1 - Network Architecture
|
|
1.1 Explain the functions and applications of various network devices
Router: A router is a networking device that connects multiple networks. Operating at Layer 3 of the OSI model, it makes forwarding decisions based on Layer 3 addresses, such as IP addresses. When a packet comes in one of the router’s interfaces, the router reads the destination IP address and forwards the packet out the appropriate interface. If necessary, it will strip off the packet’s Layer 2 encapsulation and replace it with encapsulation that is appropriate for the outgoing transmission medium (for example, replacing Ethernet with PPP). A router is capable of performing gateway functions by converting Ethernet packets to Token Ring. However, not every gateway is a router. Functioning at the network later of the OSI model, a router is similar to a switch, but it can also connect different logical networks or subnets and enable traffic that is destined for the networks on the other side of the router to pass through. Routers create or maintain a table of the available routes and can be configured to use various routing protocols to determine the best route for a given data packet. Routers can connect networks that use dissimilar protocols. Routers also typically provide improved security functions over a switch.
|
Switch:A switch is a network device that acts as a common connecting point for various nodes or segments. Working at Layer 2 of the OSI model, switches make forwarding decisions based on Layer 2 (MAC) addresses. A switch listens for the MAC addresses of all the nodes plugged into it, and builds a table in memory that maps each MAC address with its associated port. When an Ethernet frame comes into the switch, the switch reads the destination MAC address from the header and consults its table to determine which port to repeat the frame out of. In this way, switches can keep conversations limited to only the nodes that are involved. Thus, a 24-port switch can have 12 pairs of conversations going on at the same time. A switch forwards packets based on the MAC address of the packet destination. Switches make forwarding decisions based on Layer 2 (MAC) addresses. They do this through a process called microsegmentation, in which all nodes are logically separated from each other until there is a need to connect them. A switch listens to the transmissions of all of the nodes plugged into its ports. It learns the MAC addresses of each of the nodes and puts those MAC addresses into a table in memory. The table associates each MAC address with the port that it is plugged into. This table is called a MAC table or content addressable memory (CAM) table. When a node sends a frame to another node, the switch examines the Ethernet header for the destination MAC address. It refers to its MAC table to see which port it must forward the frame out of. It does not repeat the frame out any other port except the one that is required. In this way, conversations are limited to the nodes involved. If the switch receives a frame that has an unknown unicast (the address is not in the MAC table), multicast, or a broadcast destination MAC address, the switch will flood the frame out all ports except for the port that it received the frame from. A switch is a network device that filters and forwards packets between LAN segments and ensures that data goes straight from its origin to its proper destination. Switches remember the address of every node on the network, and anticipate where data needs to go. A switch only operates with the computers on the same LAN. This reduces competition for bandwidth between devices on the network. It isn't smart enough to send data out to the internet, or across a WAN. These functions require a router.
|
Multilayer switch: Operates at Layers 2 and 3 of the OSI model. A layer 2 switch forwards traffic based on MAC addresses, whereas a Layer 3 switch (also called a router) forwards traffic based on IP addresses. Content switches are sometimes considered to be another type of multilayer switch, but the term “multilayer switch” generally refers to switches that perform only limited routing functions at Layers 2 and 3.
|
Firewall: protects a system or network from unauthorized data by blocking unsolicited traffic. Firewalls are typically configured to block suspicious or unsolicited incoming traffic, but allow incoming traffic sent as a response to requests from internal hosts. Firewalls, by default, are set up to refuse all incoming and outgoing traffic (known as implicit deny). The administrator has to selectively allow traffic in and out of the network through the firewall. Firewalls generally do not solve the problem of unauthorized access. You can combat this problem by using a domain controller and configuring policies that require the user to re-enter credentials when returning from an idle state.
|
HIDS: A Host Intrusion Detection System (HIDS) is intended to protect a specific high-value device, as opposed to the whole network (a Network Intrusion Detection System - NIDS - is for protecting a whole network). It uses computing resources from the host it is monitoring.
IDS/IPS:
--> An Intrusion Detection System (IDS) is software or hardware, or a combination of both, that scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. It is used to quickly detect malicious behavior that compromises the integrity of a computer so that appropriate action can be taken. The goal is to alert administrators to possible security threats. IDS software can also analyze data and alert security administrators to potential infrastructure problems. An IDS can comprise a variety of hardware sensors, intrusion detection software, and IDS management software. Each implementation is unique, depending on the security needs and the components chosen. Both a firewall and an IDS enforce network policies but the way they accomplish that task is significantly different. An IDS collects information and will either notify you of a possible intrusion or block packets based on configuration settings determined by a defined signature. A firewall filters traffic based on configuration settings alone. It can be helpful to keep in mind that many firewall and IDS systems have functionality that overlaps, or is integrated into the same device or system. Snort is an open-source, free IDS software available for detecting and preventing intrusions. It is available at www.snort.org. This software has the capability to log data, such as alerts and other log messages, to a database.
--> An Intrusion Prevention System (IPS) will generally take action to stop the threat once it has been detected. An IPS might work in tandem with an IDS and react when the IDS detects a threat.
--> An Intrusion Detection System (IDS) is software or hardware, or a combination of both, that scans, audits, and monitors the security infrastructure for signs of attacks in progress and automates the intrusion detection process. It is used to quickly detect malicious behavior that compromises the integrity of a computer so that appropriate action can be taken. The goal is to alert administrators to possible security threats. IDS software can also analyze data and alert security administrators to potential infrastructure problems. An IDS can comprise a variety of hardware sensors, intrusion detection software, and IDS management software. Each implementation is unique, depending on the security needs and the components chosen. Both a firewall and an IDS enforce network policies but the way they accomplish that task is significantly different. An IDS collects information and will either notify you of a possible intrusion or block packets based on configuration settings determined by a defined signature. A firewall filters traffic based on configuration settings alone. It can be helpful to keep in mind that many firewall and IDS systems have functionality that overlaps, or is integrated into the same device or system. Snort is an open-source, free IDS software available for detecting and preventing intrusions. It is available at www.snort.org. This software has the capability to log data, such as alerts and other log messages, to a database.
--> An Intrusion Prevention System (IPS) will generally take action to stop the threat once it has been detected. An IPS might work in tandem with an IDS and react when the IDS detects a threat.
Access point (wireless/wired): A wireless access point (WAP) is a router that connects a wireless device to a wired network. You can disable the Service Set Identifier Broadcast (SSID) to prevent an access point from transmitting its name. To locate a WAP that is hidden you can use a wireless analyzer, like NetStumbler. A wireless analyzer is piece of software or hardware that is used to analyze the physical aspects of wireless networks. This includes items such as: spectrum analysis, finding WAPs, reporting service set identifiers (SSIDs), channel usage, signal strength, and identifying noise sources. Though users can hid their SSID, there are a variety of tools open to the public to quickly and easily discover hidden SSIDs.
|
Content filter: is the ability to assess the content of websites based on words or word combinations, and block content that is deemed undesirable. For example: blocking objectionable Web pages, in a library or school.
Load balancer: is a device that acts as a reverse proxy and distributes network or application traffic across a number of servers. Load balancers are used to increase capacity (concurrent users) and reliability of applications. Load balancing is a technique to distribute workload evenly across two or more computers, network links, CPUs, hard drives, or other resources, in order to get optimal resource utilization, maximize throughput, minimize response time, and avoid overload. Using multiple components with load balancing, instead of a single component, may increase reliability through redundancy. The load balancing service is usually provided by a dedicated program or hardware device (such as a multilayer switch or a DNS server).
Hub: A physical layer network device used to connect multiple Ethernet devices together. Active hubs act as a repeater and boost the signal in order to allow for it to travel farther, while passive hubs simply pass the signal through. Most hubs have an uplink port that allows them to connect to other hubs, a router, or other network devices.
Analog modem: A networking device that allows you to convert the digital data of a computer into an (analog) electrical signal for transmission over a telephone line. DIGITAL to ANALOG. An analog modem is a device that modulates signals to encode digital information and demodulates signals to decode the transmitted information. A common type of modem is one that takes the digital data of a computer and turns it into modulated electrical signal for transmission over telephone lines, which is then demodulated by another modem at the receiver side to recover the digital data. Though modems are not used much anymore, they can be used in locations where you have no other options for connections.
Packet shaper: A packet shaper is a form of traffic shaping. The goal of traffic shaping is to delay metered traffic such that each packet complies with the relevant traffic contract. This is common in Quality of Service (QoS) implementations in which traffic must not exceed the administratively defined rate. Metering may be implemented with algorithms such as the leaky bucket or token bucket. All traffic shaper implementations have a finite buffer, and must be able to deal with a full buffer. A simple and common approach is to drop traffic arriving while the buffer is full (tail drop), thus resulting in traffic policing as well as shaping. Traffic shaping, also known as bandwidth shaping is a mechanism in Quality of Service (QoS) for introducing some amount of delay in traffic that exceeds an administratively defined rate. Traffic shaping smooths down traffic bursts that occur when the transmitter sends packets at a rate higher than the capacity of the receiver. During such times, packets are stored in a buffer and released after a specific time interval. Traffic shaping is implemented on edge devices, before packets enter the core network. Traffic shaping does not drop packets and is implemented only on the outbound interface of a device, whereas traffic policing can be implemented on both outbound and inbound interfaces. Traffic policing is the method of governing and regulating a flow of packets in conformity with the standards and limits specified in the service-level agreement (SLA). Packets not conforming to the SLA are either dropped or marked to a lower precedence value. Dividing a network into segments can improve network performance. With segments, traffic is confined to a portion of the network containing nodes that communicate with each other most often. However, performance can suffer if nodes must regularly communicate with nodes on other segments. Devices such as switches and routers that link segments can lead to slower transmission between segments.
VPN concentrator: A device that incorporates advanced encryption and authentication methods to handle a large number of virtual private network (VPN) tunnels. VPN concentrators are usually specifically geared towards secure remote access or site-to-site VPNs. They offer high performance, high availability, and very good scalability. While most connections to a VPN concentrator are incoming remote access client connections, the VPN concentrator can also create site-to-site VPNs.
|
Difference between a Wireless Access Point and a Router:
- A Wireless Access Point (WAP) is used to extend your wireless range and will connect to your router to provide network and internet access. A WAP by itself cannot connect to the ISP since it does not use a WAN port. The WAP connects the wired Ethernet LAN to WiFi devices. Is just a wireless switch that does not have routing function. It extends the range of the router. Level 2. Forward all packets that are broadcast. WAPs act as a bridge and add wireless WiFi capability to a wired network. It does not have firewall functions, and will not protect your local network against threats from the Internet. A WAP can be used in conjunction with a router to extend the wireless coverage around your business.
- A router is an AP that will allow you to connect to your ISP for internet connection (connects a LAN to a WAN provided by your ISP). It will provide DHCP service to assign IP addresses to devices on the LAN and may also provide WiFi access and have an Ethernet switch built in. A router can be configured to work as an AP but a WAP cannot function as a router. Works as a gateway and a wireless access point. WiFi Routers act as a gateway and translate one external Internet IP address to many private internal IP addresses, one for each WiFi device.
1.2 Compare and contrast the use of networking services and applications
Pre-Shared Key (PSK)To encrypt transmission between a wireless client and an AP (in addition to authenticating a wireless client with an AP), both the wireless client and the AP could be preconfigured with a matching string of characters (a PSK). The PSK could be sued as part of a mathematical algorithm to encypt traffic, such that if an eavesdropper intercepted the encrypted traffic, he would not be able to decrypt the traffic without knowing the PSK. Although using a PSK can be effective in providing security for a small netowrk (for example, a SOHO network), it lacks scalability. For example, in a large corporate environment, a PSK being compromised would necessitate the reconfiguration of all devices configured with that PSK. WLAN security based on a PSK technology is called personal mode.
|
VPN: A Virtual Private Network (VPN) is a private network that is configured by tunneling through a public network such as the Internet. Because tunneling is used to encapsulate and encrypt data, VPNs ensure that connections between endpoints, such as routers, clients, and servers are secure. To provide VPN tunneling, security, and data encryption services, special VPN protocols are required. The primary function of a VPN is to provide security between endpoints.
|
- Protocols:
- IPSec: Internet Protocol Security (IPSec) is used for securing IP communications by authenticating and encrypting each IP packet of a communication session. IPSec uses Data Encryption Standard (DES) or Triple DES (3DES) encryption to provide data confidentiality. In most VPNs, data encryption is accomplished by either MPPE or IPSec. IPSec in Tunnel mode is often used with Layer Two Tunneling Protocol (L2TP). IPSec can also be used on its own to provide both tunneling and encryption of data.
- GRE: Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer protocols inside virtual point-to-point links over an Internet Protocol network.
- SSL VPN: A Secure Socket Layer VPN (SSL VPN) is a VPN format that works with a web browser—without needing the installation of a separate client. SSL ensures that the connection can be made only by using HTTPS instead of HTTP. This format works well in schools and libraries where easy access is required but security is still a concern. Both an SSL VPN and VPN use tunneling to encapsulate and encrypt data.
- PTP/PPTP: The Point-to-Point Tunneling Protocol (PPTP) is an obsolete method for implementing virtual private networks, with many known security issues. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
TACACS/RADIUS:
- Terminal Access Controller Access Control System (TACACS) and TACACS Plus (TACACS+) are authentication protocols that provide centralized authentication and authorization services for remote users. TACACS is an older authentication protocol common to UNIX networks that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS includes process-wide encryption for authentication, while RADIUS encrypts only passwords. TACACS uses TCP instead of UDP and supports multiple protocols. Extensions to the TACACS protocols exist, such as Cisco's TACACS+ and XTACACS.
- TACACS+, which is open standard, uses TCP port 49 and also supports multifactor authentication. TACACS+ is considered more secure and more scalable than RADIUS because it accepts login requests and authenticates the access credentials of the user. TACACS+ is not compatible with TACACS because it uses an advanced version of the TACACS algorithm.
- Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. Encrypts only passwords. Remote Authentication Dial-In User Service (RADIUS) is a protocol that enables a server to provide standardized, centralized authentication for remote users. Authentication, Authorization, and Accounting (AAA) is a framework for controlling access to computer resources. When a network contains several remote access servers, you can configure one of them to be a RADIUS server and all of the others as RADIUS clients. The RADIUS clients will pass all authentication requests to the RADIUS server for verification. User configuration, remote access policies, and usage logging can be centralized on the RADIUS server. IEEE 802.1x, often referred to as port authentication, employs an authentication service, such as Remote Authentication Dial-In User Service (RADIUS), to secure clients, removing the need to implement security features in access points (APs), which typically do not have the memory or processing resources to support complex authentication functions.
To troubleshoot TACACS systems, begin a packet trace using the tcpdump utility. Once you’ve captured a sufficient amount of traffic, analyze the packet capture (PCAP) file in a packet analysis program. If users report TACACS login failures, look in the pertinent log files.
- Example: You observe the following two error messages when reviewing Terminal Access Controller Access Control System (TACACS) log entries - if the error message is repeated many times in a row then you should suspect that someone is attempting to guess usernames and passwords:
- err tamd[6695]: pam_tacplus: unable to obtain username
- err tamd[6695]: pam_tacplus: auth failed: Login incorrect
RAS: Remote Access is a feature that allows a remote user to dial into or VPN into the network. The user can be working from home, a hotel, an airport, a client site, or any other remote location. If Internet access is not available for that remote user, that person can use a dial-up modem to make a connection over the PSTN. Remote access can also be used by an administrator to access client systems from any location on the network. A Remote Access Services (RAS) server is a combination dial-up and VPN server. It can accept multiple client connections, terminate their VPN tunnels, and route their traffic into the private network. Microsoft, Apple, IBM®, and many other UNIX and Linux vendors offer remote access server implementation either included with their server operating systems, or as separate software. In addition, there are several third-party software vendors that provide remote access solutions, including Cisco, EMC®, Perle®, Citrix®, and Patton®. Microsoft's remote server implementation is called Routing and Remote Access Services (RRAS). On Microsoft networks, using RRAS instead of a third-party remote access server means that the user can dial in and authenticate with the same account as he or she uses at the office. With third party remote access servers, there must be some mechanism in place to synchronize user names and passwords.
Web services: any piece of software that makes itself available over the internet and uses a standardized XML messaging system. XML is used to encode all communications to a web service. For example, a client invokes a web service by sending an XML message, then waits for a corresponding XML response.
Unified voice services: a singular method of communication. The integration of real-time enterprise communication services such as instant messaging, presence information, voice (including VoIP), mobility features (including extension mobility and single number reach), audio, web & video conferencing, fixed-mobile convergence (FMC), desktop sharing, data sharing (including web connected electronic interactive whiteboards), call control and speech recognition with non-real-time communication services such as unified messaging (integrated voicemail, e-mail, SMS and fax). UC is not necessarily a single product, but a set of products that provides a consistent unified user-interface and user-experience across multiple devices and media-types.
Network controllers: a hardware component that helps connect a computer to a network.
1.3 Install and configure the following networking services/applications
The ipconfig utility returns an address that looks similar to 169.254.36.63. What does that address indicate? A user receives a notification on his desktop that reads, “The system has detected an IP address conflict with another system on the network. What should you do? |
DHCP: Dynamic Host Configuration Protocol (DHCP) is a network service that automatically assigns IP addresses and other TCP/IP configuration information on network nodes configured as DHCP clients. A DHCP server allocates IP addresses to DHCP clients dynamically, and should be configured with at least one DHCP scope. The scope defines the group of IP addresses that a DHCP server can use. Uses ports 67 and 68. Enable DHCP by selecting "Obtain an IP address automatically" in Internet Connection Settings. The Dynamic Host Configuration Protocol version 6 (DHCPv6) is a network protocol for configuring IPv6 hosts with IP addresses, IP prefixes and other configuration data required to operate in an IPv6 network. IPv6 hosts may automatically generate IP addresses internally using stateless address autoconfiguration, or they may be assigned configuration data with DHCPv6.
- Static vs. dynamic IP addressing: When a device is assigned a static IP address, the address does not change. Most devices use dynamic IP addresses, which are assigned by the network when they connect and change over time. If you are configuring static IP addresses, include the IP addresses of the default DNS servers as you configure each client.
- Reservations: DHCP reservations are based on the client's MAC address. Reservations are lease assignments in DHCP that enable you to configure a permanent IP address for a particular client on the subnet. Reserved IP addresses are not the same as statically configured IP addresses. When changes are made to network parameters on the DHCP server, IP addresses receive the changes when they renew their leases.
- Scopes: The scope defines the group of IP addresses that a DHCP server can use. When a DHCP server enables the scope, it automatically leases TCP/IP information to DHCP clients for a defined lease period (normally eight days). The scope contains a range of IP addresses and a subnet mask, and can contain other options, such as a default gateway and DNS addresses. A scope also needs to specify the duration of the lease, and usage of an IP address after which the node needs to renew the lease with the DHCP server. The DHCP server determines this duration, which can be set for a defined time period or for an unlimited length of time.
- Leases: A DHCP-enabled client obtains a lease for an IP address from a DHCP server. Before the lease expires, the DHCP server must renew the lease for the client or the client must obtain a new lease. Leases are retained in the DHCP server database approximately one day after expiration.
- Options (DNS servers, suffixes): DHCP servers can be configured to provide optional data that fully configures TCP/IP on a client. Some of the most common DHCP option types configured and distributed by the DHCP server during leases include default gateway, router, DNS, and WINS parameters. Clients can be configured with Information options and Protocol options - see tables below.
- IP helper/DHCP relay: You can implement an IP Helper address to forward Dynamic Host Configuration Protocol (DHCP) broadcasts on to their appropriate destination. A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. DHCP Relay is just a proxy that is able to receive a DHCP request and resend it to the real DHCP server.
- APIPA: Automatic Private IP Addressing (APIPA) is a service that enables a DHCP client computer to assign itself an IP address in case no DHCP servers respond to its DHCP discover broadcast. Clients can use APIPA to assign themselves an IP address in the 169.254.x.x address range to enable communication with other clients until the issue with the DHCP server is resolved. APIPA addresses are not routable, however, which means that communication is restricted to the local subnet.
DNS: Domain Name System (DNS) is the system by which Internet domain names and addresses are tracked and regulated. DNS maps internet domain names to the IP network addresses they represent and enables websites to use names, rather than difficult-to-remember IP addresses. In other words: DNS' only job is to resolve IP addresses based off of Fully Qualified Domain Names (FQDN). In other words, DNS resolves domain names to IP addresses. For example: www.techtarget.com instead of 206.19.49.149.
- DNS servers: There are different types of DNS servers, including default DNS servers and authoritative name servers (ANSs).
Like the default gateway, you can configure default DNS servers that match host names to IP addresses. These specialized servers maintain databases of IP addresses and their corresponding domain names. For example, when you type www.yahoo.com into your browser address bar, the name is resolved by DNS to the IP addresses of the Yahoo server farm. You can configure default DNS servers statically or automatically (dynamically). An Authoritive Name Server (ANS) is a DNS server that possesses an actual copy of the records for a zone, as opposed to just caching a lookup from another DNS server. Its key function is delegation, which means that part of a domain is delegated to other DNS servers. When configuring a client's DNS settings, it is common to specify both a primary and a secondary DNS server to provide a more reliable name resolution process. When two DNS servers are listed in a client's TCP/IP settings, the client queries the primary server first. If the primary server does not answer, the client queries the secondary server. If the primary server returns a “Name Not Found” message, the query is over and the client does not query the secondary server. This is because both DNS servers can do recursive and iterative queries, and both primary and secondary servers should be able to contact the same resources. If one cannot access the resource, the other will not be able to either. - DNS records (A, MX, AAAA, CNAME, PTR): mapping files that tell the DNS server which IP address each domain is associated with, and how to handle requests sent to each domain. When someone visits a web site, a request is sent to the DNS server and then forwarded to the web server provided by a web hosting company, which contain the data contained on the site.
- Various strings of letters are used as commands that dictate the actions of the DNS server, and these strings of commands are called DNS syntax. Some DNS records syntax that are commonly used in nearly all DNS record configurations are A, MX, AAAA, CNAME, PTR.
A = "Address" record and is the actual (32-bit, IPv4) IP address of the domain.
MX = “Mail Exchange” records direct a domain's email to the servers hosting the domain's user accounts.
AAAA = Returns an address record that maps a hostname to a 128-bit Ipv6 address.
CNAME = “Canonical Name” and serves to make one domain an alias of another domain. CNAME is often used to associate new subdomains with an existing domain's DNS records. Alias of one name to another: the DNS lookup will continue by retrying the lookup with the new name. CNAME record links an alias name to another true or canonical domain name. For instance, www.example.com might link to example.com.
PTR = “Pointer Record” and maps an Ipv4 address to the CNAME on the host.
- Various strings of letters are used as commands that dictate the actions of the DNS server, and these strings of commands are called DNS syntax. Some DNS records syntax that are commonly used in nearly all DNS record configurations are A, MX, AAAA, CNAME, PTR.
- Dynamic DNS: a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.
Proxy/reverse proxy:
- A proxy server sits in between clients and external servers, essentially pocketing the requests from the clients for server resources and making those requests itself. A proxy server is a system that isolates internal clients from the servers by downloading and storing files on behalf of the clients. It intercepts requests for web-based or other resources that come from the clients, and, if it does not have the data in its cache, it can generate a completely new request packet using itself as the source, or simply relay the request. In addition to providing security, the data cache can also improve client response time and reduce network traffic by providing frequently used resources to clients from a local source. A proxy puts the client session on hold while it fetches the content for the client. It will then cache the fetched data for the next client that wants the same content. One potential issue with a proxy is that the cached content can quickly become stale. This is especially a nuisance for businesses that depend on quick updates such as stock availability on a website, continually updated news or stock market quotes, or website developers that are constantly uploading web pages to remote servers and then viewing the results. An administrator will have to accurately judge how long cached content should be kept, and configure the proxy accordingly. Depending on your traffic level and network needs, different proxy servers can be configured for different external services. For example, one proxy server can handle HTTP requests, while another server can handle FTP content.
- A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or multiple servers. These resources are returned to the client as if they originated from the reverse proxy server itself. A reverse proxy acts as an intermediary for its associated servers and only returns resources provided by those associated servers.
NAT: The purpose of Network Address Translation (NAT) is to conceal the internal addressing schemes from external networks such as the Internet. This means that packets sent from multiple internal devices will all appear to have originated from the same single IP address, which prevents external hosts from communicating directly with internal clients. Both proxy servers and NAT devices readdress outgoing packets. However, NAT merely replaces the original source address on the packet. A proxy server will actually examine the packet contents and then generate a new request packet.
Port forwarding: (also referred to as port mapping) enables a permanent translation entry that maps a protocol port on a gateway to an IP address and protocol port on a private LAN. Network clients cannot see that port forwarding is being done. This allows communications from external source to a destination within a private LAN. For example, a remote computer could connect to a specific computer or service within a private LAN using port forwarding.
- PAT: Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses.
- SNAT: SNAT is an intensely debated acronym that can stand for Secure NAT, Stateful NAT, Source NAT, or Static NAT, depending on the source of information. Per Cisco, the originators of NAT, SNAT stands for Stateful NAT. SNAT includes two or more routers working together to perform NAT.
- DNAT: Destination network address translation (DNAT) changes the IP address.
Port forwarding: (also referred to as port mapping) enables a permanent translation entry that maps a protocol port on a gateway to an IP address and protocol port on a private LAN. Network clients cannot see that port forwarding is being done. This allows communications from external source to a destination within a private LAN. For example, a remote computer could connect to a specific computer or service within a private LAN using port forwarding.
1.4 Explain the characteristics and benefits of various WAN technologies
Fiber: Optical fiber (or "fiber optic") refers to the medium and the technology associated with the transmission of information as light pulses along a glass or plastic strand or fiber. Optical fiber carries much more information than conventional copper wire and is in general not subject to electromagnetic interference and the need to retransmit signals. Most telephone company long-distance lines are now made of optical fiber. Transmission over an optical fiber cable requires repeaters at distance intervals. The glass fiber requires more protection within an outer cable than copper. Expensive. For these reasons and because the installation of any new cabling is labor-intensive, few communities have installed optical fiber cables from the phone company's branch office to local customers (known as local loops). A type of fiber known as single mode fiber is used for longer distances; multimode fiber is used for shorter distances.
The Optical Carrier x (OCx) standard specifies the bandwidth for fiber optic transmissions. It is a channelized technology based on the same 64 Kbps channel as DSH but with a base rate of 810 channels. The OCx standard is open-ended, enabling manufacturers to add specifications as they develop hardware that supports faster transmission speeds. OCx specifications correspond with the data rates of SONET. As one OC channel corresponds to a data rate of 51.84 Mbps, using multiple channels increases the rate by 51.84 Mbps per channel.
The Optical Carrier x (OCx) standard specifies the bandwidth for fiber optic transmissions. It is a channelized technology based on the same 64 Kbps channel as DSH but with a base rate of 810 channels. The OCx standard is open-ended, enabling manufacturers to add specifications as they develop hardware that supports faster transmission speeds. OCx specifications correspond with the data rates of SONET. As one OC channel corresponds to a data rate of 51.84 Mbps, using multiple channels increases the rate by 51.84 Mbps per channel.
- SONET: Synchronous Optical Networking is the standard for synchronous data transport over a fiber optic cable. SONET is a standardized protocol that transfers multiple digital bit streams synchronously over optical fiber using lasers or highly coherent light from light-emitting diodes (LEDs). SONET was primarily designed to support real-time, uncompressed, circuit-switched voice encoded in Pulse Code Modulation (PCM) format. SONET allowed for the simultaneous transport of many different circuits of differing origin within a single framing protocol. SONET is not a communications protocol in itself, but a transport protocol. It is the U.S. version of the standard published by ANSI. SDH is the European version of the standard.
- DWDM: Dense Wavelength Division Multiplexing (DWDM) is a multiplexing technology that uses light wavelengths to transmit data. DWDM transmits data over optical fiber, and operates at Layer 1.
- CWDM: Coarse wavelength division multiplexing (CWDM) is a method of combining multiple signals on laser beams at various wavelengths for transmission along fiber optic cables, such that the number of channels is fewer than in dense wavelength division multiplexing (DWDM) but more than in standard wavelength division multiplexing (WDM). It operates at Layer 1.
CWDM and DWDM differ in the spacing of the wavelengths, number of channels, and the ability to amplify the multiplexed signals in the optical space. The medium is the same for each. They both transmit data over optical fiber. They also both operate at Layer 1 of the OSI model. Data from different protocols and technologies such as IP, Synchronous Optical Networking (SONET), and Asynchronous Transfer Mode (ATM) can all travel simultaneously within an optical fiber over both CWDM and DWDM.
Frame relay: is a Wide Area Network (WAN) protocol that allows transmission of data over a shared network medium and bandwidth using virtual circuits. Frame Relay is a WAN protocol that functions at the Physical and Data Link layers (Layers 1 and 2) of the OSI model. It is a packet-switched technology that allows transmission of data over a shared network medium and bandwidth using virtual circuits. As virtual circuits consume bandwidth only when they transport data, each device can use more bandwidth and transmit data at higher speeds. Frame Relay provides reliable communication lines and efficient error-handling mechanisms that discard erroneous data frames. Frame Relay is the successor of X.25, and the predecessor of ATM. Popularized in 1990, it was a revolutionary step forward. The concept of variable length packets, simplified headers with very little overhead, a lack of extensive and expensive error correction, and a bit to mark traffic as “discard eligible” in case of congestion were all new. It allowed companies to dispense with expensive and economically wasteful dedicated leased lines and subscribe to a cloud along with other customers, trusting the provider to manage and re-route the traffic as needed, as well as provide some level of privacy between virtual circuits that share the same data paths. With the advent of digital networks, Frame Relay dispensed with many of X.25’s error-correction mechanisms, depending on the stability and reliability of the infrastructure to help improve delivery. Early implementations of DSL as often as not used Frame Relay instead of ATM as the underlying transport mechanism.
Frame Relay link speeds can range from 56 Kbps to 1.544 Mbps, with the lower speeds such as 56, 64, 128, 384 and 512 Kbps being the most popular. Unlike a dedicated point-to-point lease line, Frame Relay has the concept of a committed information rate (CIR), which is the minimum bandwidth that a customer’s virtual circuit is guaranteed to have. If the network is not busy, the circuit bandwidth may be allowed to exceed the CIR. If the network is congested, however, any traffic that exceeds the CIR is marked “discard eligible” and will be dropped. Some providers sell service plans with a CIR of 0, meaning that your traffic will be the lowest priority among all the customers and will always be dropped first.
Frame Relay uses a Layer 2 address called a data link connection identifier (DLCI). Each customer’s connection to the provider’s DCE (a Frame Relay switch known as a point of presence, or POP) has its own DLCI number, distinguishing it from other customer connections to that particular POP. The POP then maps the customer’s DLCI to a specific virtual circuit inside the cloud.
With the advent of ATM and most recently IP over multi-protocol label switching (MPLS), Frame Relay has largely been phased out. Some carriers have already migrated away from it, and most plan to end support for it by 2016.
The advantages of Frame Relay are:
The disadvantages of Frame Relay are:
Frame Relay link speeds can range from 56 Kbps to 1.544 Mbps, with the lower speeds such as 56, 64, 128, 384 and 512 Kbps being the most popular. Unlike a dedicated point-to-point lease line, Frame Relay has the concept of a committed information rate (CIR), which is the minimum bandwidth that a customer’s virtual circuit is guaranteed to have. If the network is not busy, the circuit bandwidth may be allowed to exceed the CIR. If the network is congested, however, any traffic that exceeds the CIR is marked “discard eligible” and will be dropped. Some providers sell service plans with a CIR of 0, meaning that your traffic will be the lowest priority among all the customers and will always be dropped first.
Frame Relay uses a Layer 2 address called a data link connection identifier (DLCI). Each customer’s connection to the provider’s DCE (a Frame Relay switch known as a point of presence, or POP) has its own DLCI number, distinguishing it from other customer connections to that particular POP. The POP then maps the customer’s DLCI to a specific virtual circuit inside the cloud.
With the advent of ATM and most recently IP over multi-protocol label switching (MPLS), Frame Relay has largely been phased out. Some carriers have already migrated away from it, and most plan to end support for it by 2016.
The advantages of Frame Relay are:
- It offers facilities like that of a leased line, but at a significantly lower cost.
- It delivers increased performance with reduced network complexity.
- It can be implemented over the existing technology.
- It can be easily configured to combine traffic from different networking protocols.
- It offers a pay-as-you-go structure.
- It can carry traffic that is not IP traffic.
The disadvantages of Frame Relay are:
- Data transmission may exceed network capacity as clients use a common network, and this results in the slowing down of the network.
- The “bursty” nature of traffic in a Frame Relay cloud, along with the use of variable-length frames, makes it difficult to provide QoS. During its most popular years in the 1990’s, it was considered unsuitable for real-time traffic such as voice or video. By 1997, the Frame Relay Forum finally developed a standard for Voice over Frame Relay (VoFR).
Satellite: Satellite Internet access provides for long-range, global wide area network (WAN) transmissions. Because of the great distances the signal must be transmitted, latency tends to be relatively high. Weather can also adversely affect satellite communications. Not well suited for real-time applications. A satellite-based network offers immense geographical coverage, allowing for high-speed connections anywhere in the world to transmit data between endpoints. Satellite transmission systems are used as an alternative to conventional communications, and as a cost-effective method to transmit information to different locations globally. Satellite communications systems use Line of Sight (LoS) microwave transmission. A satellite system consists of two segments: space and ground.
|
Broadband cable: is a type of high-speed internet connection that has surpassed dial-up as the standard way to connect to the internet. Broadband packages come in all shapes and sizes, from ADSL broadband to cable broadband and 3G and 4G mobile broadband. Broadband refers to high-speed data transmission in which a single cable can carry a large amount of data at once. The most common types of Internet broadband connections are cable modems (which use the same connection as cable TV) and DSL modems (which use your existing phone line). Because of its multiple channel capacity, broadband has started to replace baseband, the single-channel technology originally used in most computer networks. In telecommunications, broadband is a wide bandwidth data transmission with an ability to simultaneously transport multiple signals and traffic types. The medium can be coaxial cable, optical fiber, radio or twisted pair. In the context of Internet access, broadband is used to mean any high-speed Internet access that is always on and faster than traditional dial-up access. Cable Internet access requires the installation of a cable television connection and a cable modem to provide users with high-speed Internet access. Cable is a contention-based medium, which means that bandwidth is impacted by the number of nodes within the group. If a lot of people are using the Internet at the same time, speed is usually affected.
DSL/ADSL:
ISDN: Integrated Services Digital Network is an international communications standard for sending voice, video, and data over digital telephone lines or ordinary telephone grade copper wires (circuit switched). ISDN supports data transfer rates of 64 Kbps (64,000 bits per second). Employs baseband transmission. ISDN was slow to achieve standardization and was rapidly overtaken and surpassed in both speeds possible and breadth of deployment by packet-switched technologies. ISDN can deliver speeds up to 128 Kbps over home phone lines. Where it is still available for residential users, it -- like acoustic modems -- typically serves as a last-resort technique for low-end data connectivity, used only when DSL and cable modem services are not available.
ATM: Asynchronous Transfer Mode is a cell-switching network technology. Unlike frame relay, it can guarantee QoS for a particular virtual channel. Frame Relay is the predecessor (came before) of ATM. Operates at Layer 2 of the OSI model.
PPP/multilink PPP:
MPLS: Multiprotocol Label Switching (MPLS) is a high-performance, multi-service switching technology that is used in packet data networks. MPLS is a framework of networking functions that uses labels on any combination of Layer 2 and Layer 3 headers. The router reads the label and forwards the packet to its neighbor as opposed to performing a network address lookup in its routing table. MPLS can travel over PPP, Frame Relay, or ATM, which are each at Layer 2 of the OSI model. The labels created by MPLS are read and rewritten at Layer 3. MPLS is defined by a set of IETF specifications that enable Layer 3 devices such as routers to establish and manage network traffic. It ensures faster switching of data as it follows label switching that helps save processing time of packets by the label-switching routers. MPLS is by itself not a protocol, but rather a framework of networking functions that uses labels on any combination of Layer 2 and Layer 3 headers. Rather than the router having to perform a CPU- intensive network address lookup in its routing table, the label itself tells the router what to do with the packet. The router reads the label and forwards the packet to its neighbor. The forwarding decision is based on the label only, and not the Layer 3 header. Each router rebuilds the label with information for the next hop. MPLS is considered to exist somewhere between Layers 2 and 3 of the OSI model. It can travel over PPP, Frame Relay, or ATM at Layer 2, and its labels are read and rewritten by Layer 3 routers. Because of its labels, MPLS inherently supports QoS, virtual private networks (VPNs) and Ethernet VLANs (EoMPLS). Since it operates over a routed network (most commonly over IP), it can scale to potentially include tens of thousands of locations at any distance. Most companies, however, tend to use Internet-based VPNs to connect their smallest remote locations to the company network. This is because Internet connectivity, while considerably less reliable, is also a fraction of the cost of MPLS, Frame Relay, ATM, or dedicated leased lines. MPLS has succeeded Frame Relay and ATM as the dominant private WAN service. While expensive, it has very good reliability (99.9 – 99.99%). Companies use it mostly to connect branch offices to each other or to the corporate data center. Most providers have migrated, or are in the process of migrating, their Frame Relay/ATM customers to MPLS.
GSM/CDMA: Global System for Mobile Communications (GSM) and Code Division Multiple Access (CDMA) are both standards that describe protocols for 2G digital cellular networks used by mobile phones. They both use radio signals for voice and data communications. They both have derivatives for use with 3G phones. GSM uses Universal Mobile Telecommunications System (UMTS) and CDMA uses CDMA2000. The major difference between the two is how the carrier connects to the phone and how they turn voice data into radio waves.
Dialup: is a form of Internet access that uses the facilities of the public switched telephone network (PSTN) to establish a connection to an Internet service provider (ISP) by dialing a telephone number on a conventional telephone line. Modern dial-up modems typically have a maximum theoretical transfer speed of 56 kbit/s (using the V.90 or V.92 protocol), although in most cases 40–50 kbit/s is the norm. Factors such as phone line noise as well as the quality of the modem itself play a large part in determining connection speeds.
DSL/ADSL:
- Digital Subscriber Line (DSL) is a family of technologies that are used to transmit digital data over telephone lines. In telecommunications marketing, the term DSL is widely understood to mean asymmetric digital subscriber line (ADSL), the most commonly installed DSL technology, for Internet access. DSL service can be delivered simultaneously with wired telephone service on the same telephone line. This is possible because DSL uses higher frequency bands for data. On the customer premises, a DSL filter on each non-DSL outlet blocks any high-frequency interference to enable simultaneous use of the voice and DSL services. The bit rate of consumer DSL services typically ranges from 256 kbit/s to over 100 Mbit/s in the direction to the customer (downstream), depending on DSL technology, line conditions, and service-level implementation. A 2012 survey found that "DSL continues to be the dominant technology for broadband access" with 364.1 million subscribers worldwide.
- Asymmetric Digital Subscriber Line (ADSL) is a type of digital subscriber line (DSL) technology, a data communications technology that enables faster data transmission over copper telephone lines rather than a conventional voiceband modem can provide. ADSL differs from the less common symmetric digital subscriber line (SDSL). In ADSL, Bandwidth and bit rate are said to be asymmetric, meaning greater toward the customer premises (downstream) than the reverse (upstream). Providers usually market ADSL as a service for consumers for Internet access for primarily downloading content from the Internet, but not serving content accessed by others. In ADSL the data throughput in the upstream direction (the direction to the service provider) is lower, hence the designation of asymmetric service.
ISDN: Integrated Services Digital Network is an international communications standard for sending voice, video, and data over digital telephone lines or ordinary telephone grade copper wires (circuit switched). ISDN supports data transfer rates of 64 Kbps (64,000 bits per second). Employs baseband transmission. ISDN was slow to achieve standardization and was rapidly overtaken and surpassed in both speeds possible and breadth of deployment by packet-switched technologies. ISDN can deliver speeds up to 128 Kbps over home phone lines. Where it is still available for residential users, it -- like acoustic modems -- typically serves as a last-resort technique for low-end data connectivity, used only when DSL and cable modem services are not available.
ATM: Asynchronous Transfer Mode is a cell-switching network technology. Unlike frame relay, it can guarantee QoS for a particular virtual channel. Frame Relay is the predecessor (came before) of ATM. Operates at Layer 2 of the OSI model.
PPP/multilink PPP:
- Point-to-Point Protocol (PPP) is a remote networking protocol that works on the Data Link layer (Layer 2) of the TCP/IP protocol suite. PPP is a data link (layer 2) protocol used to establish a direct connection between two nodes. It can provide connection authentication, transmission encryption (using ECP, RFC 1968), and compression. It is used to send IP datagrams over serial point-to-point links. It can be used in synchronous and asynchronous connections. PPP can dynamically configure and test remote network connections, and is often used by clients to connect to networks and the Internet. It also provides encryption for passwords, paving the way for secure authentication of remote users. To log on to a remote session via PPP, you need to enable a remote authentication protocol. The Point-to-Point Protocol over Ethernet (PPPoE) and Point-to-Point Protocol over ATM (PPPoA) are more recent PPP implementations used by many DSL broadband Internet connections.
- Multilink PPP provides a method for spreading traffic across multiple distinct PPP connections.
MPLS: Multiprotocol Label Switching (MPLS) is a high-performance, multi-service switching technology that is used in packet data networks. MPLS is a framework of networking functions that uses labels on any combination of Layer 2 and Layer 3 headers. The router reads the label and forwards the packet to its neighbor as opposed to performing a network address lookup in its routing table. MPLS can travel over PPP, Frame Relay, or ATM, which are each at Layer 2 of the OSI model. The labels created by MPLS are read and rewritten at Layer 3. MPLS is defined by a set of IETF specifications that enable Layer 3 devices such as routers to establish and manage network traffic. It ensures faster switching of data as it follows label switching that helps save processing time of packets by the label-switching routers. MPLS is by itself not a protocol, but rather a framework of networking functions that uses labels on any combination of Layer 2 and Layer 3 headers. Rather than the router having to perform a CPU- intensive network address lookup in its routing table, the label itself tells the router what to do with the packet. The router reads the label and forwards the packet to its neighbor. The forwarding decision is based on the label only, and not the Layer 3 header. Each router rebuilds the label with information for the next hop. MPLS is considered to exist somewhere between Layers 2 and 3 of the OSI model. It can travel over PPP, Frame Relay, or ATM at Layer 2, and its labels are read and rewritten by Layer 3 routers. Because of its labels, MPLS inherently supports QoS, virtual private networks (VPNs) and Ethernet VLANs (EoMPLS). Since it operates over a routed network (most commonly over IP), it can scale to potentially include tens of thousands of locations at any distance. Most companies, however, tend to use Internet-based VPNs to connect their smallest remote locations to the company network. This is because Internet connectivity, while considerably less reliable, is also a fraction of the cost of MPLS, Frame Relay, ATM, or dedicated leased lines. MPLS has succeeded Frame Relay and ATM as the dominant private WAN service. While expensive, it has very good reliability (99.9 – 99.99%). Companies use it mostly to connect branch offices to each other or to the corporate data center. Most providers have migrated, or are in the process of migrating, their Frame Relay/ATM customers to MPLS.
GSM/CDMA: Global System for Mobile Communications (GSM) and Code Division Multiple Access (CDMA) are both standards that describe protocols for 2G digital cellular networks used by mobile phones. They both use radio signals for voice and data communications. They both have derivatives for use with 3G phones. GSM uses Universal Mobile Telecommunications System (UMTS) and CDMA uses CDMA2000. The major difference between the two is how the carrier connects to the phone and how they turn voice data into radio waves.
- LTE/4G: Long Term Evolution (LTE) is a radio technology for wireless broadband access. It offers data rates about 100 times faster than 3G networks, a downlink rate that exceeds 100 Mbps, and an uplink rate of more than 50 Mbps. LTE is backwards compatible with GSM and HSPA. LTE is a radio technology, and does not transmit over satellites or fiber optic cabling.
- HSPA+: High Speed Packet Access (HSPA) refers to a family of technologies based on the 3GPP Release 5 specification, which offers high data rate services in mobile networks. HSPA offers a downlink speed of up to 14 Mbps and an uplink speed of up to 5.8 Mbps, making it possible for users to upload or download data at a high speed without having to wait for cellular service providers to upgrade their hardware. The HSPA family includes High Speed Downlink Packet Access (HSDPA), High Speed Uplink Packet Access (HSUPA), and HSPA+. HSPA+ uses multicarrier technologies in which multiple 5 MHz carriers are aggregated and a bigger data channel is used for data transmission. This large data channel also decreases latency and provides an increased capacity for bursty traffic, such as web applications. Evolved HSPA also aims to use an all-IP architecture, where all base stations will be connected to the Internet via the ISP's edge routers.
- 3G: short for third generation, is the third generation of wireless mobile telecommunications technology. 3G finds application in wireless voice telephony, mobile Internet access, fixed wireless Internet access, video calls and mobile TV. 3G telecommunication networks support services that provide an information transfer rate of at least 200 kbit/s. The first 3G networks were introduced in 1998.
- EDGE: Enhanced Data rates for GSM Evolution (EDGE) is a digital mobile phone technology that allows improved data transmission rates as a backward-compatible extension of GSM. EDGE is considered a pre-3G radio technology and is part of ITU's 3G definition. EDGE was deployed on GSM networks beginning in 2003 – initially by Cingular (now AT&T) in the United States. EDGE can be used for any packet switched application, such as an Internet connection.
Dialup: is a form of Internet access that uses the facilities of the public switched telephone network (PSTN) to establish a connection to an Internet service provider (ISP) by dialing a telephone number on a conventional telephone line. Modern dial-up modems typically have a maximum theoretical transfer speed of 56 kbit/s (using the V.90 or V.92 protocol), although in most cases 40–50 kbit/s is the norm. Factors such as phone line noise as well as the quality of the modem itself play a large part in determining connection speeds.
WiMAX: Wireless Interoperability for Microwave Access (WiMAX) is a packet-based wireless telecommunication technology that provides wireless broadband access over long distances. Based on the IEEE 802.16 standard, it is intended for wireless MANs. WiMAX provides fixed as well as mobile broadband access. It covers a range of about 30 miles for fixed stations and 3 to 10 miles for mobile stations. WiMAX operates in the wireless frequency ranges of between 2 and 11 GHz of the wireless spectrum. WiMAX is of two types: fixed and mobile. WiMAX also provides LoS and NLoS communication, and can provide connection speeds of about 70 Mbps.
WiMAX offers two different services: LoS and NLoS.
|
MetroEthernet: is a metropolitan area network (MAN) that uses Ethernet standards. Metro-Ethernets can connect LANs and individual users to a WAN or to the Internet. Organizations in large cities can use Metro-Ethernet to connect branch locations or offices to an intranet. A typical Metro-Ethernet has a star network or mesh network topology with servers or routers interconnected through cable or fiber optic media. For example, Comcast Business offers a Metro-Ethernet service for businesses with different locations within a city to communicate with using a wider bandwidth. Metro-Ethernet operates at Layer 2 of the OSI model. The Metro Ethernet Forum does not specify exactly how Metro-Ethernet must be provided. Carriers are free to use pure Ethernet, SONET, MPLS, or a combination of IP-related protocols. Metro-Ethernet topology can be ring, star, or full or partial mesh. Popular implementations of Metro-Ethernet currently range 1 Gbps over fiber optic cable at a distance of 100 kilometers, or 100 Gbos at a distance of 10 km. Recent developments promise to provide terabit data rates. Metro-Ethernet can be connected to using Layer 2 switches or Layer 3 routers. Companies can extend their VLANs to other locations using 802.1q VLAN tagging over Metro-Ethernet. While it is inexpensive and easy to implement, Metro-Ethernet does not currently scale as well as other MPLS implementations. As such, large organizations are using it as their core backbone, particularly for replicating between data centers or for aggregating call center traffic to their data centers. The following diagram shows the use of Metro-Ethernet, MPLS, and the Internet for WAN connectivity.
Leased line: is a private bidirectional or symmetric telecommunications line between two or more locations provided in exchange for a monthly rent. Leased lines (AKA "dedicated lines") are used by only a single user, bandwidth is fixed and is not impacted by other users in the area. Leased lines are dedicated and provide uncontended, symmetrical speeds, full-duplex. In order to implement a different DS service, telephone companies use T-lines whose carrying capacities match the data rates of DS services. Depending on the number of DS0 links bundled together, you can get different amounts of bandwidth. Often, you will hear of links being referred to as fractional T1s, meaning that the customer has purchased less than the full 24 DS0s required to create a T1. The E-carrier system is a dedicated digital line that transmits voice or data. It is used in Europe, Mexico, and South America. The different E carriers transmit data at different rates.
Circuit switch vs. packet switch: are two networking methods for transferring data between two nodes or hosts. For a packet-switched network, data is transferred by dividing the data into individual packets and passing it through the circuits to the other host. In packet-switched networks, the route is not exclusively determined when the packets hit the wire. Using routing algorithms, each packet may actually take a different route through the network to arrive at the destination host. Unlike a circuit-switched network where a static route is setup and pre-established prior to initializing connections to the host.
Leased line: is a private bidirectional or symmetric telecommunications line between two or more locations provided in exchange for a monthly rent. Leased lines (AKA "dedicated lines") are used by only a single user, bandwidth is fixed and is not impacted by other users in the area. Leased lines are dedicated and provide uncontended, symmetrical speeds, full-duplex. In order to implement a different DS service, telephone companies use T-lines whose carrying capacities match the data rates of DS services. Depending on the number of DS0 links bundled together, you can get different amounts of bandwidth. Often, you will hear of links being referred to as fractional T1s, meaning that the customer has purchased less than the full 24 DS0s required to create a T1. The E-carrier system is a dedicated digital line that transmits voice or data. It is used in Europe, Mexico, and South America. The different E carriers transmit data at different rates.
- T-1: Transmission System 1 (T-1), was introduced in 1962 in the Bell System, and could transmit up to 24 telephone calls simultaneously over a single transmission line of copper wire. T-1 is a phone/internet leased line (dedicated connection) that provides a maximum transmission speed of 1.544 Mbps. A T-1 line actually consists of 24 individual channels, each of which supports 64Kbps. Each 64Kbit/second channel can be configured to carry voice or data traffic. Most telephone companies allow you to buy just some of these individual channels, known as fractional T-1 access. T-1 lines are a popular leased line option for businesses connecting to the Internet and for Internet Service Providers (ISPs) connecting to the Internet backbone. The Internet backbone itself consists of faster T-3 connections. T-1 lines are sometimes referred to as DS1 lines.
- T-3: Transmission System 3 (T-3) could transmit up to 672 telephone calls over a single transmission line of copper wire. T-3 is a phone/internet leased line (dedicated connection) that provides a maximum transmission speed of 44.736 Mbps. A T-3 line actually consists of 672 individual channels, each of which supports 64 Kbps. T-3 lines are used mainly by Internet Service Providers (ISPs) connecting to the Internet backbone and for the backbone itself. T-3 lines are sometimes referred to as DS3 lines.
- E-1: is a European digital transmission format devised by the ITU-TS and given the name by the Conference of European Postal and Telecommunication Administration (CEPT). It's the equivalent of the North American T-carrier system format. E2 through E5 are carriers in increasing multiples of the E1 format. The E1 signal format carries data at a rate of 2.048 million bits per second and can carry 32 channels of 64 Kbps* each. E1 carries at a somewhat higher data rate than T-1 (which carries 1.544 million bits per second) because, unlike T-1, it does not do bit-robbing and all eight bits per channel are used to code the signal. E1 and T-1 can be interconnected for international use.
- E-3: carries 16 E1 signals with a data rate of 34.368 million bits per second.
- OC3: Optical Carrier 3 (OC3) is a network line with transmission data rate of up to 155.52 Mbit/s (payload: 148.608 Mbit/s; overhead: 6.912 Mbit/s, including path overhead) using fiber optics. Depending on the system OC-3 is also known as STS-3 (electrical level) and STM-1 (SDH). Optical Carrier transmission rates are a standardized set of specifications of transmission bandwidth for digital signals that can be carried on Synchronous Optical Networking (SONET) fiber optic networks. Transmission rates are defined by rate of the bitstream of the digital signal and are designated by hyphenation of the acronym OC and an integer value of the multiple of the basic unit of rate, e.g., OC-48. The base unit is 51.84 Mbit/s. Thus, the speed of optical-carrier-classified lines labeled as OC-n is n × 51.84 Mbit/s.
- OC12: Optical Carrier 12 (OC12) is a network line with transmission speeds of up to 622.08 Mbit/s (payload: 601.344 Mbit/s; overhead: 20.736 Mbit/s). OC-12 lines are commonly used by ISPs as Wide area network (WAN) connections. While a large ISPs would not use an OC-12 as a backbone (main link), it would for smaller, regional or local connections. This connection speed is also often used by mid-sized (below Tier 2) internet customers, such as web hosting companies or smaller ISPs buying service from larger ones.
Circuit switch vs. packet switch: are two networking methods for transferring data between two nodes or hosts. For a packet-switched network, data is transferred by dividing the data into individual packets and passing it through the circuits to the other host. In packet-switched networks, the route is not exclusively determined when the packets hit the wire. Using routing algorithms, each packet may actually take a different route through the network to arrive at the destination host. Unlike a circuit-switched network where a static route is setup and pre-established prior to initializing connections to the host.
1.5 Install and properly terminate various cable types and connectors using appropriate tools
|
Copper connectors
Copper cables
Fiber connectors
Fiber cables
Media converters: enable you to connect different types of media (twisted pair, fiber, coax) within a network. Most common usage is to insert fiber segments into copper networks. This gives you the ability extend your Ethernet network beyond the 100-meter limit imposed by copper cable.
Tools
|
1.6 Differentiate between common network topologies
Network topology is the arrangement of the various elements (links, nodes, etc.) of a computer network. Essentially, it is the topological structure of a network and may be depicted physically or logically. Physical topology is the placement of the various components of a network, including device location and cable installation, while logical topology illustrates how data flows within a network, regardless of its physical design. Distances between nodes, physical interconnections, transmission rates, or signal types may differ between two networks, yet their topologies may be identical.
Mesh: every computer connects to every other computer via two or more routes. An expensive mess!
- Partial: in a partially meshed topology network, at least two machines have redundant connections. Every machine doesn't have to connect to every other machine.
- Full: every computer connects directly to every other computer.
Formula to create a fully meshed network:
y = # of computers
# of connections = y(y - 1)/2
For example: if you have 6 computers, you need 6(6 - 1)/2 = 30/2 = 15 connections to create a fully meshed network.
Bus: uses a single cable that connects all of the computers in a line. Data from each computer simply goes out on the whole bus. It needs termination at each end of the cable to prevent a signal sent from one computer from reflecting at the ends of the cable, quickly bringing the network down. The entire network stops working if the cable breaks at any point. The broken ends aren't terminated, causing reflection between computers that are still connected.
Ring: connects all computers on the network with a ring of cable. Data traffic moves in a circle from one computer to the next in the same direction. With no end to the cable, ring networks require no termination. The entire network stops working if the cable breaks at any point. A break simply breaks the circuit, stopping the data flow.
Star: uses a central connection box for all the computers on the network. Offers fault tolerance -- if one of the cables breaks, all of the other computers can still communicate. Bus and ring topology networks were popular and inexpensive to implement, so the old-style star topology networks weren't very successful. Network hardware designers couldn't easily redesign their existing networks to use a star topology.
Hybrid: any form of networking technology that combines a physical topology with a signaling (logical) topology. Only two hybrid topologies, star-ring and star-bus ever say any amount of popularity. Eventually star-ring lost market share, and star-bus reigned as the undisputed king of topologies.
Point-to-Point: two computers connect directly together with no need for a central device of any kind. These are implemented in both wired and wireless networks. The simplest topology with a dedicated link between two endpoints. Easiest to understand, of the variations of point-to-point topology, is a point-to-point communications channel that appears, to the user, to be permanently associated with the two endpoints. A child's tin can telephone is one example of a physical dedicated channel. Using circuit-switching or packet-switching technologies, a point-to-point circuit can be set up dynamically and dropped when no longer needed. Switched point-to-point topologies are the basic model of conventional telephony. The value of a permanent point-to-point network is unimpeded communications between the two endpoints.
Point-to-Multipoint: a single system acts as a common source through which all members of the point-to-multipoint network converse. Similar to a star topology, but a point-to-multipoint topology requires an intelligent device in the center, whereas the device in the center of a star topology has little more to do than send or provide a path for a signal down all the connections.
Client-Server: is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. The server is often designed to be a centralized system that serves many clients. The computing power, memory and storage requirements of a server must be scaled appropriately to the expected work load (i.e., the number of clients connecting simultaneously). Load balancing and failover systems are often employed to scale the server implementation.
Peer-to-Peer: network is designed around the notion of equal peer nodes simultaneously functioning as both "clients" and "servers" to the other nodes on the network. This model of network arrangement differs from the client–server model where communication is usually to and from a central server.
1.7 Differentiate between network infrastructure implementations
Exam Essentials:What is the difference between a WAN, MAN, LAN, WLAN, and PAN?
A WAN is a network that extends beyond a single organization's boundaries and control. A MAN is a network that connects a community and often connects that community to the Internet. A LAN is the most common type of network in business today. All connections on the LAN are generally privately owned and controlled by the organization. A WLAN is a network that contains wireless connections for additional flexibility through use by wireless devices. A PAN is a relatively small network that is generally provided to an individual for their temporary use or for letting others use their connection. Types of PANs include Bluetooth, IR, and NFC. Know the main concepts of SCADA/ICS. SCADA is a system that can provide for the remote control of systems used for industry. It is used to control systems such as water filtration plants, power generation systems, oil and gas pipelines, and so on. It consists of an ICS server, a closed network, a remote terminal unit, and programmable logic controllers. Know the main concepts of medianets. A medianet is an end-to-end architecture for a network designed to provide rich-media content. It consists of intelligent technologies and devices that adapt to different media needs. Types of media might include video teleconferencing (VTC) as well as other synchronous and asynchronous media. |
• WAN: Wide Area Network is a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs). Computers connected to a wide-area network are often connected through public networks, such as the telephone system. They can also be connected through leased lines or satellites. The largest WAN in existence is the Internet.
• MAN: Metropolitan Area Network is a network that interconnects users with computer resources in a geographic area or region larger than that covered by even a large local area network (LAN) but smaller than the area covered by a wide area network (WAN). The term is applied to the interconnection of networks in a city into a single larger network (which may then also offer efficient connection to a wide area network). It is also used to mean the interconnection of several local area networks by bridging them with backbone lines. The latter usage is also sometimes referred to as a campus network. Metro-Ethernet is a metropolitan area network that uses Ethernet standards. • LAN: Local Area Network is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building and has its network equipment and interconnects locally managed. Ethernet and Wi-Fi are the two most common transmission technologies in use for LANs. • WLAN: a wireless local area network (WLAN) is a wireless computer network that links two or more devices using a wireless distribution method (often spread-spectrum or OFDM radio) within a limited area such as a home, school, computer laboratory, or office building. A mobile user can connect to a local area network (LAN) through a wireless (radio) connection. A.K.A. "Wi-Fi." A WLAN is rarely completely wireless -- it's simply the part of your network that is wireless that connects to the rest of your wired network. - Hotspot: is a physical location where people may obtain Internet access, typically using Wi-Fi technology, via a wireless local area network (WLAN) using a router connected to an internet service provider. Public hotspots may be found in a number of businesses for use of customers, such as coffee shops or hotels. Hotspots differ from wireless access points, which are the hardware devices used to provide a wireless network service. Private hotspots allow Internet access to a device (such as a tablet) via another device which may have data access via say a mobile device. • PAN: a personal area network (PAN) is a WLAN that is established by an individual to invite others to join for a specific purpose, namely to share a connection that they otherwise would not be able to access. It can be permanent but is more likely to be temporary. PAN is a computer network used for data transmission amongst devices such as computers, telephones, tablets and personal digital assistants. Uses Bluetooth, Infrared (IR), or Near-Field Communication (NFC). - For example, I once created a PAN to be used to teach a class when the training center temporarily lost Internet access to our servers. It allowed the students to connect to my WLAN cellular card from AT&T and share my bandwidth so they could make a connection to remote servers and do their labs. Needless to say, it wasn't nearly as fast for them as the normal connection to the Internet, so we quickly abandoned it as soon as the training center's connection was restored. My PAN allowed them to use a Bluetooth connection to my laptop, but other methods include infrared (IR) and even near field communication (NFC). - Bluetooth: a wireless technology that enables the exchange of data over relatively short distances (10 meters / 30 feet) using radio waves. It operates in the 2.4 to 2.485 GHz band and can be used by individual devices such as headsets, mic, and cars, or as the infrastructure for a PAN. Bluejacking and bluesnarfing both have to do with exploiting flaws in Bluetooth device-to-device communication. Can cause RF interference. - IR: Infrared is radiant energy that is invisible to the human eye. The reason the light is invisible is that it is below (infra means "below") red light on the light spectrum, which is the lowest color that human beings can see. Just because you can't see this light doesn't mean that you can't use it. In fact, you can use it for any number of things from changing the channels on your TV (TV remote) to controlling a cool toy or to create a PAN. Typical WPAN devices that use IR include printers, keyboards, and other serial data interfaces. - NFC: Near-field communication (NFC) is a special standard established for smartphones that enables them to dynamically create a mini PAN by touching them together or holding them only a few (4 cm) centimeters (2 in) away from each other. This network can then be used to exchange data for such things as a door key, a ticket for a train, a payment for services rendered, a photo, a telephone number and contact information, etc. NFC devices are used in contactless payment systems, similar to those used in credit cards and electronic ticket smartcards and allow mobile payment to replace/supplement these systems. NFC is used for social networking, for sharing contacts, photos, videos or files. NFC-enabled devices can act as electronic identity documents and keycards. NFC offers a low-speed connection with simple setup that can be used to bootstrap more capable wireless connections. • SCADA/ICS: Supervisory Control And Data Acquisition (SCADA) is a system that can provide remote control of industrial equipment by telemetry, usually wireless or satellite data. It differes from other industrial control systems (ICSs) by its ability to handle large-scale processes on multiple systems and over large distances. These processes might include power generation, fabrication, water treatment, oil and gas pipelines, electrical power transmission, civil defense systems, air-conditioning and ventilation systems, lighting and so on. The key component in this type of system might include an ICS server, DCS/closed network, remote terminal unit, and programmable logic controller. At the core of many modern industries such as oil and gas, manufacturing, energy, power, water, transportation, and more. - For example, did you know that Walmart controls most of the lighting, air-conditioning, and heating for most of its stores from a central location? This kind of centralized control can result in tremendous cost savings. - ICS server: an Industrial Control System Server is the data acquisition software component that uses industrial protocols to connect software to the other components of the system. - DCS/closed network: More sophisticated implementations use a smart system called a DCS or closed network system. It is so called because of its ability to autonomously execute simple logic processes without involving the master computer or the human operator. As you might imagine, this can have a good side and a bad side. - Remote terminal unit: connect to sensors and convert telemetry signals into digital data. They can send and receive data from the ICS server and prepare it for use with the next component in the system, which will actually make something move or change. - Programmable logic controller: can also process data into digital signals, but they use sensors installed by the manufacturer and not telemetry data. • Medianets: according to Cisco, "a medianet is an end-to-end architecture for a network comprising advanced, intelligent technologies and devices in a platform optimized for the delivery of rich-media experiences." In other words, a medianet is a modern network that was built with media delivery in mind. It can automatically adapt to different types of media needs such as video surveillance, desktop collaboration, streaming video, and even telepresence. It assures that new services can be quickly established and given the resources that they require (bandwidth, RAM, CPU, and so on) and also takes into account the current services that are running on it so as not to degrade their performance. - VTC: one of the services that continues to expand, partially because of escalating costs of travel, is video teleconferencing (VTC). The idea behind VTC, rather than just a picture phone, is that entire groups of people are joined together without having to jump on planes and increase their expenses, not to mention their carbon footprint. Expanded bandwidth, enhanced IP technologies, and specialized protocols like the session initiation protocol (SIP) have made videoconferencing clear and easy to use. - ISDN: Integrated Services Digital Network (ISDN) is a set of communication standards for simultaneous digital transmission of voice, video, data, and other network services over the traditional circuits of the public switched telephone network. Prior to ISDN, the telephone system was viewed as a way to transport voice, with some special services available for data. The key feature of ISDN is that it integrates speech and data on the same lines, adding features that were not available in the classic telephone system. ISDN is a circuit-switched telephone network system, which also provides access to packet switched networks, designed to allow digital transmission of voice and data over ordinary telephone copper wires, resulting in potentially better voice quality than an analog phone can provide. It offers circuit-switched connections (for either voice or data), and packet-switched connections (for data), in increments of 64 kilobit/s. - IP/SIP: Session Initiation Protocol (SIP) is a signaling protocol for multimedia communication sessions that initiates, modifies, and terminates a session. The most common applications of SIP are in Internet telephony, as well as instant messaging, over Internet Protocol (IP) networks. SIP must work with other protocols because it is responsible only for the signaling portion of a communication session. The major difference between the Session Initiation Protocol (SIP) and the Real-Time Transport Protocol (RTP) is SIP is used for control signaling such a call setup and teardown. |
1.8 Given a scenario, implement and configure the
appropriate addressing schema
IPv6 address rules:
|
IP addressing is used to stitch together your network of computers and routers and connect it to other networks and to the Internet. The details of how you use IP addressing will vary with the needs of your organization but may include IPv6, IPv4, private addresses, public addresses, NAT, PAT, and so on. In addition, you will need services to resolve MAC addresses to IP addresses in more creative ways such as multicast addressing. Finally, you will need to understand the different types of communication that your network will use such as unicast and broadcast and the almost automatic domains of communication that will result from your network schema.
An IP address is a binary address assigned to a computer so that it can communicate with other computers and devices on a Transmission Control Protocol/Internet Protocol (TCP/IP) network. IPv4 addresses are 32 bits in length, while IPv6 addresses are 128 bits long. IPv6 addresses are written using hexadecimal values and IPv4 addresses are written using decimal values. • IPv6: Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4. IPv6 addresses have a size of 128 bits. Each section between a set of colons should have 16 bits. Therefore, IPv6 has a vastly enlarged address space compared to IPv4. - To use ping with IP version 6 (IPv6) addresses, you use the ping -6 command. On a Linux machine, you would use ping6. - Auto-configuration: allows the various devices attached to an IPv6 network to connect to the Internet without requiring any intermediate IP support in the form of a Dynamic Host Configuration Protocol (DHCP) server. Essentially this is a method that hosts can configure their IP address and other parameters without the need for a server. It also defines a method whereby the IP addresses on a network can be renumbered (changed en masse). This method is called “stateless” because it begins from a “dead start” with no information (or “state”) at all for the host to work with, and has no need for a DHCP server. This is in contrast to the server-based method using something like DHCPv6 (which is called "stateful"). - EUI 64: 64-bit Extended Unique Identifier is most commonly derived from its 48-bit MAC address. For example: a MAC address 00:0C:29:0C:47:D5 is turned into a 64-bit EUI-64 by inserting FF:FE in the middle: 00:0C:29:FF:FE:0C:47:D5. - DHCP6: Dynamic Host Configuration Protocol version 6 (DHCPv6) is a network protocol for configuring IPv6 hosts with IP addresses, IP prefixes and other configuration data required to operate in an IPv6 network. IPv6 hosts may automatically generate IP addresses internally using stateless address autoconfiguration, or they may be assigned configuration data with DHCPv6. - Link local: Just as with IPv4, there are global addresses and link local addresses with IPv6. Simply put, any address that starts with FE:80 has been set aside for unicast link local addressing on your private network. These addresses may be manually assigned or may be assigned using a DHCP server. - Address structure: IPv6 addresses are represented as eight groups of four hexadecimal digits with the groups being separated by colons, for example 2001:0db8:0000:0042:0000:8a2e:0370:7334, but methods to abbreviate this full notation exist. In IP version 6 (IPv6), everything to the left of the mask is referred to as the prefix. Different levels in the IP addressing hierarchy have different prefix lengths, and thus, different subnet mask assignments. The sequence of information is: RIR – ISP – Site (org) – Subnet – Host - Address compression: Some types of IPv6 addresses contain long sequences of zeros. A contiguous sequence of 16-bit blocks set to 0 in the colon-hexadecimal format can be compressed to :: (known as double-colon). To avoid ambiguity, you can perform the double-colon substitution only once per address. - Tunneling 6to4, 4to6: --> 6to4 is an Internet transition mechanism for migrating from IPv4 to IPv6, a system that allows IPv6 packets to be transmitted over an IPv4 network (generally the IPv4 Internet) without the need to configure explicit tunnels. Special relay servers are also in place that allow 6to4 networks to communicate with native IPv6 networks. 6to4 does not facilitate interoperation between IPv4-only hosts and IPv6-only hosts. 6to4 is simply a transparent mechanism used as a transport layer between IPv6 nodes. --> 4to6 is an Internet transition mechanism that allows IPv4 packets to be transmitted over an IPv6 network. Teredo, miredo: --> Teredo tunneling encapsulates IPv6 packets to be sent across IPv4 networks. --> Miredo is a Teredo tunneling client designed to allow full IPv6 connectivity to computer systems which are on the IPv4-based Internet but which have no direct native connection to an IPv6 network. • IPv4: Internet Protocol version 4 address uses 32-bit binary addresses and provides approximately 4.3 billion addresses and is represented in what we call dotted decimal format. In addition to the IP address, a subnet mask is also used with IPv4, which has the effect of measuring the address to determine which parts of it are the network portion and which parts are the host portion. - Address structure: IPv4 addresses may be represented in any notation expressing a 32-bit integer value. They are most often written in the dot-decimal notation, which consists of four octets of the address expressed individually in decimal numbers and separated by periods. Example: 192.168.1.1 - Subnetting: A subnet mask is a number assigned to each host for dividing the IP address into network and node portions. A subnet mask is a series of continuous binary 1s that end abruptly at some point, followed by all 0s. Where the 1s end and the 0s begin marks the dividing line between network ID and host ID. For example: 11111111 11111111 11111111 00000000 The subnet mask above indicates that the first three octets constitute the network ID, while the final octet is the host ID. Subnetting is the process of logically dividing a network into smaller subnetworks or subnets, with each subnet having a unique address. The conventional addressing technique has IP addresses with two hierarchical levels, namely the network ID and host ID. However, in subnet addressing, the host portion is further subdivided into the subnet ID and host ID, so subnet addressing is designed with three hierarchical levels: a network ID, subnet ID, and host ID. You should understand, however, that there is only one subnet mask applied to the IP address. For example, you can think of a subnet as part of your postal address. Each set of numbers represents a geographic area, and as it moves from the left to the right the geographic area becomes more specific. With the IP address of 192.168.12.10, 192 is your country or state, 168 is your city, 12 is your street, and 10 is your house number. Subnetting enables you to separate a network for security (separating a bank of public access computers from your more private computers) and for bandwidth control (separating a heavily used LAN from one that's not so heavily used). The cornerstone to subnetting lies in the subnet mask. You cannot subnet without using binary (1s and 0s)! Most network folks represent subnet masks using special shorthand: a / character followed by a number equal to the number of ones in the subnet mask. Here are a few examples: Class A = 255.0.0.0 = 11111111000000000000000000000000 = /8 (8 ones) Class B = 255.255.0.0 = 11111111111111110000000000000000 = /16 (16 ones) Class C = 255.255.255.0 = 11111111111111111111111100000000 = /24 (24 ones) |
- APIPA: Automatic Private IP Addressing (APIPA) is a service that enables a DHCP client computer to assign itself an IP address in case no DHCP servers respond to its DHCP discover broadcast. Clients can use APIPA to assign themselves an IP address in the 169.254.x.x address range to enable communication with other clients until the issue with the DHCP server is resolved. APIPA addresses are not routable, however, which means that communication is restricted to the local subnet.
- Classful A, B, C, D: The method divides the address space for Internet Protocol Version 4 (IPv4) into five address classes. Each class, coded in the first four bits of the address, defines either a different network size, i.e. number of hosts for unicast addresses (classes A, B, C), or a multicast network (class D). Classes A, B, C are networks of three different network sizes, i.e. number of hosts for unicast addresses. Class D is for multicast. The class E address range is reserved for future or experimental purposes. Under classful networking, the subnet mask was implied by which address range (class) the address occupied and did not need to be specified separately.
- Classless: Classless interdomain outing (CIDR) is a classless addressing method that considers a custom subnet mask as a 32-bit binary word. Mask bits can move in one-bit increments to provide the exact number of nodes and networks required. The CIDR notation combines a network address with a number to represent the number of one bits in the mask. With CIDR, multiple class-based networks can be represented as a single block. Variable length subnet masks (VLSM) and CIDR are essentially the same thing. They both use slash notation to represent a custom subnet mask. The difference is that VLSM refers to lengthening the mask to create multiple subnets out of a single network, whereas CIDR refers to shortening the mask to aggregate smaller networks into a larger network for routing purposes on the Internet.
CIDR and subnetting are virtually the same thing. Subnetting is done by an organization (it is given a block of addresses and then breaks the single block of addresses into multiple subnets), while CIDR is done by an ISP (it is given a block of addresses, subnets the block into multiple subnets, and then passes out the smaller individual subnets to customers.
• Private vs. public:
--> A public IP address is an IP address that can be accessed over the Internet. Like postal address used to deliver a postal mail to your home, a public IP address is the globally unique IP address assigned to a computing device. Your public IP address can be found at What is my IP Address page.
--> A private IP address on the other hand is used to assign computers within your private space without letting them directly expose to the Internet. For example, if you have multiple computers within your home you may want to use private IP addresses to address each computer within your home. In this scenario, your router get the public IP address, and each of the computers, tablets and smartphones connected to your router (via wired or wifi) get a private IP address from your router via DHCP protocol.
• NAT/PAT: Network Address Translation (NAT) and Port Address Translation (PAT) both map IP addresses on an internal network to IP addresses on an external network. Which method of address translation you use depends on the types of networks that you are translating and the number of available IP addresses that you have.
--> Network Address Translation (NAT) is a feature of a router that will translate IP addresses. When a packet comes in, it will be rewritten in order to forward it to a host that is not the IP destination. A router will keep track of this translation, and when the host sends a reply, it will translate back the other way. For example: If you are connecting a site in the 10.10.10.0 network to a site in the 10.10.20.0 network, you could use NAT to translate 10.10.10.0 IP addresses to available 10.10.20.0 IP addresses so that hosts on the 10.10.10.0 network can access data and use network resources on the 10.10.20.0 network. However, for this scenario to work, you must have an address pool that contains enough available IP addresses on the 10.10.20.0 network to accommodate every host on the 10.10.10.0 network, because NAT requires a one-to-one relationship when translating IP addresses.
--> Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses. PAT attempts to use the original source port number of the internal host to form a unique, registered IP address and port number combination. For example, two hosts that have been assigned the IP addresses 10.10.10.100 and 10.10.10.101, respectively, could send traffic to and receive traffic from the Internet by using the single public IP address 123.45.67.89. If that port number is already allocated, PAT searches for an available alternate source port number. Therefore, the host at IP address 10.10.10.100 could access the Internet by using the public IP address and source port combination of 123.45.67.89:10000. Meanwhile, the host at IP address 10.10.10.101 could access the Internet by using the IP address and source port combination of 123.45.67.89:10001.
• MAC addressing: A Media Access Control address (MAC address) of a computer is a unique identifier assigned to network interfaces for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. These numbers (sometimes called "hardware addresses" or "physical addresses") are embedded into the network hardware during the manufacturing process, or stored in firmware, and designed to not be modified.
• Multicast: is group communication where information is addressed to a group of destination computers simultaneously. Multicast sends data only to interested destinations by using special address assignments. Group communication may either be application layer multicast or network assisted multicast, where the latter makes it possible for the source to efficiently send to the group in a single transmission. IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is a form of point-to-multipoint communication often employed for streaming media applications on the Internet and private networks. IP multicast is the IP-specific version of the general concept of multicast networking. It uses specially reserved multicast address blocks in IPv4 and IPv6. In IPv6, IP multicast addressing replaces broadcast addressing as implemented in IPv4.
• Unicast: is the sending of messages to a single network destination identified by a unique address.
• Broadcast: transmitting the same data to all possible destinations.
- Classful A, B, C, D: The method divides the address space for Internet Protocol Version 4 (IPv4) into five address classes. Each class, coded in the first four bits of the address, defines either a different network size, i.e. number of hosts for unicast addresses (classes A, B, C), or a multicast network (class D). Classes A, B, C are networks of three different network sizes, i.e. number of hosts for unicast addresses. Class D is for multicast. The class E address range is reserved for future or experimental purposes. Under classful networking, the subnet mask was implied by which address range (class) the address occupied and did not need to be specified separately.
- Classless: Classless interdomain outing (CIDR) is a classless addressing method that considers a custom subnet mask as a 32-bit binary word. Mask bits can move in one-bit increments to provide the exact number of nodes and networks required. The CIDR notation combines a network address with a number to represent the number of one bits in the mask. With CIDR, multiple class-based networks can be represented as a single block. Variable length subnet masks (VLSM) and CIDR are essentially the same thing. They both use slash notation to represent a custom subnet mask. The difference is that VLSM refers to lengthening the mask to create multiple subnets out of a single network, whereas CIDR refers to shortening the mask to aggregate smaller networks into a larger network for routing purposes on the Internet.
CIDR and subnetting are virtually the same thing. Subnetting is done by an organization (it is given a block of addresses and then breaks the single block of addresses into multiple subnets), while CIDR is done by an ISP (it is given a block of addresses, subnets the block into multiple subnets, and then passes out the smaller individual subnets to customers.
• Private vs. public:
--> A public IP address is an IP address that can be accessed over the Internet. Like postal address used to deliver a postal mail to your home, a public IP address is the globally unique IP address assigned to a computing device. Your public IP address can be found at What is my IP Address page.
--> A private IP address on the other hand is used to assign computers within your private space without letting them directly expose to the Internet. For example, if you have multiple computers within your home you may want to use private IP addresses to address each computer within your home. In this scenario, your router get the public IP address, and each of the computers, tablets and smartphones connected to your router (via wired or wifi) get a private IP address from your router via DHCP protocol.
• NAT/PAT: Network Address Translation (NAT) and Port Address Translation (PAT) both map IP addresses on an internal network to IP addresses on an external network. Which method of address translation you use depends on the types of networks that you are translating and the number of available IP addresses that you have.
--> Network Address Translation (NAT) is a feature of a router that will translate IP addresses. When a packet comes in, it will be rewritten in order to forward it to a host that is not the IP destination. A router will keep track of this translation, and when the host sends a reply, it will translate back the other way. For example: If you are connecting a site in the 10.10.10.0 network to a site in the 10.10.20.0 network, you could use NAT to translate 10.10.10.0 IP addresses to available 10.10.20.0 IP addresses so that hosts on the 10.10.10.0 network can access data and use network resources on the 10.10.20.0 network. However, for this scenario to work, you must have an address pool that contains enough available IP addresses on the 10.10.20.0 network to accommodate every host on the 10.10.10.0 network, because NAT requires a one-to-one relationship when translating IP addresses.
--> Port Address Translation (PAT), is an extension to network address translation (NAT) that permits multiple devices on a local area network (LAN) to be mapped to a single public IP address. The goal of PAT is to conserve IP addresses. PAT attempts to use the original source port number of the internal host to form a unique, registered IP address and port number combination. For example, two hosts that have been assigned the IP addresses 10.10.10.100 and 10.10.10.101, respectively, could send traffic to and receive traffic from the Internet by using the single public IP address 123.45.67.89. If that port number is already allocated, PAT searches for an available alternate source port number. Therefore, the host at IP address 10.10.10.100 could access the Internet by using the public IP address and source port combination of 123.45.67.89:10000. Meanwhile, the host at IP address 10.10.10.101 could access the Internet by using the IP address and source port combination of 123.45.67.89:10001.
• MAC addressing: A Media Access Control address (MAC address) of a computer is a unique identifier assigned to network interfaces for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. These numbers (sometimes called "hardware addresses" or "physical addresses") are embedded into the network hardware during the manufacturing process, or stored in firmware, and designed to not be modified.
• Multicast: is group communication where information is addressed to a group of destination computers simultaneously. Multicast sends data only to interested destinations by using special address assignments. Group communication may either be application layer multicast or network assisted multicast, where the latter makes it possible for the source to efficiently send to the group in a single transmission. IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is a form of point-to-multipoint communication often employed for streaming media applications on the Internet and private networks. IP multicast is the IP-specific version of the general concept of multicast networking. It uses specially reserved multicast address blocks in IPv4 and IPv6. In IPv6, IP multicast addressing replaces broadcast addressing as implemented in IPv4.
• Unicast: is the sending of messages to a single network destination identified by a unique address.
• Broadcast: transmitting the same data to all possible destinations.
• Broadcast domains vs. collision domains:
--> A broadcast domain is a network segment on which broadcasts occur (the same data is transmitted to all possible destinations).
--> In a collision domain, nodes contend for access to the same physical medium. This occurs on a logical bus, where the transmission of a single node is heard by all nodes. A collision can happen in this type of situation.
--> A broadcast domain is a network segment on which broadcasts occur (the same data is transmitted to all possible destinations).
--> In a collision domain, nodes contend for access to the same physical medium. This occurs on a logical bus, where the transmission of a single node is heard by all nodes. A collision can happen in this type of situation.
1.9 Explain the basics of routing concepts and protocols
1.10 Identify the basics elements of unified communication technologies
• VoIP: Voice Over IP is a voice-over-data implementation in which voice signals are transmitted in real or near-real time over IP networks. One drawback is if a power outage results in you being unable to get online, you cannot make a VoIP call. It is commonplace to put all VoIP phones on their own VLAN, so there is no interference coming from nodes that are sending email or downloading large files on the same network. The switches and routers can then be configured to give the VoIP VLAN priority over other VLANs. User Datagram Protocol (UDP) is commonly used in streaming media such as Voice over IP (VoIP), real-time video (as opposed to video-on-demand), and network management applications in which a device is polled regularly for its health. It is used when performance is more important than the ability to receive all of the data.
• Video: real time video calls/conferencing over an IP network.
• Real-time services: real-time UC technologies include:
- Multicast vs. unicast:
--> A Multicast transmission sends IP packets to a group of hosts on a network. In other words, multicast sends data only to interested destinations by using special address assignments. Class D addresses are set aside to support multicast transmissions. Any network can use them, regardless of the base network ID. A multicast server assigns a single Class D address to all members of a multicast session. There is no subnet mask. Class D addresses are routable only with special support from routers. The technical definition of a Class D address is any address where the first octet (on the left) begins with 1110.
--> A Unicast transmission/stream sends IP packets to a single recipient on a network. In other words, unicast transmission is the sending of messages to a single network destination identified by a unique address.
• Non-real-time UC technologies include:
• QoS: Quality of Service
- DSCP: Differentiated services code point (DSCP) is a field in IPv4 and IPv6 headers and is a component that aids in QoS. It is a field in an IP packet that enables different levels of service to be assigned to network traffic.
- COS: is a parameter used in data and voice protocols to differentiate the types of payloads contained in the packet being transmitted. It aids Quality of Service (QoS) by assigning priorities to the data payload or access levels to the telephone call.
• Devices:
- UC servers: Unified communications servers provide the voice, video, fax, messaging, and more actual services that users will use. It can be a proprietary appliance bundled with the desired features and powered Ethernet switchports, or it could also be a generic server with the appropriate hardware specifications and the UC software product installed on it. As with many UC products, it can also be a virtual server in a provider’s cloud.
- UC devices: Unified communications devices are client-side devices that allow end users to use unified communications services. They can include IP or video- enabled phones, headsets, webcams and busy lights, and other meeting room devices.
- UC gateways: A Unified Communications gateway connects your private UC network with a public network. It allows users to connect with the outside world, and also allows mobile users to connect from the outside into the private network. Unified communications gateways connect your private UC network with a public network. It is the interface that allows users to connect with the outside world. It also allows mobile users to connect from the outside into the private network. The public network can be the PSTN, the Internet, or a cellular provider—any network that will extend the reach of your UC system to everyone else. The data that your UC gateway processes will be voice, video, conferencing, collaboration, messaging—any service or protocol that you have chosen to implement in your UC system. The gateway can be a dedicated appliance or a generic server with software installed. It can also be a service in a provider’s cloud.
• Video: real time video calls/conferencing over an IP network.
• Real-time services: real-time UC technologies include:
- Desktop sharing - Technologies and products that allow remote access and remote collaboration on a person's computer desktop through a graphical Terminal emulator. Desktop sharing is an example of a real-time Unified Communications technology because it allows for instant, synchronous communication between users. The other formats are considered asynchronous, because a message that is delivered by the sender might not be accessed by the recipient for hours or days.
- Speech recognition - Technology that translates spoken words into text.
- Data sharing - Technologies that allow the sharing of data such as screen sharing or interactive whiteboards.
- Call control - Software that decodes addressing information and routes telephone calls from one end point to another. It also creates the features that can be used to adapt standard switch operation to the needs of users.
- Multicast vs. unicast:
--> A Multicast transmission sends IP packets to a group of hosts on a network. In other words, multicast sends data only to interested destinations by using special address assignments. Class D addresses are set aside to support multicast transmissions. Any network can use them, regardless of the base network ID. A multicast server assigns a single Class D address to all members of a multicast session. There is no subnet mask. Class D addresses are routable only with special support from routers. The technical definition of a Class D address is any address where the first octet (on the left) begins with 1110.
--> A Unicast transmission/stream sends IP packets to a single recipient on a network. In other words, unicast transmission is the sending of messages to a single network destination identified by a unique address.
• Non-real-time UC technologies include:
- Unified messaging - The integration of different electronic messaging and communications media technologies into a single interface. Traditional communications systems deliver messages into different types of stores such as voicemail systems, e-mail servers, and stand-alone fax machines. With Unified Messaging all types of messages are stored in one system.
- Voicemail - A computer based system that allows users and subscribers to exchange personal voice messages, and to process transactions relating to individuals, organizations, products and services, using a telephone.
- E-mail - A method of exchanging digital messages from an author to one or more recipients. E-mail operates across the Internet or other computer networks.
- SMS - A text messaging service component of a phone, Web, or mobile communication systems. It uses standardized communications protocols to allow fixed line or mobile phone devices to exchange short text messages.
- Fax - A telephonic transmission of scanned printed material, normally to a telephone number connected to a printer or other output device.
• QoS: Quality of Service
- DSCP: Differentiated services code point (DSCP) is a field in IPv4 and IPv6 headers and is a component that aids in QoS. It is a field in an IP packet that enables different levels of service to be assigned to network traffic.
- COS: is a parameter used in data and voice protocols to differentiate the types of payloads contained in the packet being transmitted. It aids Quality of Service (QoS) by assigning priorities to the data payload or access levels to the telephone call.
• Devices:
- UC servers: Unified communications servers provide the voice, video, fax, messaging, and more actual services that users will use. It can be a proprietary appliance bundled with the desired features and powered Ethernet switchports, or it could also be a generic server with the appropriate hardware specifications and the UC software product installed on it. As with many UC products, it can also be a virtual server in a provider’s cloud.
- UC devices: Unified communications devices are client-side devices that allow end users to use unified communications services. They can include IP or video- enabled phones, headsets, webcams and busy lights, and other meeting room devices.
- UC gateways: A Unified Communications gateway connects your private UC network with a public network. It allows users to connect with the outside world, and also allows mobile users to connect from the outside into the private network. Unified communications gateways connect your private UC network with a public network. It is the interface that allows users to connect with the outside world. It also allows mobile users to connect from the outside into the private network. The public network can be the PSTN, the Internet, or a cellular provider—any network that will extend the reach of your UC system to everyone else. The data that your UC gateway processes will be voice, video, conferencing, collaboration, messaging—any service or protocol that you have chosen to implement in your UC system. The gateway can be a dedicated appliance or a generic server with software installed. It can also be a service in a provider’s cloud.
1.11 Compare and contrast technologies that
support cloud and virtualization
• Virtualization: the act of creating a virtual (rather than actual) version of something, including virtual computer hardware platforms, operating systems, storage devices, and computer network resources. In hardware virtualization, the host machine is the actual machine on which the virtualization takes place, and the guest machine is the virtual machine. The words host and guest are used to distinguish the software that runs on the physical machine from the software that runs on the virtual machine. The software or firmware that creates a virtual machine on the host hardware is called a hypervisor or Virtual Machine Manager.
- Virtual switches: is a software application that enables communication between virtual machines. In addition to forwarding data packets, a virtual switch intelligently directs the communication on a network by checking data packets before moving them on. Virtual switches can be embedded into the virtualization software, but they can also be included in server hardware as part of server firmware. Virtual switches connect to network interface cards (NICs). A virtual NIC can connect to a virtual switch, which can be bound to a physical NIC, allowing VMs that have their virtual NICs connected to that virtual switch to access physical networks.
- Virtual routers: is a software-based routing framework that enables the host computer to act as a hardware router over a LAN. The Virtual Router Redundancy Protocol (VRRP) advertises a virtual router as the default gateway, which is backed by a group of physical routers that provide redundancy in case one fails. This helps you increase the availability of your networks. VRRP enables multiple routers on a LAN to work together sharing a single virtual IP address.
- Virtual firewall: A virtual firewall (VF) is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall. The VF can be realized as a traditional software firewall on a guest virtual machine already running, a purpose-built virtual security appliance designed with virtual network security in mind, a virtual switch with additional security capabilities, or a managed kernel process running within the host hypervisor. A virtual firewall can operate in different modes, which provide different services. A virtual firewall operating in bridge mode does not actively participate in routing the traffic, and also does not require any IP routing changes or subnetting to be inserted into place.
- Virtual vs. physical NICs: A virtual NIC can connect to a virtual switch, which can be bound to a physical NIC, allowing VMs that have their virtual NICs connected to that virtual switch to access physical networks. A virtual NIC that is bridged to a physical NIC is a true Ethernet bridge in the strictest sense. Its packets are sent on the wire with its own unique MAC address. The VMNet driver runs the bridged physical NIC in promiscuous mode so that replies to that MAC address are picked up. A VNIC is a virtualized Network Interface Card, used by a Virtual Machine as its network interface. A VNIC is assigned a MAC address. Each MAC address corresponds with a single virtual NIC, which is used by a virtual machine. You create VNICs when you create a virtual machine. To connect to a vSwitch, a virtual machine must have a virtual NIC (vNIC) mapped to it -- just like how physical machines can't connect to a network without a working network adapter. In fact, if a physical machine residing outside the virtual environment were to receive data from a vNIC associated with a virtual machine, the physical machine wouldn't be able to tell that the information was coming from a virtualized network adapter. Like pNICs, vNICs have both a MAC address and an IP address.
- Software-defined networking (SDN): is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center.
- Virtual switches: is a software application that enables communication between virtual machines. In addition to forwarding data packets, a virtual switch intelligently directs the communication on a network by checking data packets before moving them on. Virtual switches can be embedded into the virtualization software, but they can also be included in server hardware as part of server firmware. Virtual switches connect to network interface cards (NICs). A virtual NIC can connect to a virtual switch, which can be bound to a physical NIC, allowing VMs that have their virtual NICs connected to that virtual switch to access physical networks.
- Virtual routers: is a software-based routing framework that enables the host computer to act as a hardware router over a LAN. The Virtual Router Redundancy Protocol (VRRP) advertises a virtual router as the default gateway, which is backed by a group of physical routers that provide redundancy in case one fails. This helps you increase the availability of your networks. VRRP enables multiple routers on a LAN to work together sharing a single virtual IP address.
- Virtual firewall: A virtual firewall (VF) is a network firewall service or appliance running entirely within a virtualized environment and which provides the usual packet filtering and monitoring provided via a physical network firewall. The VF can be realized as a traditional software firewall on a guest virtual machine already running, a purpose-built virtual security appliance designed with virtual network security in mind, a virtual switch with additional security capabilities, or a managed kernel process running within the host hypervisor. A virtual firewall can operate in different modes, which provide different services. A virtual firewall operating in bridge mode does not actively participate in routing the traffic, and also does not require any IP routing changes or subnetting to be inserted into place.
- Virtual vs. physical NICs: A virtual NIC can connect to a virtual switch, which can be bound to a physical NIC, allowing VMs that have their virtual NICs connected to that virtual switch to access physical networks. A virtual NIC that is bridged to a physical NIC is a true Ethernet bridge in the strictest sense. Its packets are sent on the wire with its own unique MAC address. The VMNet driver runs the bridged physical NIC in promiscuous mode so that replies to that MAC address are picked up. A VNIC is a virtualized Network Interface Card, used by a Virtual Machine as its network interface. A VNIC is assigned a MAC address. Each MAC address corresponds with a single virtual NIC, which is used by a virtual machine. You create VNICs when you create a virtual machine. To connect to a vSwitch, a virtual machine must have a virtual NIC (vNIC) mapped to it -- just like how physical machines can't connect to a network without a working network adapter. In fact, if a physical machine residing outside the virtual environment were to receive data from a vNIC associated with a virtual machine, the physical machine wouldn't be able to tell that the information was coming from a virtualized network adapter. Like pNICs, vNICs have both a MAC address and an IP address.
- Software-defined networking (SDN): is an umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center.
|
• Storage area network (SAN): is a dedicated high-speed network (or subnetwork) that interconnects and presents shared pools of storage devices to multiple servers. A SAN moves storage resources off the common user network and reorganizes them into an independent, high-performance network. This allows each server to access shared storage as if it were a drive directly attached to the server. Storage-area networks are managed centrally, and Fibre Channel (FC) SANs have the reputation of being expensive, complex and difficult to manage. The emergence of iSCSI has reduced these challenges by encapsulating SCSI commands into IP packets for transmission over an Ethernet connection, rather than an FC connection. Instead of learning, building and managing two networks -- an Ethernet local-area network (LAN) for user communication and an FC SAN for storage -- an organization can now use its existing knowledge and infrastructure for both LANs and SANs. A SAN is far more complex and costly than NAS. A SAN consists of dedicated cabling (usually FC, but Ethernet can be used in iSCSI or FCoE SANs), dedicated switches and storage hardware. SANs are highly scalable and allow storage to be exposed as LUNs. In contrast, NAS storage usually exposes storage as a file system, although some NAS appliances support block storage.
- iSCSI: Internet Small Computer System Interface (iSCSI) SAN is used to facilitate data transfers over intranets and to manage storage over long distances by carrying SCSI commands over IP networks. This type of SAN is popular because it does not require an investment in expensive Fibre Channel cabling, and can run along an existing Ethernet network. - Jumbo frame: is an Ethernet frame with a payload greater than the standard MTU of 1,500 bytes. Jumbo frames can be as large as 9,000 bytes, and are used on Local Area Networks (LANs) that support at least 1 Gbps. Jumbo frames increase network performance by increasing the payload beyond the typical Ethernet maximum transmission unit (MTU). A jumbo frame is an Ethernet frame with a payload greater than the standard MTU of 1,500 bytes. Jumbo frames can be as large as 9,000 bytes, and are used on Local Area Networks (LANs) that support at least 1 Gbps. Jumbo frames still use the same headers as typical Ethernet frames. They are more efficient because more data is sent within the data portion of the frame, resulting in fewer overall frames that need to be processed at the network level. - Fibre Channel (FC): is a technology for transmitting data between computer devices at data rates of up to 16 Gbps. Optical fiber is not required for Fibre Channel. It works by using coaxial cable and ordinary telephone twisted pair. Fibre Channel is typically used for connecting computer servers to shared storage devices and for interconnecting storage controllers and drives. Fibre Channel has become a common connection type for SANs in enterprise storage. However, it is expensive, complex, and difficult to manage. - Network attached storage (NAS): is a device that is connected to the network and provides file-based data storage services to other devices on the network, while not having its own keyboard hookups or display ability. NAS is a storage appliance that is plugged directly into a network switch. NAS appliances are often used as file servers. |
• Cloud concepts: Cloud computing can be deployed following a public, private, or mixed model. Each implementation can have its own service structure, including IaaS, SaaS, PaaS, IDaaS, NaaS, etc.
- Public IaaS, SaaS, PaaS: A public cloud provides its services over a network that is open for public use. There may be little or no difference between public and private cloud architecture; however, since the services are made available for a public audience over a potentially non-trusted network, security considerations may be substantially different. Rackspace or Amazon are examples of public clouds.
- Private IaaS, SaaS, PaaS: A private cloud is cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally. A private cloud project requires a significant degree of engagement to virtualize the business environment. The OpenStack project (www.openstack.org) is the key example of a technology you could use to implement your own cloud computing infrastructure.
- Hybrid IaaS, SaaS, PaaS: A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models. Google’s “Gov Cloud” is an example. This cloud can be used by government branches within the United States, but it is not available to consumers or businesses.
- Community IaaS, SaaS, PaaS: A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure. They can be managed internally or by a third party, and either hosted internally or externally. The costs are spread over fewer users than a public cloud, but more than a private cloud.
- Public IaaS, SaaS, PaaS: A public cloud provides its services over a network that is open for public use. There may be little or no difference between public and private cloud architecture; however, since the services are made available for a public audience over a potentially non-trusted network, security considerations may be substantially different. Rackspace or Amazon are examples of public clouds.
- Private IaaS, SaaS, PaaS: A private cloud is cloud infrastructure operated solely for a single organization. It can be managed internally or by a third party, and hosted either internally or externally. A private cloud project requires a significant degree of engagement to virtualize the business environment. The OpenStack project (www.openstack.org) is the key example of a technology you could use to implement your own cloud computing infrastructure.
- Hybrid IaaS, SaaS, PaaS: A hybrid cloud is a combination of two or more clouds that remain distinct but are bound together, offering the benefits of multiple deployment models. Google’s “Gov Cloud” is an example. This cloud can be used by government branches within the United States, but it is not available to consumers or businesses.
- Community IaaS, SaaS, PaaS: A community cloud is where multiple organizations from a specific community with common interests share the cloud infrastructure. They can be managed internally or by a third party, and either hosted internally or externally. The costs are spread over fewer users than a public cloud, but more than a private cloud.
1.12 Given a set of requirements, implement a basic network
• List of requirements: for the right topology, keep in mind: cost, ease of installation, ease of maintenance, fault-tolerance requirement, security requirement.
--> Router tops the list of the most basic and important requirements for a SOHO network access. They are also the best choice to be used in small offices because of their ability of identifying IP address through each of the computing devices. Some of the good routers will also include an inbuilt option of a firewall system which also helps in preventing malicious attacks which generally comes from the files or data coming from the web.
--> All the computing devices on the SOHO network will also require a network card along with a network adapter or a network cable. This will be helping you in the process of file sharing when single computer on network known as server will be accessing the network and sharing the files with the shared computer on that network.
--> Modem is also an essential need for this network as it will be mainly responsible for receiving and communicating the signal from the service provider of the internet. Every SOHO communication makes use of a large number of apparatus to ensure that the signal is free flowing and the information is transmitted without any loss in the system.
--> Network cable is also required for this purpose. The network cable will serve as a medium and set up the link between the modem and the router. Ensure to connect the cable in the appropriate port of each side. Now, begin with SOHO by connecting the computer to the routers and the modem with internet cable.
• Device types/requirements:
• Environment limitations:
• Equipment limitations:
• Compatibility requirements:
• Wired/wireless considerations:
• Security considerations:
--> Router tops the list of the most basic and important requirements for a SOHO network access. They are also the best choice to be used in small offices because of their ability of identifying IP address through each of the computing devices. Some of the good routers will also include an inbuilt option of a firewall system which also helps in preventing malicious attacks which generally comes from the files or data coming from the web.
--> All the computing devices on the SOHO network will also require a network card along with a network adapter or a network cable. This will be helping you in the process of file sharing when single computer on network known as server will be accessing the network and sharing the files with the shared computer on that network.
--> Modem is also an essential need for this network as it will be mainly responsible for receiving and communicating the signal from the service provider of the internet. Every SOHO communication makes use of a large number of apparatus to ensure that the signal is free flowing and the information is transmitted without any loss in the system.
--> Network cable is also required for this purpose. The network cable will serve as a medium and set up the link between the modem and the router. Ensure to connect the cable in the appropriate port of each side. Now, begin with SOHO by connecting the computer to the routers and the modem with internet cable.
• Device types/requirements:
• Environment limitations:
• Equipment limitations:
• Compatibility requirements:
• Wired/wireless considerations:
• Security considerations: