WAN Architectures Flashcards
WAN stands for
Wide Area Network
MPLS stands for
Multi-Protocol Label Switching
Describe what a Leased Line is
A dedicated, private (not over the internet), physical connection between two sites.
Leased line typically means serial connections, with PPP or HDLC encapsulation. Basically dead at this point due to both cost and outdated tech
WAN via Ethernet typically involves which physical media?
Fiber
When sending traffic between sites over shared infrastructure (like the internet), best practice is to utilize what?
IPsec VPN Tunnels
T/F: MPLS networks are shared infrastructure since many enterprises can connect to and share the same infrastructure to make WAN connections
T
T/F: MPLS networks are private infrastructure since VPNs seperate the ISP infrastructure into multiple, smaller networks
F
MPLS networks still are shared infrastructure. VPNs just allow the ISP network to be utilized in such a way to provide virtually private
MPLS allows VPNs to be created over MPLS infrastructure through the use of:
Labels
What is an MPLS CE router
Customer edge, sits at the border of the enterprise LAN
What is an MPLS PE router
Provider edge, connects to a CE router and other MPLS infrastructure
What is an MPLS P router
Provider, connects to other P routers and PE routers, but doesn’t connect to CE routers
When are MPLS labels added to frames?
When PE routers receive frames from CE routers
Where are MPLS labels placed on a frame?
Between the L2 and L3 header
T/F: MPLS is generally transparent to CE routers, and CE routers don’t need to be MPLS capable
T
T/F: When using an L3 MPLS VPN, two CEs at different sites in a WAN will peer with their PE routers, and the two CE routers will learn about eachother’s routes through this peering
T
T/F: When using an L2 MPLS VPN, the CE and PE routers do not form peerings
T
T/F: When using an L2 MPLS VPN, the ISP network is entirely transparent to the CE routers, and basically acts like a big switch
T
T/F: When using an L2 MPLS VPN, if a routing protocol is used, the two CE routers will peer directly with eachother
T
Three of the most common internet access technologies are:
Fiber, Cable, and DSL
DSL stands for:
Digital Subscriber Line
DSL provides internet connectivity to customers over:
Phone lines
What is the function of a modem
Converts data into a format suitable to be sent over phone/CATV lines
Cable Internet provides internet connectivity to customers over:
Cable TV lines (CATV)
T/F: A modem is required to provide internet access over DSL
T
DSL connections require a modem to convert internet data into a format suitable for phone lines
T/F: A modem is required to provide internet access over Cable
T
CATV connections require a modem to convert internet data into a format suitable for Cable TV lines
T/F: A modem is required to provide internet access over Fiber
F
Fiber is designed specifically for internet connections, so no modem is required. However, an ONT (Optical Network Terminator) is required for a fiber connection. This is usually built into a home router
If you have one connection to one ISP, this is referred to as:
Single Homed
If you have two connections to one ISP, this is referred to as:
Dual Homed
If you have one connection each to two ISPs, this is referred to as:
Multihomed
If you have two connections each to two ISPs, this is referred to as:
Dual Multihomed
Two common kinds of Internet VPNs are:
- Site-to-Site VPNs using IPsec
- Remote-access VPNs using TLS
What is the purpose of a site-to-site VPN
A VPN between two devices that is used to connect two sites together over the internet, primarily using IPsec
Describe the encapsulation performed by IPsec VPNs when forwarding packets between two VPN enabled routers
Original packet is encrypted, encapsulated with a VPN header, and encapsulated again with a new IP header. Then sent over the internet to the destination device, encapsulated and decrypted
T/F: In a site-to-site VPN, there are only two tunnel endpoints, and all other devices at each site don’t need to create a VPN for themselves
T
For site-to-site VPNs the tunnel only needs to be formed between the two site routers, all other devices can send unencrypted data to the tunnel endpoints
T/F: IPsec doesn’t support broadcast and multicast traffic, only unicast
T
Describe some limitations of IPsec VPNs
- IPsec doesn’t support broadcast and multicast traffic. Therefore, routing protocols can’t be used over the tunnel (can be solved with GRE over IPsec)
- Configuring a full mesh of tunnels between sites is labor intensive (Cisco DMVPN can solve)
T/F: GRE creates tunnels like IPsec, but doesn’t encrypt traffic
T
T/F: GRE can encapsulate a wide variety of L3 protocols as well as broadcast and multicast messages
T
Describe the packet encapsulation performed by GRE over IPsec
Original packet is encapsulated by a GRE header and a new IP header, then encrypted with an IPsec VPN header and a new IP header
[] == encrypted
{[IP packet | GRE header | IP header] IPsec header | IP header}
Describe what DMVPN does
Allows routers to dynamically create a full mesh of IPsec tunnels without having to manually configure every single tunnel
What is the simplified approach to using DMVPN to form a full mesh of IPsec tunnels?
- Configure IPsec tunnels to a hub site (hub and spoke topology)
- The hub router gives each router information about how to form an IPsec tunnel with the other routers
T/F: DMVPN provides the configuration simplicity of hub-and-spoke, and the efficiency of direct spoke-to-spoke communication
T
Remote-Access VPNs serve what purpose:
Connect remote end devices to access company internal resources securely over the internet
Remote-Access VPNs typically use:
TLS (Transport Layer Security). Formerly SSL, but renamed to TLS when standardized by the IETF
T/F: Remote-Access VPNs typically use IPsec and Site-to-Site VPNs typically use TLS
F
Remote-Access typically uses TLS and Site-to-Site typically uses IPsec
Company A uses an MPLS VPN to connect its offices together. Which of the following routers does NOT run MPLS?
a) PE
b) P
c) CE
CE
MPLS operation is performed by P and PE routers
Which of the following MPLS VPN types allows CE routers to directly form OSPF peerings with each other?
a) L2 MPLS VPN
b) L2.5 MPLS PVN
c) L3 MPLS VPN
a) L2 MPLS VPN
Which of the following internet access technologies takes advantage of already-installed phone lines?
a) Cable Internet
b) DSL
c) Fiber
d) MPLS
b) DSL
Which of the following protocols can be used in combination with IPsec to provide more flexibility by allowing multicast traffic to be forwarded in the tunnel?
a) TLS
b) Site-to-Site VPN
c) GRE
d) Remote-Access VPN
c) GRE
Which of the following technologies can you use to tunnel any L3 protocol through an IP transport network?
a) GRE
b) PPPoA
c) IPsec
d) PPPoE
a) GRE
Compare and contrast IPsec in tunnel mode vs transport mode
Tunnel mode == Encrypts whole packet, requires additional L3 header to be added
Transport mode == Doesn’t encrypt IP header (only payload is encrypted), no additional L3 header required
Which IPsec mode is required for NAT traversal?
Tunnel mode
The common L3 header in transport mode can screw with NAT traversal
