Week1 Flashcards
What are network functions?
- Firewall
- Intrusion detection/prevention
- Network Address Translation (NAT)
- WAN Optimizers
- Load balancer
- Virtual Private Network (VPN) Gateway
What does firewall do?
Filters traffic based on predefined rules.
Rules are simple since filtering is in the critical path of packet flow.
What does Intrusion detection/prevention system do?
Perform more complicated analysis of packet traffic (outside of the critical path, usually offline analysis)
Identify complex patters of network traffic belonging to an attack/suspicious activity.
What is NAT? what does it do?
NAT stands for Network Address Translation. It translate private IP address space to public IP address space and vice versa.
Especially useful for small organization, that have limited public IP presence.
What does WAN (wide area network) optimizers do?
They reduce WAN bandwidth consumption of an enterprise by performing multiple techniques like caching, traffic compression, etc… for reducing traffic and latency.
What is the job of a load balancer
Distribute traffic to a pool of backend services
What is the goal of VPN gateway
VPN Gateway provides abstraction of same IP address space for networks that are physically separate.
Multiple sites communicate over WAN using tunnels between gateways.
What are middleboxes?
These are standalone hardware boxes (aka network appliances) providing specific network functions (e.g., firewall, IPS=Intrusion Prevention System).
What is S-GW and P-GW. What is the difference?
They both are type of middleboxes in core cellular networks.
S-GW is Serving Gateway and is responsible for routing/forwarding of packets. It executes handoff between neighboring base stations.
P-GW is Packet Gateway and it acts as interface between cellular networks and Internet. NAT between internal IP subnet and Internet.
What is MME and LTE?
MME is a middlebox in a core cellular network. It stands for Mobility Management Entity and it is a key control node of LTE, Long Term Evolution. MME performs the selection of S-GE and P-GW, and sets up the connection when device is roaming
What is the job of Home Subscriber Server
It is a type of middlebox in a core cellular network.
It responsible for user identification and addressing using IMSI number (International Mobility Subscriber Identifier). And for user profile info: service subscription rates and QoS.
How are middleboxes different from router/switch?
middleboxes are stateful:
- packet processing is dependent on fine-grained state.
- updated frequently (per packet/per connection)
*In other words, middle boxes perform complex and varied operations on packets.
What does COTS stand for?
COTS stands for Commercial Of The Shelf systems
Why is a virtualized network function better than a bare-metal NF?
- Isolation - each NF instance is shielded from faults in other network functions
- Better portability between platforms, since all dependencies are packaged inside VM image
- Network management becomes becomes easier.
How does Intel VT-d make I/O efficient for virtual machines?
Effectively, the NIC is owned by the Guest VM:
- Allows remapping of DMA regions to guest physical memory
- Allows interrupt remapping to guest’s interrupt handlers ⇒ Interrupts are handled directly by the guest
How “Trap-and-emulate” works?
IO is performed via system calls
What is SR-IOV? Why is SR-IOV useful?
It is a technology that enables virtualized network functions. SR-IOV stands for Single Root IO Virtualization.
This interface is an extension to the PCIe specification.
Each PCIe device (physical function) is presented as a collection of virtual functions. Each of those Virtual Function can be assigned to a VM. this allows higher multi-tenancy and performance isolation.
