its ports except the port that received the broadcast frame. By default, every port on a switch belongs to the same broadcast domain. A Layer 3 device, such as a router is needed to terminate the Layer 2 broadcast domain. As discussed previously, VLANs correspond to a unique broadcast domain.

One of the main features of Ethernet switches over legacy Ethernet hubs is that they provide full-duplex communications, which eliminates collision domains. Ethernet switches can simultaneously transmit and receive data. This mode is called full-duplex. Full-duplex communication is similar to the telephone communication, in which each person can talk and hear what the other person says simultaneously.

22
Q

Ethernet switches functions and modes

A

Switches have the following functions:

  • Operate at the network access layer of the TCP/IP model and the Layer 2 data link layer of the OSI model
  • Filter or flood frames based on entries in the MAC address table
  • Have a large number of high speed and full-duplex ports

The switch dynamically learns which devices and their MAC addresses are connected to which switch ports. It builds the MAC address table and filters or floods frames based on that table.

The switching mode determines whether the switch begins forwarding the frame as soon as the switch has read the destination details in the packet header, or waits until the entire frame has been received and checked for errors, by calculating the cyclic redundancy check (CRC) value, before forwarding on the network. The switching mode is applicable to all packets being switched or routed through the hardware and can be saved persistently through reboots and restarts.

The switch operates in either of the following switching modes:

  • Cut-Through Switching Mode - Switches operating in cut-through switching mode start forwarding the frame as soon as the switch has read the destination details in the frame header. A switch in cut-through mode forwards the data before it has completed receiving the entire frame. The switching speed in cut-through mode is faster than the switching speed in store-and-forward switching mode. Fragment free switching is a modified form of cut-through switching in which the switch only starts forwarding the frame after it has read the Type field. Fragment free switching provides better error checking than cut-through, with practically no increase in latency.
  • Store-and-Forward Switching Mode - When store-and-forward switching is enabled, the switch checks each frame for errors before forwarding it. Each frame is stored until the entire frame has been received and checked. Because it waits to forward the frame until the entire frame has been received and checked, the switching speed in store-and-forward switching mode is slower than the switching speed in cut-through switching mode.
23
Q

LAN switches

A

These are some characteristics of LAN switches:

  • High port density - Switches have a large number of ports, from 24 to 48 ports per switch in smaller devices, to hundreds of ports per switch chassis in larger modular switches. Switch ports usually operate at 100 Mbps, 1 Gbps, and 10 Gbps.
  • Large frame buffers - Switches have the ability to store received frames when there may be congested ports on servers or other devices in the network.
  • Fast internal switching - Switches have very fast internal switching. They are able to switch user traffic from the ingress port to the egress port extremely fast. Different methods are used to connect the ports which affects the overall performance of the switch including a fast internal bus, shared memory, or an integrated crossbar switch fabric.
24
Q

Routers

The functions of a router are path determination and packet forwarding.

A

While switches are used to connect devices on a LAN and exchange data frames, routers are needed to reach devices that are not on the same LAN. Routers use routing tables to route traffic between different networks. Routers are attached to different networks (or subnets) through their interfaces and have the ability to route the data traffic between them.

Routers have the following functions:

  • They operate at the internet layer of TCP/IP model and Layer 3 network layer of the OSI model.
  • They route packets between networks based on entries in the routing table.
  • They have support for a large variety of network ports, including various LAN and WAN media ports which may be copper or fiber. The number of interfaces on routers is usually much smaller than switches but the variety of interfaces supported is greater. IP addresses are configured on the interfaces.

There are three packet-forwarding mechanisms supported by routers:

  • Process switching (solves a problem by doing math long hand, even if it is the identical problem that was just solved)
  • When a packet arrives on an interface, it is forwarded to the control plane where the CPU matches the destination address with an entry in its routing table, and then determines the exit interface and forwards the packet. The router does this for every packet, even if the destination is the same for a stream of packets. This process-switching mechanism is very slow and is rarely implemented in modern networks.
  • Fast switching (solves a problem by doing math long hand one time and remembering the answer for subsequent identical problems)
  • Fast switching uses a fast-switching cache to store next-hop information. When a packet arrives on an interface, it is forwarded to the control plane where the CPU searches for a match in the fast-switching cache. If it is not there, it is process-switched and forwarded to the exit interface. The flow information for the packet is also stored in the fast-switching cache. If another packet going to the same destination arrives on an interface, the next-hop information in the cache is re-used without CPU intervention.
  • Cisco Express Forwarding (CEF) (solves every possible problem ahead of time in a spreadsheet)
  • CEF is the most recent and default Cisco IOS packet-forwarding mechanism. Like fast switching, CEF builds a Forwarding Information Base (FIB), and an adjacency table. However, the table entries are not packet-triggered like fast switching but change-triggered, such as when something changes in the network topology. Therefore, when a network has converged, the FIB and adjacency tables contain all the information that a router would have to consider when forwarding a packet. Cisco Express Forwarding is the fastest forwarding mechanism and the default on Cisco routers and multilayer switches.
25
Q

Firewalls

  • Stateless Packet Filtering
  • Stateful Packet Filtering
  • Application Layer Packet Filtering
A

A firewall is a hardware or software system that prevents unauthorized access into or out of a network. Typically, firewalls are used to prevent unauthorized internet users from accessing internal networks. Therefore, all data leaving or entering the protected internal network must pass through the firewall to reach its destination, and any unauthorized data is blocked. The role of the firewall in any network is critical.

  • Stateless Packet Filtering:

The most basic (and the original) type of firewall is a stateless packet filtering firewall. You create static rules that permit or deny packets, based on packet header information. The firewall examines packets as they traverse the firewall, compares them to static rules, and permits or denies traffic accordingly. This stateless packet filtering can be based on several packet header fields, including the following:

  • Source and/or destination IP address
  • IP protocol ID
  • Source and/or destination TCP or UDP Port number
  • ICMP message type
  • Fragmentation flags
  • IP option settings

This type of firewall tends to work best for TCP applications that use the same static ports every time, or for filtering that is purely based on Layer 3 information such as source or destination IP address.
The static rules are fairly simple, but they do not work well for applications that dynamically use different sets of TCP and/or UDP port numbers. This is because they cannot track the state of TCP or UDP sessions as they transition from initial request, to fulfilling that request, and then the closing of the session. Also, these static rules are built using a restrictive approach. In other words, you write explicit rules to permit the specific traffic deemed acceptable, and deny everything else.

  • Stateful Packet Filtering:

The stateful packet filtering firewall performs the same header inspection as the stateless packet filtering firewall but also keeps track of the connection state. This is a critical difference. To keep track of the state, these firewalls maintain a state table.

A typical simple configuration works as follows. Any sessions or traffic initiated by devices on trusted, inside networks are permitted through the firewall. This includes the TCP connection request for destination port 80. The firewall keeps track of this outbound request in its state table. The firewall understands that this is an initial request, and so an appropriate response from the server is allowed back in through the firewall. The firewall tracks the specific source port used and other key information about this request. This includes various IP and TCP flags and other header fields. This adds a certain amount of intelligence to the firewall.

It will allow only valid response packets that come from the specific server. The response packets must have all the appropriate source and destination IP addresses, ports, and flags set. The stateful packet filtering firewall understands standard TCP/IP packet flow including the coordinated change of information between inside and outside hosts that occurs during the life of the connection. The firewall allows untrusted outside servers to respond to inside host requests, but will not allow untrusted servers to initiate requests.

  • Application Layer Packet Filtering:

The most advanced type of firewall is the application layer firewall which can perform deep inspection of the packet all the way up to the OSI model’s Layer 7. This gives you more reliable and capable access control for OSI Layers 3–7, with simpler configuration.

This additional inspection capability can impact performance. Limited buffering space can hinder deep content analysis.

The application layer firewall can determine a File Transfer Protocol (FTP) session, just like a stateless or stateful firewall can. However, this firewall can look deeper, into the application layer to see that this is specifically an FTP “put” operation, to upload a file. You could have rules that deny all FTP uploads. Or you can configure a more granular rule such as one that denies all FTP uploads except those from a specific source IP and only if the filename is “os.bin”.

The deeper packet inspection capability of the application layer firewall enables it to verify adherence to standard HTTP protocol functionality. It can deny requests that do not conform to these standards, or otherwise meet criteria established by the security team.

26
Q

Load Balancers

A

Load balancing improves the distribution of workloads across multiple computing resources, such as servers, cluster of servers, network links, and more. Server load balancing helps ensure the availability, scalability, and security of applications and services by distributing the work of a single server across multiple servers.

The load balancer decides which server should receive a client request such as a web page or a file. The load balancer selects a server that can successfully fulfill the client request most effectively, without overloading the selected server or the overall network.

At the device level, the load balancer provides the following features to support high network availability:

  • Device redundancy — Redundancy allows you to set up a peer load balancer device in the configuration so that if one load balancer becomes inoperative, the other load balancer can take its place immediately.
  • Scalability — Virtualization allows running the load balancers as independent virtual devices, each with its own resource allocation.
  • Security — Access control lists restrict access from certain clients or to certain network resources.

At the network service level, a load balancer provides the following advanced services:

  • High services availability — High-performance server load balancing allows distribution of client requests among physical servers and server farms. In addition, health monitoring occurs at the server and server farm levels through implicit and explicit health probes.
  • Scalability — Virtualization allows the use of advanced load-balancing algorithms (predictors) to distribute client requests among the virtual devices configured in the load balancer. Each virtual device includes multiple virtual servers. Each server forwards client requests to one of the server farms. Each server farm can contain multiple physical servers.
  • Services-level security — This allows establishment and maintenance of a Secure Sockets Layer (SSL) session between the load balancer and its peer, which provides secure data transactions between clients and servers.

Although the load balancer can distribute client requests among hundreds or even thousands of physical servers, it can also maintain server persistence. With some e-commerce applications, all client requests within a session are directed to the same physical server so that all the items in one shopping cart are contained on one server.

You can configure a virtual server to intercept web traffic to a website and allow multiple real servers (physical servers) to appear as a single server for load-balancing purposes.

You can distribute incoming client requests among the servers in a server farm by defining load-balancing rules called predictors using IP address and port information.

27
Q

Network Diagrams

A

Network diagrams are part of the documentation that goes with a network deployment and play just as an important role as the documentation steps in programming code. Network diagrams typically display a visual and intuitive representation of the network, depicting how are all the devices are connected, and in which buildings, floors, closets are they located, as well as what interface connects to each device.

As networks get built and configured and go through their lifecycle of ordering the devices, receiving them on site, bringing them online and configuring them, maintaining and monitoring them, upgrading them, all the way to decommissioning them, and starting the process over again, network diagrams need to be updated and maintained to document all these changes.

There are generally two types of network diagrams:
* Layer 2 physical connectivity diagrams
* Layer 3 logical connectivity diagrams

Layer 2, or physical connectivity diagrams are network diagrams representing how devices are physically connected in the network. It is basically a visual representation of which network port on a network device connects to which network port on another network device. Protocols like Cisco Discovery Protocol (CDP) or Link Layer Discovery Protocol (LLDP) can be used to display the physical network port connectivity between two or more devices. This network diagram is useful especially when troubleshooting direct network connectivity issues.

Layer 3, or logical connectivity diagrams are network diagrams that display the IP connectivity between devices on the network. Switches and Layer 2 devices are usually not even displayed in these diagrams as they do not perform any Layer 3 functions and from a routing perspective, they are the equivalent of a physical wire. This type of network diagram is useful when troubleshooting routing problems. Redundant connections and routing protocols are usually present in networks that require high availability.

28
Q

Networking Protocols

  • Telnet and Secure Shell (SSH)
  • HTTP and HTTPS
  • NETCONF and RESTCONF
A

Each protocol meets a need and uses standard port values. You should know when to use a particular protocol and know the standard port for connections. Many developers have been puzzled by a mismatched port value; therefore, checking these values can be a first line of attack when troubleshooting.

  • Telnet and Secure Shell (SSH)

Telnet and SSH are both used to connect to a remote computer and log in to that system using credentials. Telnet is less prevalent today because SSH uses encryption to protect data going over the network connection. Telnet should only be used in non-production environments.

SSH connections can use a public key for authentication, rather than sending a username and password over the network. This authentication method means that SSH is a good choice to connect to network devices, to cloud devices, and to containers.

By default, SSH uses port 22 and Telnet uses port 23.

  • HTTP and HTTPS

HTTP and its secure version, HTTPS, are both protocols recognized by web browsers and are used to connect to web sites. HTTPS uses TLS or SSL to make a secure connection. You can see the http: or https: in the address bar on your browser. Many browsers also recognize ssh: and ftp: protocols and allow you to connect to remote servers in that way as well.

  • NETCONF and RESTCONF

NETCONF uses port 830. RESTCONF does not have a reserved port value. You may see various implementations of different values. Commonly the port value is in the 8000s.

To have multiple network operations, you want to make sure each protocol has a default port and use standards to try to avoid conflicts. TCP and UDP traffic requires a destination port be specified for each packet. The source port is automatically generated by the sending device.

29
Q

DHCP

A

DHCP was designed to dynamically configure devices with IP addressing information. DHCP works within a client/server model, where designated DHCP servers allocate IP addresses and deliver configuration information to devices that are configured to dynamically request addressing information.

In addition to the IP address for the device itself, a DHCP server can also provide additional information, like the IP address of the DNS server, default router, and other configuration parameters.

Some of the benefits of using DHCP instead of manual configurations are:

  • Reduced client configuration tasks and costs - By not having to physically walk up to the device and manually configure the network settings, large cost savings are possible. This especially applies in the case of ISPs that can remotely and dynamically assign IP addresses to the cable or Digital Subscriber Line (DSL) modems of their clients without having to dispatch a person each time a network configuration change is necessary.
  • Centralized management - A DHCP server typically maintains the configuration settings for several subnets. Therefore, an administrator only needs to configure and update a single, central server.

DHCP allocates IP addresses in three ways:

  • Automatic allocation - The DHCP server assigns a permanent IP address to the client.
  • Dynamic allocation - DHCP assigns an IP address to a client for a limited period of time (lease time).
  • Manual allocation - The network administrator assigns an IP address to a client and DHCP is used to relay the address to the client.
30
Q

DHCP Relay

A

In cases in which the DHCP client and server are located in different subnets, a DHCP relay agent can be used. A relay agent is any host that forwards DHCP packets between clients and servers. Relay agent forwarding is different from the normal forwarding that an IP router performs, where IP packets are routed between networks transparently. Relay agents receive inbound DHCP messages and then generate new DHCP messages on another interface.

Clients use port 67 to send DHCP messages to DHCP servers. DHCP servers use port 68 to send DHCP messages to clients.

DHCP operations includes four messages between the client and the server:

  • DHCPDISCOVER - Server discovery
  • DHCPPOFFER - IP lease offer
  • DHCPREQUEST - IP lease request
  • DHCPACK - IP lease acknowledgment

The client broadcasts a DHCPDISCOVER message looking for a DHCP server. The server responds with a unicast DHCPOFFER. If there is more than one DHCP server on the local network, the client may receive multiple DHCPOFFER messages. Therefore, it must choose between them, and broadcast a DHCPREQUEST message that identifies the explicit server and lease offer that the client is accepting.

DHCPv6 has a set of messages that is similar to those for DHCPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY.

31
Q

DNS

  • DNS Message Format
  • DNS Hierarchy
A

In data networks, devices are labelled with numeric IP addresses to send and receive data over networks. Domain names were created to convert the numeric address into a simple, recognizable name. The DNS protocol defines an automated service that matches domain names to IP addresses. It includes the format for queries, responses, and data. DNS uses a single format called a DNS message.

  • DNS Message Format

The DNS server stores different types of resource records that are used to resolve names. These records contain the name, address, and type of record. Some of these record types are as follows:

  • A – An end device IPv4 address
  • NS – An authoritative name server
  • AAAA – An end device IPv6 address (pronounced quad-A)
  • MX – A mail exchange record

When a client makes a query to its configured DNS server, the DNS server first looks at its own records to resolve the name. If it is unable to resolve the name by using its stored records, it contacts other servers to resolve the name. After a match is found and returned to the original requesting server, the server temporarily stores the numbered address in the event that the same name is requested again.

DNS uses the same message format between servers. It consists of a question, answer, authority, and additional information for all types of client queries and server responses, error messages, and transfer of resource record information.

  • DNS Hierarchy

DNS uses a hierarchical system based on domain names to create a database to provide name resolution.

The naming structure is broken down into small, manageable zones. Each DNS server maintains a specific database file and is only responsible for managing name-to-IP mappings for that small portion of the entire DNS structure. When a DNS server receives a request for a name translation that is not within its DNS zone, the DNS server forwards the request to another DNS server within the proper zone for translation. DNS is scalable because hostname resolution is spread across multiple servers.

The different top-level domains represent either the type of organization or the country of origin.

32
Q

(Simple Network Management Protocol) SNMP

A

SNMP was developed to allow administrators to manage devices such as servers, workstations, routers, switches, and security appliances. It enables network administrators to monitor and manage network performance, find and solve network problems, and plan for network growth. SNMP is an application layer protocol that provides a message format for communication between managers and agents.

SNMPv3 includes authentication, encryption, and message integrity.

The SNMP system consists of three elements:

  • SNMP manager: network management system (NMS)
  • SNMP agents (managed device)
  • Management Information Base (MIB)

To configure SNMP on a networking device, it is first necessary to define the relationship between the SNMP manager and the device (the agent).

The SNMP manager is part of a network management system (NMS). The SNMP manager runs SNMP management software.

The SNMP manager can collect information from an SNMP agent by using the “get” action. It can also change configurations on an agent by using the “set” action. In addition, SNMP agents can forward information directly to the SNMP manager by using “traps”.

33
Q

SNMP Operation

SNMP Polling

SNMP Traps

A

An SNMP agent running on a device collects and stores information about the device and its operation. This information is stored locally by the agent in the MIB. The SNMP manager then uses the SNMP agent to access information within the MIB and make changes to the device configuration. There are two primary SNMP manager requests, get and set. A get request is used by the SNMP manager to query the device for data. A set request is used by the SNMP manager to change configuration variables in the agent device. A set request can also initiate actions within a device.

The NMS can be configured to periodically have the SNMP managers poll the SNMP agents that are residing on managed devices using the get request. The SNMP manager queries the device for data. Using this process, a network management application can collect information to monitor traffic loads and to verify the device configurations of managed devices. The information can be displayed via a GUI on the NMS.

Periodic SNMP polling does have disadvantages. First, there is a delay between the time that an event occurs and the time that it is noticed (via polling) by the NMS. Second, there is a trade-off between polling frequency and bandwidth usage. To mitigate these disadvantages, it is possible for SNMP agents to generate and send traps to inform the NMS immediately of certain events. Traps are unsolicited messages alerting the SNMP manager to a condition or event on the network. Examples of trap conditions include, but are not limited to, improper user authentication, restarts, link status (up or down), MAC address tracking, closing of a TCP connection, loss of connection to a neighbor, or other significant events.

34
Q

SNMP Community Strings

Management Information Base (MIB)

SNMP Communities

SNMP Messages

A

For SNMP to operate, the NMS must have access to the MIB. To ensure that access requests are valid, some form of authentication must be in place. SNMPv1 and SNMPv2c use community strings that control access to the MIB. Community strings are plaintext passwords. SNMP community strings authenticate access to MIB objects. There are two types of community strings:
* Read-only (ro) - This type provides access to the MIB variables, but does not allow these variables to be changed. Because security is minimal in version 2c, many organizations use SNMPv2c in read-only mode.
* Read-write (rw) - This type provides read and write access to all objects in the MIB.
To get or set MIB variables, the user must specify the appropriate community string for read or write access.

The agent captures data from MIBs, which are data structures that describe SNMP network elements as a list of data objects. Think of the MIB as a “map” of all the components of a device that are being managed by SNMP. To monitor devices, the SNMP manager must compile the MIB file for each equipment type in the network. Given an appropriate MIB, the agent and SNMP manager can use a relatively small number of commands to exchange a wide range of information with one another. The MIB is organized in a tree-like structure with unique variables represented as terminal leaves. An Object IDentifier (OID) is a long numeric tag. It is used to distinguish each variable uniquely in the MIB and in the SNMP messages. Variables that measure things such as CPU temperature, inbound packets on an interface, fan speed, and other metrics, all have associated OID values. The MIB associates each OID with a human-readable label and other parameters, serving as a dictionary or codebook. SNMP traps are used to generate alarms and events that are happening on the device.

SNMP community names are used to group SNMP trap destinations. When community names are assigned to SNMP traps, the request from the SNMP manager is considered valid if the community name matches one configured on the managed device. If so, all agent-managed MIB variables are made accessible.
If the community name does not match, however, SNMP drops the request.

SNMP uses the following messages to communicate between the manager and the agent:

  • Get
  • GetNext
  • GetResponse
  • Set
  • Trap

The Get and GetNext messages are used when the manager requests information for a specific variable. When the agent receives a Get or GetNext message it will issue a GetResponse message back to the manager. The response message will contain either the information requested or an error message indicating why the request cannot be processed. A Set message is used by the manager to request that a change should be made to the value of a specific variable. Similarly, to the Get and GetNext requests, the agent will respond with a GetResponse message indicating either that the change has been successfully done or an error message indicating why the requested change cannot be implemented. The Trap message is used by the agent to inform the manager when important events take place. An SNMP Trap is a change of state message.

35
Q

NTP Overview

A

Accurate time and making sure all devices in the network have a uniform and correct view of time has always been a critical component to ensuring a smooth operation of the infrastructure. Every second of downtime or unavailability of services over the network can be extremely expensive. Service Level Agreements (SLAs) are contracts between parties that consume infrastructure services and parties that provide these services. Time is fundamental to measuring SLAs and enforcing contracts.

Network Time Protocol (NTP) enables a device to update its clock from a trusted network time source, compensating for local clock drift. A device receiving authoritative time can be configured to serve time to other machines, enabling groups of devices to be closely synchronized. NTP uses UDP port 123 as source and destination.

An authoritative time source is usually a radio clock, or an atomic clock attached to a time server. It is the role of NTP to distribute the time across the network.

NTP uses the concept of strata (layers) to describe how far away a host is from an authoritative time source. The most authoritative sources are in stratum 1. These are generally servers connected directly to a very accurate time source, like a rubidium atomic clock. A stratum 2 time server receives time from a stratum 1 server, and so on.

NTP avoids synchronizing with upstream servers whose time is not accurate. It does this in two ways:
* NTP never synchronizes with a NTP server that is not itself synchronized.
* NTP compares time reported by several NTP servers, and will not synchronize to a server whose time is an outlier, even if its stratum is lower than the other servers’ stratum.

The time kept on a device is a critical resource. It is strongly recommended to use the security features that come with NTP to avoid the accidental or malicious configuration of incorrect time.

Clients usually synchronize with the lowest stratum server they can access. But NTP incorporates safeguards as well: it prefers to have access to at least three lower-stratum time sources (giving it a quorum), because this helps it determine if any single source is incorrect. When all servers are well synchronized, NTP chooses the best server based on a range of variables: lowest stratum, network distance (latency), and precision claimed.

In order to determine if a server is reliable, the client applies many sanity checks. If any one of these checks fail, the device declares the source insane.

36
Q

NTP Association Modes

NTP servers can associate in several modes, including:
* Client/Server
* Symmetric Active/Passive
* Broadcast

A
  • Client/Server Mode

Client/server mode is most common. In this mode, a client or dependent server can synch with a group member, but not the reverse, protecting against protocol attacks or malfunctions. Client-to-server requests are made via asynchronous remote procedure calls. On the client side, client/server mode can be turned on with a single command or config-file change, followed by a restart of the NTP service on the host.

  • Symmetric Active/Passive Mode

In this mode, a group of low stratum peers work as backups for one another. Each peer derives time from one or more primary reference sources or from reliable secondary servers. Should a peer lose all reference sources or stop working, the other peers automatically reconfigure to support one another. This is called a ‘push-pull’ operation in some contexts: peers either pull or push time, depending on self-configuration.

  • Broadcast and/or Multicast Mode

When only modest requirements for accuracy exist, clients can use NTP broadcast and/or multicast modes, where many clients are configured the same way, and one broadcast server (on the same subnet) provides time for them all. Broadcast messages are not propagated by routers, meaning that this mode cannot be used beyond a single subnet.

37
Q

Network Address Translation (NAT)

Purpose of NAT

A

Network Address Translation (NAT) helps with the problem of IPv4 address depletion. NAT works by mapping many private internal IPv4 addresses to a range of public addresses or to one single address (as is done in most home networks). NAT identifies traffic to and from a specific device, translating between external/public and internal/private IPv4 addresses. NAT can be configured on hosts and routers requiring it, without requiring any changes to hosts or routers that do not need NAT.

By mapping between external and internal IPv4 addresses, NAT allows an organization with non-globally-routable IPv4 addresses to connect to the internet by translating addresses into a globally-routable IPv4 address.

38
Q

Types of NAT

Four NAT Addresses

Inside Source Address Translation

Overloading of Inside Global Addresses

A

NAT typically runs on a router. Before packets are forwarded between networks, NAT translates the private (inside local) addresses within the internal network into public (inside global) addresses. This functionality gives the option to configure NAT so that it advertises only a single address to the outside world, for the entire internal network. By so doing, NAT effectively hides the internal network from the world.

Types of NAT include:

  • Static address translation (static NAT) – This is one-to-one mapping between global and local IPv4 addresses.
  • Dynamic address translation (dynamic NAT) – This maps registered IPv4 addresses from a pool to registered IP addresses.
  • Overloading (also called Port Address Translation or PAT) – This maps many unregistered IPv4 addresses to a single registered address (many to one) on different ports. Through overloading, thousands of users can be connected to the internet by using only one real global IP address.

IPv6 was developed with the intention of making NAT unnecessary. However, IPv6 does include its own IPv6 private address space called unique local addresses (ULAs).

NAT includes four types of addresses:

  • Inside local address
  • Inside global address
  • Outside local address
  • Outside global address

When determining which type of address is used, it is important to remember that NAT terminology is always applied from the perspective of the device with the translated address:

  • Inside address – This is the address of the device which is being translated by NAT.
  • Outside address – This is the address of the destination device.

NAT also uses the concept of local or global with respect to addresses:

  • Local address – This is any address that appears on the inside portion of the network.
  • Global address - This is any address that appears on the outside portion of the network.

IPv4 addresses can be translated into globally-unique IPv4 addresses when communicating outside the internal network. There are two options to accomplish this:

  • Static translation - This method sets up a one-to-one mapping between an inside local address and an inside global address. This is useful when a host on the inside must be accessed from a fixed outside address.
  • Dynamic translation - This method maps between inside local addresses and a global address pool.

Using a single global address for multiple local addresses is known as overloading. When overloading is configured, the NAT device gathers information from higher-level protocols (for example, TCP or UDP port numbers) to translate global addresses back to correct local addresses. To map multiple local addresses to one global address, TCP or UDP port numbers are used to distinguish local addresses. This NAT process is called Port Address Translation (PAT).

39
Q

Troubleshooting Common Network Connectivity Issues

A

Network troubleshooting usually follows the OSI layers. You can start either top to bottom beginning at the application layer and making your way down to the physical layer. Or you can go from the bottom to the top.

First and foremost, from a client perspective, it is very important to determine how the client connects to the network. Is it a wired or wireless connection?

If the client connects via an Ethernet cable, make sure the NIC comes online and there are electrical signals being exchanged with the switch port to which the cable is connected. Troubleshooting at the physical layer basically boils down to making sure there are four uninterrupted pairs of twisted copper cables between the network client and the switch port.

If the client wirelessly connects to the network, make sure that the wireless network interface is turned on and it can send and receive wireless signals to and from the nearest wireless access point.

Moving up to the data link layer, or Layer 2, make sure the client is able to learn destination MAC addresses (using ARP) and also that the switch to which the client is connecting is able to learn the MAC addresses received in its ports.

At the network layer, or Layer 3, make sure the client obtains the correct IP address from the DHCP server, or is manually configured with the correct IP address and the correct default gateway.

Make sure the client can access the port on which the application is running.

One additional thing to verify is traffic load and network delay.

Maybe you are lucky to begin with and are verifying a web server access or a REST API endpoint and the server returns a 500 status code. In that case you can start troubleshooting the web server and skip all of the network troubleshooting steps.

If you got this far in your network troubleshooting, there is a good chance that the problem is not with the network and a closer look at the application server is in order.

40
Q

Networking Tools - Using ifconfig

A

ifconfig is a software utility for UNIX-based operating systems. There is also a similar utility for Microsoft Windows-based operating systems called ipconfig. The main purpose of this utility is to manage, configure, and monitor network interfaces and their parameters. ifconfig runs as a command-line interface tool and comes by default installed with most operating systems.

Common uses for ifconfig are the following:

  • Configure IP address and subnet mask for network interfaces.
  • Query the status of network interfaces.
  • Enable/disable network interfaces.
  • Change the MAC address on an Ethernet network interface.

Issuing the ifconfig –help command in the command line interface will display all the options that are available with this version of ifconfig. If ifconfig is issued without any parameters, it just returns the status of all the network interfaces on that host.

Note: The ifconfig command has been used within Linux for many years. However, some Linux distributions have deprecated the ifconfig command. The ip address command is becoming the new alternative.

41
Q

Networking Tools - Using ping

A

Similar to ifconfig, ping is a software utility used to test IP network reachability for hosts and devices connected to a specific network. It is also available on virtually all operating systems and is extremely useful for troubleshooting connectivity issues. The ping utility uses Internet Control Message Protocol (ICMP) to send packets to the target host and then waits for ICMP echo replies. Based on this exchange of ICMP packets, ping reports errors, packet loss, roundtrip time, time to live (TTL) for received packets, and more.

By default, ping (or ping -help in Linux) will display all the options it has available. Some of the options you can specify include:

  • Count of how many ICMP echo requests you want to send
  • Source IP address in case there are multiple network interfaces on the host
  • Timeout to wait for an echo reply packet
  • Packet size, if you want to send larger packet sizes than the default 64 bytes. This option is very important when determining what is the MTU on an interface.

Keep in mind that if you do not receive any replies from the destination you are trying to reach with ping it does not mean that the host is offline or not reachable. It could simply mean that ICMP echo-request packets are filtered by a firewall and are not allowed to reach the destination host. It is actually a best practice to expose only the services needed to be available on the hosts in the network.

For IPv6 there exists a similar utility on Linux and MacOS that is called ping6 and is also available on most operating systems. Windows and Cisco IOS uses the same ping command for both IPv4 and IPv6.

42
Q

Networking Tools - Using traceroute

A

You have seen how ping can display host reachability on the network. traceroute builds on top of that functionality and displays the route that the packets take on their way to the destination. The Microsoft Windows alternative is also a command-line utility and is called tracert. Observing the path the network traffic takes from its source to the destination is extremely important from a troubleshooting perspective, as routing loops and non-optimal paths can be detected and then remedied.

traceroute uses ICMP packets to determine the path to the destination. The Time to Live (TTL) field in the IP packet header is used primarily to avoid infinite loops in the network. For each hop or router that an IP packet goes through, the TTL field is decremented by one. When the TTL field value reaches 0, the packet is discarded, avoiding the dreaded infinite loops.

Use traceroute –help to see the available options.

Several options are available with traceroute including:

  • Specifying the TTL value of the first packet sent. By default this is 1.
  • Specifying the maximum TTL value. By default, it will increase the TTL value up to 64 or until the destination is reached.
  • Specifying the source address in case there are multiple interfaces on the host.
  • Specifying QoS value in the IP header.
  • Specifying the packet length.
43
Q

Networking Tools - Using nslookup

A

nslookup is another command-line utility used for querying DNS to obtain domain name to IP address mapping. Like other tools mentioned in this section, nslookup is widely available on most all operating systems. This tool is useful to determine if the DNS server configured on a specific host is working as expected and actually resolving hostnames to IP addresses. It could be that maybe a DNS server is not configured at all on the host, so make sure you check /etc/resolv.conf on UNIX-like operating systems and that you have at least a nameserver defined.

You can enter man nslookup to learn more about the available options.

44
Q

Summary of Module 5

  • Introduction to Network Fundamentals
  • Network Interface Layer
  • Internetwork Layer
  • Network Devices
  • Networking Protocols
  • Troubleshooting Application Connectivity Issues
A
  • Introduction to Network Fundamentals

A protocol suite is a set of protocols that work together to provide comprehensive network communication services. Both the OSI and the TCP/IP reference models use layers to describe the functions and services that can occur at that layer. The form that a piece of data takes at any layer is called a protocol data unit (PDU). At each stage of the encapsulation process, a PDU has a different name to reflect its new functions: data, segment, packet, frame, and bits.

The OSI reference model layers are described here from bottom to top:

  1. The physical layer is responsible with the transmission and reception of raw bit streams.
  2. The data link layer provides NIC-to-NIC communications on the same network.
  3. The network layer provides services to allow end devices to exchange data across networks.
  4. The transport layer provides the possibility of reliability and flow control.
  5. The session layer allows hosts to establish sessions between them.
  6. The presentation layer specifies context between application-layer entities.
  7. The application layer is the OSI layer that is closest to the end user and contains a variety of protocols usually needed by users.
  • Network Interface Layer

Ethernet is a set of guidelines and rules that enable various network components to work together. In Ethernet terminology, the container into which data is placed for transmission is called a frame. The frame contains header information, trailer information, and the actual data that is being transmitted. Important fields of a MAC address frame include preamble, SFD, destination MAC Address, source MAC address, type, data, and FCS. Each NIC card has a unique Media Access Control (MAC) address that identifies the physical device, also known as a physical address. The MAC address identifies the location of a specific end device or router on a LAN. The three major types of network communications are: unicast, broadcast, and multicast.

The switch builds and maintains a table (called the MAC address table) that matches the destination MAC address with the port that is used to connect to a node. The switch forwards frames by searching for a match between the destination MAC address in the frame and an entry in the MAC address table. Depending on the result, the switch will decide whether to filter or flood the frame. If the destination MAC address is in the MAC address table, it will send it out the specified port. Otherwise, it will flood it out all ports except the incoming port.

A VLAN groups devices on one or more LANs that are configured to communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. VLANs define Layer 2 broadcast domains. VLANs are often associated with IP networks or subnets. A trunk is a point-to-point link between two network devices that carries more than one VLAN. A VLAN trunk extends VLANs across an entire network. VLANs are organized into three ranges: reserved, normal, and extended.

  • Internetwork Layer

An IPv4 address is 32 bits, with each octet (8 bits) represented as a decimal value separated by a dot. This representation is called dotted decimal notation. There are three types of IPv4 addresses: network address, host addresses, and broadcast address. The IPv4 subnet mask (or prefix length) is used to differentiate the network portion from the host portion of an IPv4 address.

IPv6 is designed to be the successor to IPv4. IPv6 has a larger 128-bit address space, providing 340 undecillion possible addresses. IPv6 prefix aggregation, simplified network renumbering, and IPv6 site multihoming capabilities provide an IPv6 addressing hierarchy that allows for more efficient routing. IPv6 addresses are represented as a series of 16-bit hexadecimal fields (hextet) separated by colons (:) in the format: x:x:x:x:x:x:x:x.

A router is a networking device that functions at the internet layer of the TCP/IP model or Layer 3 network layer of the OSI model. Routing involves the forwarding packets between different networks. Routers use a routing table to route between networks. A router generally has two main functions: Path determination, and Packet routing or forwarding. A routing table may contain the following types of entries: directly connected networks, static routes, default routes, and dynamic routes.

  • Network Devices

A key concept in Ethernet switching is the broadcast domain. A broadcast domain is a logical division in which all devices in a network can reach each other by broadcast at the data link layer. Switches can now simultaneously transmit and receive data. Switches have the following functions:

  • Operate at the network access layer of the TCP/IP model and the Layer 2 data link layer of the OSI model
  • Filter or flood frames based on entries in the MAC address table
  • Have a large number of high speed and full-duplex ports

The switch operates in either of the following switching modes: cut-through, and store-and-forward.

Routers are needed to reach devices that are not on the same local LAN. Routers use routing tables to route traffic between different networks.

Routers have the following functions:

  • They operate at the internet layer of TCP/IP model and Layer 3 network layer of the OSI model.
  • The route packets between networks based on entries in the routing table.
  • They have support for a large variety of network ports, including various LAN and WAN media ports which may be copper or fiber. The number of interfaces on routers is usually much smaller than switches but the variety of interfaces supported is greater. IP addresses are configured on the interfaces.

There are three packet-forwarding mechanisms supported by routers: process switching, fast switching, and CEF.

A firewall is a hardware or software system that prevents unauthorized access into or out of a network. The most advanced type of firewall is the application layer firewall. With this type, deep inspection of the packet occurs all the way up to the OSI model’s Layer 7.

Server load balancing helps ensure the availability, scalability, and security of applications and services by distributing the work of a single server across multiple servers.

Network diagrams display a visual and intuitive representation of the network. There are generally two types of network diagrams: Layer 2 physical connectivity diagrams, and Layer 3 logical connectivity diagrams.

  • Networking Protocols

Telnet and SSH, or Secure SHell, are both used to connect to a remote computer and log in to that system using credentials. Telnet is less prevalent today because SSH uses encryption to protect data going over the network connection and data security is a top priority. NETCONF does have a standardized port value, 830. RESTCONF does not have a reserved port value.

Dynamic Host Configuration Protocol (DHCP) is used to pass configuration information to hosts on a TCP/IP network. DHCP allocates IP addresses in three ways: automatic, dynamic, and manual. DHCP operations includes four messages between the client and the server: server discovery, IP lease offer, IP lease request, and IP lease acknowledgment.

The DNS protocol defines an automated service that matches resource names with the required numeric network address.

The SNMP system consists of three elements:

  • SNMP manager: network management system (NMS)
  • SNMP agents (managed node)
  • Management Information Base (MIB)

There are two primary SNMP manager requests, get and set. A get request is used by the NMS to query the device for data. A set request is used by the NMS to change configuration variables in the agent device. Traps are unsolicited messages alerting the SNMP manager to a condition or event on the network.

NTP is used to distribute and synchronize time among distributed time servers and clients

Network Address Translation (NAT) helps with the problem of IPv4 address depletion. NAT works by mapping thousands of private internal addresses to a range of public addresses. NAT includes four types of addresses:

  • Inside local address
  • Inside global address
  • Outside local address
  • Outside global address

Types of NAT include: static NAT, dynamic NAT, and port address translation (PAT).

  • Troubleshooting Application Connectivity Issues

Network troubleshooting usually follows the OSI layers. If you cannot find any network connectivity issues at any of the OSI model layers, it might be time to look at the application server.

Common uses for ifconfig are the following:

  • Configure IP address and subnet mask for network interfaces.
  • Query the status of network interfaces.
  • Enable/disable network interfaces.
  • Change the MAC address on an Ethernet network interface.

ping is a software utility used to test IP network reachability for hosts and devices connected to a specific network. traceroute uses ICMP packets to determine the path to the destination. nslookup is another command-line utility used for querying DNS to obtain domain name to IP address mapping.

Module 5 (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions