-
Notifications
You must be signed in to change notification settings - Fork 0
/
slushys_network+_notes.txt
2098 lines (1353 loc) · 160 KB
/
slushys_network+_notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
======== OSI MODEL
-What is the OSI model?
It is a 7-layer theoretical model for understanding and troubleshooting computers and computer networking.
-What is Layer 1?
Physical layer, consists of hardware, electrical or light signals; it also encompasses all of the other layers.
-What is Layer 2?
Data Link Layer, it describes how computers inside of a single LAN or subnet communicate, i.e. using ARP and
MAC addresses mainly. Switches live here, unless they are multi-layer/layer 3.
-What is Layer 3?
Network layer, this allows discrete networks or subnets to communicate with one another. This process is facilitated
by routers and/or multi-layer switches. This is where IP addresses come into play.
-What is Layer 4?
Transport layer, this is where TCP/UDP ports live. These ports are used to allow computers to communicate with each other
on multiple streams simultaneously, e.g. you might request a file from your network file server and ping it at the same time,
in this scenario you would be using ports 20 and 19 at the same time.
-What is Layer 5?
Session layer, responsible for initiating, managing, and closing communication sessions between 2+ devices.
-What is Layer 6?
Presentation layer, responsible for translating data into a format that can be understood by humans.
-What is Layer 7?
Application layer, closest layer to end users. It is the layer that directly interacts with the actual applications running
on a machine.
======== DATA ENCAPSULATION
-What is an ethernet header?
The ethernet header contains information needed in order to route the packet within a LAN, e.g. source MAC, destination MAC,
File CheckSum, length of packet, etc.
-What is an IP header?
IP headers contain information needed in order to route a packet between different LANs, e.g. source IP, destination IP,
version (e.g. IPv4 or IPv6), length, total length, TTL, flags, etc.
-What is a TCP/UDP header?
TCP headers contain information needed in order to route packets to the correct ports, e.g. source and destination ports,
sequence number (for when a transmission needs to be broken up into multiple packets), flags (e.g. SYN, ACK, FIN, RST).
In contrast, UDP headers include far less information as it is not a connection-oriented protocol, e.g. source port,
destination port, length, checksum.
-What are TCP flags?
TCP flags are used to initiate, manage, control, and terminate connections: SYN is used to initiate a session, SYN/ACK is used to
agree to the session, ACK is used to acknowledge receipt of packets, FIN is used to signal that the device has finished transmitting and wants to terminate the session, RST is used to reset a session, URG is used to signal that certain data in the packet requires immediate attention, PSH is used to request immediate data delivery to the receiving application.
-What is a payload?
The actual Layer 7 data that an end user is attempting to transmit, e.g. the actual contents of an email as opposed to all of the surrounding
information that is needed in order to route the packet, translate the bits, etc.
-What is an MTU?
Maximum transmission unit, the largest packet (measured in bytes) that can be transmitted over the network; it is 1518 bytes by default,
but can also be adjusted to allow runt and jumbo packets.
========= CHARACTERISTICS OF NETWORK TOPOLOGIES AND NETWORK TYPES
NETWORK TOPOLOGIES
-What is a mesh network?
A mesh network is one where every device in the network is directly connected to all other network devices, so that transmissions do not need to pass through a central node to reach the destination; instead, it can be transmitted directly to it.
-What is a star/hub and spoke network?
Star/HnS networks contain a central node that connects to all of the other endpoints in the network. However, the endpoints do not connect directly to each other, and therefore all data must pass through the central node.
-What is a bus network?s
A bus network is one in which there is a single cable that runs along the length of the entire network, and where all endpoints connect to this cable and take turns using it to transmit data. Bus networks are half-duplex by nature, ergo they have been largely phased out in favor of full duplex networks, e.g. star or mesh.
-What is a ring network?
A ring network is one in which endpoints are connected only to the previous and the next endpoint in the topology, forming a ring shape. Data is transmitted in only one direction, and often these networks use a token to control which device is currently allowed to transmit data.
-What is a hybrid network?
A hybrid network combines characteristics of two or more network topologies, e.g. you might have a star network that also incorporates some connections between endpoints, making it somewhat like a mesh network.
-
NETWORK TYPES
-What is a peer to peer network?
A P2P network is one in which endpoints are directly connected to each other, e.g. in Limewire users share files amongst themselves instead of downloading from a centralized server.
-What is a client-server network?
A client-server network is pretty much the standard network type, e.g. a client device such as a laptop requesting a webpage from a webserver owned by Microsoft.
-What is a LAN?
Local Area Network, describes a SOHO type of network, e.g. your home network or a small business.
-What is a MAN?
Metropolitan Area Network, describes a network that spans across a few buildings in the same city, e.g. a company that runs its business out of a few buildings such as headquarters and branch offices in the same city.
-What is a WAN?
Wide Area Network, connections that span across long distance, e.g. an ISP router that connects to another ISP router several miles away, and the next one, and the next one, so that together they span across an entire country, which separate LANs that are very far away from each other to communicate. Because of their nature, WANs can use both public and private infrastructure, as well as different types of hardware and cabling.
-What is a WLAN?
Wireless LAN, it is a LAN that uses wireless signals instead of cabled connections.
-What is a PAN?
Personal Area Network, it is a network that is localized to an individual or a few individuals, e.g. a person with an iPhone who is using AirPods has a PAN set up that allows them to listen to music.
-What is a CAN?
Campus Area Networks span across the length of a college campus, e.g. an actual college, Google headquarters, etc.
-What is a SAN?
Storage Area Network, special high-speed network that separates storage from servers. The storage is centralized and is block level versus file level (NAS). They usually use fiber connections.
-What is a SDWAN?
Software-Defined WAN, applies SDN principles to WAN, e.g. centralized control which would allow admins/engineers to shape traffic and implement dynamic routing, load balancing, application visibility (allowing admins to prioritize certain apps over others), cloud integration, and more!
-What is MPLS?
Multi-Protocol Label Switching, protocol used in WANs to allow packet management using labels. It is fairly similar to VLAN tagging.
-What is mGRE?
Multipoint Generic Routing Encapsulation, came from GRE which is used to encapsulate many network protocols inside one P2P connection. mGRE expands upon this and allows for multiple endpoints to communicate using a single GRE tunnel.
SERVICE-RELATED ENTRY POINT
-What is a demarcation point?
A demarc is the physical or logical point in an organization's network where the jurisdiction of the org ends and that of the ISP begins, e.g. the network jack in the MDF that connects the organization's network to its ISP router.
-What is a smartjack?
A smartjack is a hardware device that can be placed at a demarc that offers features for monitoring the demarc, or even providing power.
VIRTUAL NETWORK CONCEPTS
-What is a vSwitch?
Virtual switch, does most everything a physical switch does, except it is virtual and lives in a virtual network.
-What is a vNIC?
Virtual NIC, does everything a NIC does except it is virtual and lives on a VM.
-What is Network function virtualization (NFV)?
Approach to networking that involves virtualizing traditional network hardware on VMs, e.g. firewalls, load balancers, routers, switches.
-What is a hypervisor?
A hypervisor is software that allows you to create and run virtual machines, e.g. Hyper-V and VMWare.
PROVIDER LINKS
-Satellite?
Satellite link uses satellites to transmit/receive data, e.g. Starlink.
-Cable?
Cable connections use existing cable TV infrastructure for internet access.
-DSL?
DSL uses traditional copper telephone lines, but in such a way that it doesn't interfere with voice transmission. Contrast with dial-up connections.
-Leased line?
Connections that are rented from a service provider, offers more privacy and reliability than non-leased lines.
-Metro-optical?
A fiber connection that is confined to a single metropolitan area.
###### CABLES AND CONNECTORS
COPPER
-Copper cables are used for ethernet, as well as all of the below cable types.
-Twisted pair?
Copper cables are twisted in order to prevent crosstalk.
-Cat5, 5e?
"e" stands for "enhanced"; Cat5 can transmit at speeds of up to 100Mbps, Cat5e can transmit at speeds of up to 1000Mbps which is 1Gbps. Cat5 is more susceptible to crosstalk and signal loss, which 5e sought to fix. Both are backwards compatible.
-Cat6, 6a?
"a" stands for "augmented"; 6 can support 1 Gbps, 6a can support up to 10 Gbps. 6 are usually UTP, 6a are usually STP. 6 is for up to 55 meters, 6a is for up to 100 meters.
-Cat7?
Support speeds of up to 10 Gbps over up to 100 meters, often use STP. Usually overlooked in favor of fiber, GG45 connector?
-Cat8?
Mostly used in data centers, server rooms, etc. Support up to 25-40 Gbps, use STP and multiple layers of shielding, GG45 connector.
-Coaxial/RG-6?
These are the same thing; used for TV, internet, comms systems. Not suitable for high-speed data transfer, such as ethernet.
-Twinaxial?
Used for transmitting high-freq electrical signals over short distances.
-Termination standards (TIA/EIA 568A & B)?
Standards for the wiring of ethernet cables, particularly TP. They specify the pin assignments and color coding for individual wires in an ethernet cable. You cannot use both in a single cable run, they must match.
A
White/Green
Green
White/Orange
Blue
White/Blue
Orange
White/Brown
Brown
B
White/Orange
Orange
White/Green
Blue
White/Blue
Green
White/Brown
Brown
FIBER
-Single mode?
Used for long-range connections, this type of fiber cable only supports one mode of light.
-Multi-mode?
Used for short range connections, this type of fiber cable supports multiple modes of light.
CONNECTOR TYPES
-Local connector (LC)?
Fiber connector, has two different fibers: send and receive.
-Straight tip (ST)?
Larger than LC and SC, bayonet-style locking mechanism, larger than other fiber connectors, has been phased out.
-Subscriber connector (SC)?
Push-pull design, square tip, SMF and MMF support.
-Mechanical transfer (MT)?
Allows for multiple fiber connections within a single connector, up to 48+. Popular in high-speed data centers.
-Registered jack (RJ)?
Commonly used in both telecomms and computer networking, most popular connectors are 11 and 45. 11 is used for connecting to analog phone systems, and 45 is used for ethernet. 45 has 8 pins and it usually used with TP cables. RJ45 cables are often referred to as "patch cables". These are NOT COMPATIBLE.
-Angled physical contact (APC)?
Designed to minimize the amount of "back reflection" or "return loss"; ergo commonly used in long range connections, high speed networks, etc.
-Ultra physical contact (UPC)?
Designed for precise and low-loss connections, used in LANs, FTTH, etc.
-RJ11?
Primarily used to connect analog telephone devices, e.g. phones, fax, modems to the telephone network.
-RJ45?
45 is used for ethernet. 45 has 8 pins and it usually used with TP cables. RJ45 cables are often referred to as "patch cables".
-F type?
Stands for "frequency", a coax connector that is used to connect to TVs, modems, satellite receivers, etc.
-Transceivers/media converters?
A transceiver is a transmitter and receiver in the same device, it can sometimes be a media converter, e.g. it receives optical signals but transmits electrical signals.
A media converter is used to convert signals from one format to another, e.g. fiber to ethernet.
TRANSCEIVER TYPE
-Small form-factor pluggable (SFP)?
Hot-swappable, modular transceiver used to allow devices to connect to network devices. SFP devices can be used to allow connectivity to copper or fiber networks. Connector types include LC and RJ45, the modularity of the SFP makes it flexible and adaptable to many different uses and network types.
-Enhanced form-factor pluggable (SFP+)?
Designed to support higher data rates, they are backwards compatible. Optical transceivers can be SR, LR, ER, and more. They have become the standard in data centers, cloud environments, etc.
-Quad small form-factor pluggable (QSPF)?
"Quad" refers to the four separate channels that this type of transceiver supports. Comes in many different form factors (data rates).
-Enhanced quad small form-factor pluggable (QSFP+)?
Higher data rates and better performance than QSFP, but is backwards compatible.
CABLE MANAGEMENT
-Patch panel/bay?
A panel used in data centers, server rooms, etc. to facilitate the connection of COPPER cables to their respective endpoints.
-Fiber distribution panel?
Fiber equivalent of a patch panel.
-Punchdown block?
Hardware used to terminate and organize twisted pair cables.
-66?
Older type, used in phone systems.
-110?
Newer, used for computer networking and telecomms.
-Krone?
A brand of punchdown blocks, can be 66 or 110.
-Bix?
A different type of PDB, made by company 3M.
ETHERNET STANDARDS
-Baseband?
Baseband is a mode of data transmission that does not require modulation, i.e. converting a signal from one type to another. For instance, a modem is a networking device that converts digital signals (which is what computers use) to analog (e.g. telephone) in order to transmit computer data over telephone infrastructure. Baseband also uses the entire bandwidth for a single channel, whereas broadband uses the bandwidth for multiple channels.
COPPER
-10Base-T?
One of the original Ethernet standards defined in 802.3; "10" means 10 Mbps, "Base" means baseband transmission, and "T" means twisted pair.
-100Base-TX?
Ethernet standard, 100 Mbps, uses CAT5 and higher cables, RJ45 connectors, star topology, full duplex.
-1000Base-T?
1000 Mbps = 1 Gbps, Gigabit Ethernet, baseband, uses TP cables, CAT5e or higher cables with RJ45, uses all four pairs of wires in cable,
-10GBase-T?
10 Gbps, 10G Ethernet, CAT6a and above, TP; cons include high power requirements and signal degradation over long distances.
-40GBase-T?
40 Gbps, 40G ethernet, CAT8 and above, TP; max transmission distance is 30 meters.
FIBER
-100Base-FX?
Fast ethernet, 100 Mbps, "FX" means fiber optic, SC or ST connectors.
-100Base-SX?
Fast ethernet, 100 Mbps, "SX" means short wavelength multi-mode fiber, SC or ST connectors, max length is 900 feet.
-1000Base-SX?
Gigabit ethernet, 1000 Mbps, "SX" means short wavelength multi-mode fiber, SC or LC connectors, max length is 1800 feet.
-1000Base-LX?
Gigabit ethernet, 1000 Mbps, "LX" means long wavelength for SMF or MMF, up to 6.2 miles with SMF, up to 1800 feet with MMF.
-10GBase-SR?
10G ethernet, 10 Gbps, "SR" means short range and MMF, short wavelength optical signals, usually uses LC, max length about 984 feet using OM3 fiber, and 1312 feet using OM4 fiber.
-10GBase-LR?
10G ethernet, 10 Gbps, "LR" means long range and SMF, long wavelength optical signals, usually uses LC connectors, max length is about 6.2 miles.
-Coarse wavelength division multiplexing (CWDM)?
Allows for transmitting multiple data channels over a single cable by using different wavelengths of light (colors), used for shorter distances (e.g. MAN) and lower capacity requirements.
-Dense wavelength division multiplexing (DWDM)?
As its name suggests, the different wavelengths of light are closer together, high capacity, can support 80-100 channels in a single cable, can transmit over hundreds or thousands of miles, protocol agnostic.
-Bidirectional wavelength division multiplexing (WDM)?
Allows for the simultaneous bidirectional transmission (send/receive) of optical signals on a single fiber using two different wavelengths of light. Traditional WDM only allows for unidirectional transmission or reception over a single fiber.
######## IP ADDRESSING
PUBLIC AND PRIVATE
-RFC1918?
"Address allocation for private internets", defines three ranges of IP addresses for use in private networks:
10.x.x.x
172.16.x.x - 172.31.x.x
192.168.x.x
-NAT?
Network address translation, protocol that converts public IP addresses into private ones, and vice-versa.
-PAT?
Port address translation, component of NAT, uses Layer 4 port numbers to keep track of which host in the internal network should receive which packets. This is because the entire internal network uses a single IP address, ergo PAT is used to keep track of which packets go to which host in the network.
IPv4 vs IPv6
-Automatic Private IP?
Feature of MS windows, it is an address in the 169.254.x.x/16 range that gets assigned to a DHCP client when it can't reach the DHCP server. APIPA provides local connectivity, but no internet access.
-EUI-64?
Extended Unique Identifier-64, used in IPv6 networks to create interface IDs for network devices based on their MAC address, especially in SLAAC.
-Multicast?
A mode of packet delivery that entails sending the same data from one source to multiple destination.
-Unicast?
A mode of packet delivery that entails sending data from one source to one destination.
-Anycast?
A mode of packet delivery that involves sending data from one source to one destination IP address, however in Anycast multiple endpoints are configured with the same IP address and the actual destination is based upon geographic proximity to the source. Example: Amazon.com might have hundreds of webservers configured with the same IP address, which webserver actually receives and serves requests is based on the location of the client.
-Broadcast?
Unlike the other modes of communication, broadcast only exists in IPv4 and not IPv6. This is because it requires a lot of overhead, which the engineers behind IPv6 did not want included. Broadcast traffic involves sending the same data from one source to every other endpoint on the same subnet.
-Link local?
IPv6 feature, it is an address that gets assigned automatically to all devices in a subnet. It is used only for communicating within that same subnet. The address is often generated by individual devices, in a non-centralized manner, using SLAAC.
-Loopback?
Loopback address in IPv4 is 127.0.0.1. It always points to the localhost, it is often used for testing connectivity issues while bypassing the physical layer. In IPv6, the address is ::1.
-Default gateway?
This is the IP address of the router or multilayer switch interface that faces the internal network/subnet. It is the gateway to other networks, including the internet, hence the name.
IPv4 SUBNETTING
-Classless (VLSM)?
Classless routing simply means it does not use classful routing, which assigns subnet mask based on the value of the first byte in the IP address. Variable length subnet masking means the same thing, the subnet mask is not determined by IP address range.
-Classful?
*With the exception of the private IP address ranges:
A = 1.0.0.0 - 126.0.0.0, /8
B = 128.0.0.0 - 191.255.0.0, /16
C = 192.0.0.0 - 223.255.255.0, /24
D = Multicast group addressing = 224.0.0.0 - 239.255.255.255
E = Experimental use = 240.0.0.0 - 255.255.255.255
-CIDR?
Classless Inter-Domain Routing, more efficient subnet mask notation than standard decimal or binary notation. It used a slash followed by the number of 1s in your subnet mask, e.g. /8 = 255.0.0.0 = 11111111.0.0.0
IPv6 CONCEPTS
-Tunneling?
Process of encapsulating IPv6 packets inside of other protocols (e.g. IPv4) in order to transmit IPv6 packets over networks that may not natively support it.
-Dual stack?
Simultaneous use of both IPv4 and IPv6 in the same network and/or devices. Devices have both v4 and v6 addresses, apps running on the network can work with both v4 and v6, etc.
-Shorthand notation?
Leading zeros can be omitted, both within the 16-bit blocks and the entire IPv6 address, e.g. "2001:0db8" is also "2001:db8". A single set of consecutive blocks of zeros can be shortened to "::", e.g. "2001:0000:0000:0000:2022:EFFBAB" = "2001::2022:EFFBAB". A single block of zeros can be shortened to just one zero, e.g. "0000" = "0".
-Router advertisement?
Component of NDP, neighbor discovery protocol. Responsible for stateless autoconfiguration, address resolution, duplicate address detection, etc.
-SLAAC?
StateLess Address AutoConfiguration, replacement for DHCPv6. Allows devices on IPv6 networks to configure their IP addressing without a centralized (e.g. DHCP) service.
-Virtual IP (VIP)?
Associated with a service or resource that lives in the network, rather than a host. This is done for load balancing and network management purposes.
-Sub-interface?
An interface on a router or switch configured as part of a VLAN. It is associated with a physical interface on the network device, and relies upon it being up and operational, but it is not the same thing as the physical interface, i.e. the physical interface and its subinterface(s) do not belong to the same (V)LANs.
##### PORTS AND PROTOCOLS
-FTP?
File Transfer Protocol, TCP port 20/21 (20 is used for control, 21 is used for data) used for sending/receiving files, usually from a fileserver. Can also be from just any host to another, still using client-server architecture. Insecure because it transmits in plaintext.
-SSH?
Secure SHell, TCP port 22, used for remote terminal connections. This is the gold standard of remote terminal connection protocols and many other protocols rely on it for their secure communications.
-SFTP?
Secure/SSH File Transfer Protocol, uses SSH for secure connections. SFTP uses port 22 only, making it easier on firewalls than FTP (which uses 20 and 21).
-Telnet?
Remote terminal connection protocol, TCP port 23, vastly insecure because it transmits everything in plaintext.
-SMTP?
Simple Mail Transfer Protocol, TCP port 25, used for transmitting emails. Uses client-server architecture, where the client is the sender's email client or server and the server is the destination mail server. Sends emails between clients and relays emails between different email servers. This protocol is NOT used for retrieving emails from the inbox/mailserver.
-DNS?
Domain Name System, TCP port 53, used mainly for resolving domain names to IP addresses but can also be used for other things, e.g. resolving IP addresses to domain names.
-DHCP?
Dynamic Host Configuration Protocol, UDP port 67/68, used for automatically assigning IP addressing information to all of the DHCP server's clients. Port 67 is used by the DHCP server to listen for incoming requests, port 68 is used by DHCP clients to listen for responses from the DHCP server.
-TFTP?
Trivial File Transfer Protocol, TCP port 69, used for transferring smaller files than FTP. It is not very secure, so should not be used to transmit sensitive information. It is often used to transfer router/switch configuration files across a network, etc.
-HTTP?
HyperText Tranfer Protocol, TCP port 80, used for requesting and sending HTML files, i.e. webpages. This is a vastly insecure protocol as it transmits everything in plaintext, it was replaced by HTTPS.
-POP3?
Post Office Protocol 3, TCP port 110, used for retrieving emails from the mail server to the mail client.
-NTP?
Network Time Protocol, TCP port 123, used to keep date and time settings on network devices in sync.
-IMAP?
Internet Message Access Protocol, TCP port 143, used for accessing and managing email messages stored on a remote mail server. It is more advanced than POP3, it has more features for managing email.
-SNMP?
Simple Network Management Protocol, UDP port 161/162, 161 is used by SNMP clients to listen for instructions from the SNMP server, 162 is used by the SNMP manager to listen for incoming traps. SNMP is used for managing and monitoring network devices from a SNMP manager (management systems).
-LDAP?
Lightweight Directory Access Protocol, TCP port 389, used for directory services, i.e. a centralized database that stores information about users, groups, devices, and other resources in a network or organization. In particular, LDAP is designed for querying and modifying directory information. LDAP uses client-server architecture. EXAMPLE: Microsoft Active Directory uses LDAP.
-HTTPS?
HTTP Secure, TCP port 443, uses SSL/TLS to encrypt traffic; like HTTP it is used for transmitting HTML files, i.e. webpages.
-SMB?
Server Message Block, TCP port 445, used for file, printer, and resource sharing on LANs. Doesn't just run on Windows, it also works for other OSes.
-Syslog?
Protocol for aggregating and managing network logs, uses TCP port 514, it receives logs from all network devices and stores them in a central location (Syslog server).
-SMTP TLS?
TLS version of SMTP, uses TCP port 587; adds authentication, encryption, and data integrity to standard SMTP. Please note that only the traffic between mail servers is encrypted, for full end-to-end encryption you can use PGP, etc.
-LDAPS?
LDAP over SSL, TCP port 636, uses encryption and digital certificates. Enhances security be encrypting data sent between LDAP client and server, uses encryption, authentication, and certificates.
-IMAPS?
IMAP over SSL, uses TCP port 993, adds encryption and authentication to IMAP.
-POP3S?
POP3 over SSL, uses TCP port 995, adds encryption and authentication to POP3. Less commonly used than IMAPS.
-SQL Server?
Structured Query Language, uses TCP port 1433, relation database management system (RDBMS) developed by Microsoft. Stores, manages, and retrieves data as requested by apps and services.
-SQLnet?
Aka Oracle Net, uses TCP port 1521, enables communication between Oracle SQL servers and clients. Uses authentication and encryption.
-MySQL?
Uses TCP port 3306, open source RDBMS developed by Oracle. Uses authentication, access control, encryption, designed to handle both small and large datasets. It is cross-platform.
-RDP?
Remote Desktop Protocol, uses TCP port 3389, used for remote desktop connections to Windows machines. There are clients for other operating systems, but they are still used to connect to Windows machines as their only targets.
-SIP?
Session Initiation Protocol, uses TCP port 5060/5061. 5060 is used for unencrypted communication, 5061 is used to add encryption. SIP initiates, manages, and ends sessions, e.g. VoIP.
IP PROTOCOL TYPES
-ICMP?
Internet Control Message Protocol, doesn't use a TCP port because it is a protocol that lives in the lower levels of the OSI model. ICMP is most commonly used with the 'ping' command to test network connectivity and interface status of network devices. More widely, it is used for network diagnostics and troubleshooting.
-TCP?
Connection-oriented protocol, three-way handshake, uses port numbers assigned to specific protocols and communication channels. TCP is used when a reliable connection is needed, e.g. when sending important information which you want to make sure will be received.
-UDP?
Connectionless protocol, used when speed is more important than reliability, e.g. on a video call. Some packets will not reach the destination, but since it's a video chat, it will just pick up from the next packet from the one that got lost.
-GRE?
Generic Routing Encapsulation, allows for transmitting multiple data streams and/or protocols over a single channel.
-IPSec?
Suite of protocols used to secure communication over IP networks, namely the internet. Examples: VPNs, Transport mode (encrypt only the payload), Tunnel mode (encrypt entire packet); Protocols: AH, ESP. Many IPsec implementations use both AH and ESP (see below).
-AH/ESP?
Authentication Header/Encapsulating Security Payload. AH provides authentication and data integrity for IP packets, no encryption. ESP provides encryption and data confidentiality.
-Connectionless vs Connection-Oriented Protocols?
Connectionless protocols use UDP ports, connection-oriented protocols use TCP ports. Connectionless protocols are favored when speed is more important than reliability, e.g. video calls. It doesn't matter if a few packets in the video call session get dropped, the video and audio will still be more than comprehensible.
###### NETWORK SERVICES
DHCP
-Scope?
DHCP scope defines the range of IP addresses that will be served by the DHCP server, e.g. 192.168.0.0 - 192.168.255.255.
-Exclusion ranges?
These are IP address ranges within a scope that will NOT be served by the DHCP server.
-Reservation?
These are specific IP addresses that are set aside for specific hosts, based on its MAC address.
-Dynamic assignment?
This is when DHCP is used for IP addressing, it's called dynamic because the address leases expire after a certain amount of time and have to be renewed. Ergo dynamic IP addresses are not permanent.
-Static assignment?
This is when IP addressing is NOT configured with DHCP, rather it is done manually or with a script. In any case, these addresses do not expire on their own, which makes static assignment useful for configuring IP addressing on servers and other key network devices.
-Lease time?
This is the amount of time that DHCP clients will retain their IP addressing that was assigned by the DHCP server. The default lease time is around 8 days, although it depends on the DHCP server configuration.
-Scope options?
Other settings that the DHCP server provides to its clients that aren't just IP address, e.g. subnet mask, default gateway, DNS server, domain name, and much more.
-Available leases?
DHCP IP addresses that are available.
-DHCP relay?
Usually a router, can also be a network service, it intercepts DHCP Discover broadcasts and forwards it to the DHCP server as a unicast transmission. This is necessary because by default routers filter broadcasts and confine them to their respective subnets, so if DHCP relay isn't configured then probably most network devices would not be able to acquire IP addressing information via DHCP.
-IP helper/UDP forwarding?
Similar to DHCP relay, but can be used for other protocols other than DHCP. However, it only works for UDP protocols.
DNS
Record Types
-A vs AAAA?
A records are the most basic DNS record, they map domain names to IP addresses. AAAA records map domain names to IPv6 addresses.
-CNAME?
These are alias records, they redirect one domain name to another.
-MX?
Mail records, these point the mail servers of a given domain.
-SOA?
Start of Authority, these contain administrative information about the domain, e.g. the admin, their email, etc.
-PTR?
These map IP addresses to names, you can think of them as reverse A records.
-TXT?
These provide additional information about the domain, such as the services running on it or details about the configuration of the domain. Often used to provide information about DKIM, SPF, DMARC, etc.
-SRV?
Service records, these contain information about services running in the domain, e.g. service name, protocol, port, priority, etc.
-NS?
Name Server record, this point to the DNS servers that serve the domain.
GLOBAL HIERARCHY
-Root DNS servers?
These are the uppermost DNS servers in the DNS architecture, which relies on delegation for most name resolution on the internet. There are about 13 root DNS servers that serve the entire world, maintained by various technological organizations. In turn, these point to lower-level DNS servers that serve particular subdomains of the internet, e.g. '.com' or '.net'.
-Internal vs External DNS?
Internal DNS does not require delegation because the network DNS server is the one that holds the records for the domain, i.e. the authoritative DNS server resides on the domain. External DNS, which resolves names to IP addresses on the global internet, does rely on delegation to root DNS servers because the authoritative DNS server resides outside of the source's domain. Therefore communication with several other DNS servers is usually necessary to resolve a name.
-Zone transfer?
A DNS zone is similar to a DHCP scope, it describes the configuration of the domain as a whole. Ergo, a zone transfer entails passing along the entire DNS configuration of a domain, usually from the authoritative DNS server to a secondary DNS server.
-Authoritative Name Server?
The name server that is considered to hold the official DNS records for a zone/domain. DNS records and/or configuration can only be changed from the authoritative server.
-TTL?
Every DNS record has a time to live, which tells the DNS server or host how long that information will remain valid. After it has expired, the server or host can then submit another query.
-DNS cache?
One of the foundational principles of DNS is that every host is ultimately responsible for its own name resolution, even if it often needs to delegate this process to one or more DNS servers. As such, every host also has its own DNS cache, which is used to expedite the process of name resolution in the case that the particular domain name is one with which communication occurs often. Unfortunately, the cache can also cause connection issues if the DNS information in the cache is outdate, which is why the cache has a TTL or can be flushed manually.
-Reverse DNS/reverse lookup?
Just what it sounds like, instead of resolving a name to an IP address, reverse lookup resolves an IP address to a name.
-Forward DNS/forward lookup?
Standard DNS lookup, resolving a name to an IP address.
-Recursive/iterative lookup?
Recursion is the process of delegating a DNS query to a DNS server, be that the local DNS server or the root servers that serve the entire world. The DNS client does not actually get involved in the process.
Iterative lookup is when the DNS server simply points the client in the direction of the DNS server(s) that will help them resolve the name they are attempting to reach.
NTP
-Stratum?
Strata are hierarchies in NTP that are assigned to timekeeping devices to denote their level of accuracy and proximity to a time source, e.g. stratum 0 devices are the most accurate, a stratum 3 device or program would be considered significantly less accurate.
-Clients?
NTP clients are devices that sync their internal clocks up with an external timekeeping device or program.
-Servers?
NTP servers have synchronized their own clocks with highly accurate sources, such as atomic clocks or GPS satellites.
BASIC CORPORATE AND DATA CENTER NETWORK ARCHITECTURE
THREE-TIERED
-Core?
One of three primary layers, aka backbone, central park of network infrastructure. Primary function is to provide high-speed connectivity to entire network. Probably includes high-speed switches, routers, and fiber connections. Common protocols include BGP and MPLS.
-Distribution/aggregation layer?
Connects core layer to the access layer, it is an intermediary. Connects multiple access layer segments to core layer, aggregating traffic from multiple access-layer devices and routing toward destination. Routing and filtering, VLAN support, aggregation of WAN connections. Protocols include OSPF, EIGRP, etc.
-Access/edge?
Connects end-user devices to the network, called edge because endpoints are usually located there. VLANs, security and access control; connects to distribution layer. Uplinks or trunklinks are used to aggregate access-layer switch and then carry it to distribution layer. Low latency is a must.
SOFTWARE-DEFINED NETWORKING
-Application layer?
Closest to administrators, application layer is where the programs that allow humans to give instructions to the control layer run. SDN apps interact with SDN controller through APIs.
-Control layer?
Seat of the SDN controller, this layer tells the infrastructure how to route and manage traffic. The SDN controller translates high-level instructions from App Layer to low-level instructions to be executed at this level. Communicates with infrastructure devices through southbound APIs to manage the network.
-Infrastructure layer?
This is where the physical equipment lives, e.g. routers, switches, cables.
-Management plane?
One of three planes, including control and data planes. This plane is responsible for overall management, configuration, monitoring, maintenance, etc. of the SDN architecture. Often involves human administrators who interact with the SDN controller. Security rules, such as ACLs and firewalls, are configured on this plane; also software/firmware updates and patches.
SPINE AND LEAF
-Software-defined networking?
SDN is an improvement on traditional network infrastructure because it centralizes management of networking devices into an SDN controller. SDN applications are used by administrators to pass instructions to the controller, which then enforces the configuration on all networking devices.
-Top-of-rack switching?
ToR, network design that involves placing physical switches at the top of each cabinet or rack of servers in the data center. Advantages include: proximity to servers, ease of switch management, cost efficiency, easier cable management, etc. May not be suitable for all datacenter environments.
-Backbone?
Core of the network, connects the various disparate segments and allows them to communicate. Must have high capacity, many connections, high-power networking equipment. Also security, e.g. firewalls, ACLs.
TRAFFIC FLOWS
-North-South?
Describes data flowing between different networks, e.g. a datacenter granting access to their network to an authenticated user.
East-West?
Describes data that flows between devices on the same network, e.g. a datacenter has to communicate with another datacenter owned by the same company.
Branch office vs On-premises?
A branch office is an extension of the headquarters of an organization. It will not contain the exact same equipment as the headquarters, but it will provide access to the network and have some data needed to run the branch office operations.
On-premises, or headquarters, will store a lot more data, have a better network infrastructure as it needs to communicate with all branch offices, and have many more people physically working there, probably with better security.
-Datacenter vs Colocation?
Datacenters can be owned outright or the space can be rented out, but the organization is responsible for the equipments, maintenance, power, HVAC, etc.
Colocations are owned by a third-party provider and are rented out, including the space, power, HVAC, and network connectivity. Different organizations rent under the same roof, and each organization then becomes responsible for any additional equipment they need to install.
STORAGE AREA NETWORKS (SAN)
CONNECTION TYPES
-Fiber channel over ethernet (FCoE)?
These are Fiber Channel frames encapsulated inside of Ethernet frames. Relies on CNAs, Converged Networks Adapaters, which support both Ethernet and FC protocols. They can also encapsulate in the other direction. Conventional ethernet switches can support FCoE if they in turn support DCB.
-Fibre channel?
Primarily used in SANs and data centers, designed for fast and reliable connections. Uses FC switches, supports zoning, supports virtualization. Does not use IP!
-Internet Small Computer Systems Interface (iSCSI)?
Network protocol that facilitates block-level data transfer across a network. Allows a host to connect to a remote storage device, e.g. disk arrays, storage servers, or a NAS system. There are initiator and target systems, supports authentication and security, commonly used in virtualization environments. More cost-effective and easier to implement than FC, however it probably cannot match FC performance.
SUMMARIZE CLOUD CONCEPTS AND CONNECTIVITY OPTIONS
DEPLOYMENT MODELS
-Public?
Examples: Azure, AWS. The equipment is owned by the provider and can be rented out by anyone who wants to pay and meets requirements.
-Private?
All network infrastructure is owned and managed by a single organzation, e.g. routers, switches, servers, storage. Can be managed by the organization's IT department or to a cloud service provider.
-Hybrid?
Combines elements of public and private cloud architectures.
-Community?
Rented out from a provider to a group of organizations, usually sharing some common goal or mission.
SERVICE MODELS
-Software as a Service (SaaS)?
This model entails offering only the software to clients, which means the infrastructure and platform are owned and managed by the service provider, e.g. ChatGPT is a web app that is accessed through a browser.
-Infrastructure as a Service (IaaS)?
Infrastructure refers to the physical equipment that runs networks, e.g. routers, switches, servers, storage. The client rents out the infrastructure and then configures and maintains it. Example: Azure with Virtual Machines.
-Platform as a Service (PaaS)?
This model entails providing a ready-to-go platform for software development. The developers will have everything they need to start building their apps, which saves them the time and effort involved in configuring their own development environments. Example: Heroku.
-Desktop as a Service (DaaS)?
This model entails hosting virtual desktops on service-provider infrastructure and then allowing end users from a client organization to connect to them and use them. This saves organizations money and time which they would otherwise have to spend on acquiring, configuring, and maintaining the equipment.
INFRASTRUCTURE AS CODE
-Automation/orchestration?
Process of deploying, managing, and scaling infrastructure and services using code and scripts.
CONNECTIVITY OPTIONS
-Virtual private network (VPN)?
An app that creates a secure tunnel between the endpoint on which it is run and the destination. The traffic is routed through a VPN server. In an enterprise setting, it is often used to provide remote access to the organization's network.
-Private-direct connection to cloud provider?
A dedicated network link that connects a client's on-premises architecture directly to a cloud provider's data center.
-Multitenancy?
Model that allows a single instance of a software application to serve multiple customers or tenants. Clients/tenants share the same infrastructure, e.g. servers, network devices, storage; however they are logically isolated from one another.
-Elasticity?
Usually used in cloud computing, refers to the property of a given technology to be scaled up or down to meet shifting business demand. Examples: on-premises infrastructure is not very elastic, whereas cloud infrastructure is highly elastic.
-Scalability?
Refers to the ability of a particular technology or approach in IT to be implemented multiple times in order to expand operations. Example: cloud is generally highly scalabale, because all you have to do is go on the cloud management console and pay the extra money required to expand your cloud infrastructure or access.
-Security implications?
This is a hotly debated topic, however the consensus seems to be that as long as the cloud provider is of good repute (e.g. Microsoft, Amazon), security should be comparable to hosting your data on-premises. It could also depend on what level of service you are subscribed to, e.g. SaaS entails the provider managing most of the underlying security, whereas IaaS could require a higher level of involvement on the part of client re. security.
COMPARE AND CONTRAST NETWORKING DEVICES
NETWORKING DEVICES
-Layer 2 switch?
Traditional switch, routes packets within a LAN/subnet. Each switchport creates a separate collision domain. This switch keeps an ARP table that maps IP addresses to MAC addresses; it can forward, flood, or filter packets. If it receives a broadcast, it will flood it; only routers and L3 switches drop broadcast packets.
-Layer 3 capable switch?
Newer type of switch, is able to route IP traffic like a router does, including between VLANs. Still has all the functionality of a layer 2 switch, but with more features. These switches are usually configured to drop broadcast packets, just like layer 2 switches.
-Router?
Routers route traffic between different LANs/subnets/VLANs. They create separate collision and broadcast domains at every interface. They can be configured to use VLANs and subinterfaces, they can also be configured with various routing protocols, e.g. RIP, OSPF. They keep routing tables for routing to different networks, and ARP tables to route within their own networks.
-Hub?
Hubs are simple layer 1 devices that can be thought of simply as bit repeaters. Every packet they receive into one interface they then transmit out of all of their other interfaces.
-Access point?
Wireless Access Point, it is a device (often a router) with a cabled connection to a network that allows endpoints to connect to it wirelessly for their own internet/intranet access. In 2023, WAPs should be using WPA2 or WPA3 for security. They broadcast their SSIDs so that end users will be able to identify them.
-Bridge?
A network bridge is an extender or connector between different network segments. Can be a device or software, can also be wired or wireless. Whereas routers separate network segments, bridges connect separate network segments as if they were a single segment. Bridges filter or forward traffic based on MAC addresses.
-WLAN controller?
Centralized networking device that controls multiple WAPs in a WLAN. WAPs can be configured with addressing information, security policies, authentication encryption, SSIDs, firmware, etc. all by using the controller.
-Load balancer?
Device or software that is responsible for distributing traffic loads across networking devices as evenly and efficiently as possible. Essential component of cloud and data center architectures.
-Proxy server?
This is a server through which traffic from and for another endpoint is channeled. Proxy servers are for various purposes, including security ( e.g. IP masking, encrypted tunneling, content filtering. Other purposes include improved performance (load balancing), anonymity, and access control. Example: the proxy might make a web request to an external webserver on behalf of a client, but it might make changes to the request packet before it does, e.g. caching content, filtering content, adding security headers. Primary types are forward proxy and reverse proxy.
-Cable modem?
AKA DOCSIS modem. Modems are used to modulate (convert) signals from digital to analog (telephone), and vice-versa, in order to allow end users to access the internet using, in this case, cable TV infrastructure.
-DSL modem?
Digital subscriber line, this type of modem is used for transmitting digital signals over telephone lines, which is why it is so much faster than dial-up, which transmits analog signals. Unlike dial-up, DSL allows for both voice and data to be transmitted/received simultaneously, using filters/splitters to separate the signals. Dial-up only allows users to transmit voice or data, but not both. DSL also uses technologies such as advanced modulation and FDM to achieve its higher speeds.
-Repeater?
Layer 1 devices, these are used to extend the reach of a network by amplifying or regenerating signals. Can be wired or wireless, can introduce some latency as amplification/regeneration can take some time.
-Voice gateway?
Networking device that serves as an interface between traditional analog or digital telephone networks (e.g. PSTN) and IP-based networks (e.g. VoIP). They convert and transmit the signals so that these different types of networks can communicate with each other.
-Media converter?
Device used to convert signals from one format to another, typically fiber (light) to copper (electrical).
-Intrusion prevention system (IPS)?
This is software that monitors the network or host for threats, however unlike an IDS it will also take action if it detects a(n) (potential) attack.
-Intrusion detection system (IDS)?
Software that monitors the network or host for threats, unlike an IPS it will not take action to manage the risk but can be configured to send alerts if a potential attack is detected. IPS examples: can alter, redirect, or drop network traffic to prevent attacks. Since an IPS makes so many decisions and takes so many actions automatically, there is a lot of room for error and hence it makes sense why an IDS would be preferred in some situations.
-Firewall?
Device or software that blocks certain traffic based on its configured ACLs. An ACL is an access control list, it is used to allow or block certain types of traffic based on certain characteristics, e.g. source IP or destination port.
-VPN headend?
AKA "VPN gateway", device or server that serves as the entry point or endpoint for a VPN. It receives incoming VPN connections and manages the authentication and encryption. It establishes the encrypted tunnels that connect with remote clients and/or branch offices. The headend/gateway can perform NAT, usually supports multiple protocols, and can be configured with security policies.
NETWORKED DEVICES
-Voice Over Internet Protocol (VoIP)?
Technology that allows for voice transmission, similar to traditional telephone, over IP networks. Converts audio signals into digital data.
-Printer?
A network printer is configured with the IP addressing information that other network endpoints have, e.g. host address, subnet mask, default gateway. This way it can receive print jobs from over the network, versus needing to connect to it with a USB cable. In larger networks, there may even be a print server. Advantages include centralized management and ease of access.
-Physical access control devices?
Devices that control physical access to a building or other restricted area, e.g. a vestibule.
-Cameras?
Network or IP camera, transmits audio and video over the network. Can be wired or wireless, if wired can support PoE.
-HVAC sensors?
Sensors in IT environments (data centers, server rooms, etc.) that are used to monitor the HVAC conditions. Environmental factors that are monitored: temperature, ventilation, airflow, pressure, leaks, light.
IoT
-Refrigerator?
Fridge with IP addressing, connected to a network. Features can include inventory tracking, temperature control, energy management, automated ordering, security, data analytics, etc.
-Smart speakers?
Support AI and cloud connectivity, since they rely on voice recognition for their commands. Usually also offer AI assistants, e.g. Alexa.
-Smart thermostats?
Includes remote control, learning algorithms, and integration with other smart home devices. Can also support virtual assistants.
-Smart doorbells?
Includes internet connectivity and video streaming, two-way audio, motion detection, cloud storage, integration with other smart devices.
-ICS/SCADA?
Industrial Control Systems/Supervisory Control And Data Acquisition, these are control and automation systems for industrial environments, i.e. "IT without carpet". The two main cateogies of ICS are process control systems (general, large scale) and discrete control systems (specific, small scale). Technically, SCADA is a subset of ICS that focuses on data aggregation, monitoring, and analysis. SCADA features include remote monitoring, data acquisition, control, security.
COMPARE AND CONTRAST ROUTING TECHNOLOGIES AND BANDWIDTH MANAGEMENT CONCEPTS
ROUTING
-Dynamic routing?
Relies on routing protocols, e.g. RIP, OSPF. Routing tables are configured automatically via inter-router communication. Best routes are calculated automatically based on factors such as distance, link state, connection speed, etc.
PROTOCOLS
-RIP?
Router Information Protocol, one of the earliest dynamic routing protocols. It is a distance-vector protocol, which means it makes routing decisions based on how many hops are needed to reach the destination. While it does offer low overhead, it is considered primitive because hop count is not actually a very good metric for determining the best route to a destination. Other factors need to be taken into consideration, such as the link state.
-OSPF?
Open Shortest Path First, designed to work within a single AS, it is perhaps the gold standard of dynamic routing protocols. OSPF is a link-state protocol, which means it takes into account the bandwidth of any connection that it may choose to add to its routes. The metric OSPF uses is "cost": the lower the cost of a route, the higher the preference OSPF will give to it, because lower-cost routes have connections with higher bandwidth.
-EIGRP?
Enhanced Interior Gateway Routing Protocol, a Cisco proprietary technology for dynamic routing which uses and advanced distance-vector protocol. This means that it utilizes features of both distance-vector and link-state protocols, taking into account bandwidth, delay, reliability, load.
-BGP?
Border Gateway Protocol, used for routing between separate ASes (Autonomous Systems), i.e. between different networks run by different organizations. It is the most widely used exterior gateway protocol, meaning that it is used for dynamic routing over the internet as a whole rather than smaller subnets in the same wider network.
-Link state?
A type of dynamic routing protocol that determines the best route based on connection bandwidths. Routers and multilayer switches running this protocol keep a link-state database and use LSAs (link-state advertisements) to share information and determine best routes. Examples: OSPF, IS-IS.
-Distance vector?
A type of dynamic routing protocol that determines the best route based on hop count. DV routers/switches send routing updates to each other periodically. Examples: RIP.
-Hybrid?
Combines elements of both DV and LS routing protocols. Example: EIGRP.
-Static routing?
Routes that are configured manually by the admin/engineer. Advantages include less overhead, predictability, reliability. Would only recommend for smaller, simpler networks.
-Default route?
Typically specified as an IP address, which belongs to the default gateway or the router that connects the LAN to the internet. In IPv4, it is typically represented as 0.0.0.0/0, it is used when the router has no other route the destination.
-Administrative distance?
Numerical value that represents the level of preference or trustworthiness assigned to a particular route. Lower value means more trustworthiness. Directly connected routes have the lowest AD value, 0 or 1. Static routes usually have an AD value of 1, dynamic routes vary. AD values can also be configured manually.
-Exterior vs Interior?
Exterior routing protocols handle routing between different ASes, the most widely used example is BGP. Interior routing protocols handle routing within a single AS, these protocols are more numerous: RIP, OSPF, IS-IS, etc.
-Time to Live?
The maximum number of hops a routing update can travel before it is considered to be invalid and gets dropped.
BANDWIDTH MANAGEMENT
-Traffic shaping?
The practice of configuring a network and its devices to route the traffic in a specific manner, e.g. to prioritize data from certain applications over others, load balancing, using specific routes and/or devices for certain traffic.
-Quality of Service (QoS)?
Principle that prioritizes certain types of network traffic over others, e.g. audio and video at an organization that relies on virtual meetings to conduct business.
CONFIGURE AND DEPLOY COMMON ETHERNET SWITCHING
-Data VLAN?
A VLAN configured for data exchange, can be useful for security and segmentation.
-Voice VLAN?
Designed for VoIP traffic, used to prioritize and optimize the voice data transmission.
PORT CONFIGURATIONS
-Port tagging (802.1q)?
Port/VLAN tagging is used to label and route packets based on their specific source and/or destination VLAN.
PORT AGGREGATION
-LACP?
Link aggregation control protocol, used to configure and manage link/port aggregation, i.e. combining separate physical ports on a router/switch as a single logical interface.
-Duplex?
Half duplex means a given connection can transmit or receive, but not at the same time. Full duplex means a given connection can transmit and receive at the same time. Half duplex connections are quite rare nowadays.
-Speed?
Transmission speed is generally measured in bps (bits per second), e.g. Gigabit Ethernet is called that because it is capable of transmitting up to 1 Gbps under the right conditions.
-Flow control?
Entails managing the transmission of data so that all destinations are able to receive and process it successfully, based on their respective capabilities in doing so. For example, a brand new high-performance webserver might be serving a web request for a fairly high-performance web app, and the client may be a fairly old computer with comparatively low processing power. Flow control will most likely be needed to ensure the client can sucessfully process the packets.
-Port mirroring?
Involves creating a copy of all traffic passing through a particular port, recreating it, and then sending it to a different port (on the same device or another) in order to analyze its contents. This process does not disrupt or otherwise affect the original port or traffic, it only allows admins to view the traffic in its entirety.
-Port security?
Refers to the security of physical ports on networking equipment, particularly switches. Port MAC address filtering is one commonly used method of ensuring that only authorized devices are able to access the network. If, for example, an unauthorized device does connect to a port, it could be configured to shut down so that the device/user isn't able to access the network, or alternatively to send alerts to admins and/or log the event. The most notable vulnerability in port security is that it relies on MAC addresses, ergo an attacker could potentially use an attack method from higher in the OSI stack.
-Jumbo frames?
Ethernet frames that are larger than 1500 bytes. Usually not supported, but networks can be configured to allow jumbo packets; they are common in SAN networks because of the sheer volume of data being processed.
-Auto MDI-X (Medium-Dependent Interface Crossover)?
802.3ab, automatically detects and configures correct signaling for network cable connections, specifically in ethernet. Before AMDI-X, a specific type of cable was needed (straight-through, crossover) based on what kinds of devices you were trying to connect.
-MAC tables?
Used by switches to associate connected devices with their corresponding switchports. This is because, within a LAN, packets are delivered based on MAC address.
-PoE/PoE+?
Power over Ethernet, allows devices to receive electrical power over ethernet cables. The cable can be used simultaneously for powering/charging the device and data transmission. PoE+ delivers higher power transmission than PoE, which allows it to support more types of devices.
-STP?
802.1d, Spanning Tree Protocol, a technology that prevents routing loops in a network. It selects a single path and then disables all others. STP selects a "root bridge", which is the switch that becomes the reference point for calculating the best paths. Switches exchange BPDUs in order to calculate the best paths. Like OSPF, STP also uses "cost".
-CSMA/CD?
Carrier Sense Multiple Access with Collision Detection, a feature of early ethernet networks that could only support half-duplex communication. It helps to avoid packet collisions, as well as detect them when they occur. It "listens" to the network for transmissions and collisions, if a collision does occur then it waits until the media are clear and then restarts the transmission.
-ARP?
This layer 2 protocol is used in ethernet to map MAC addresses to IP addresses. ARP broadcasts (technically "ARP requests") are sent out on the LAN with a particular MAC address, asking for the IP address that goes with it. All of the devices in the LAN actually keep their own ARP tables with these mappings, however the entries are cleared regularly in order to make it more dynamic.
-NDP (Neighbor Discovery Protocol)?
This is an IPv6 technology used by network devices to discover other hosts in the LAN. It basically replaces ARP and ICMP in IPv4. A neighbor relationship table gets created, RA (Router Advertisement) messages are used for discovery. Uses various ICMPv6 message types, including RAs.
802.11 STANDARDS
-a?
The successor to 802.11b, transmits at 5 GHz and supports data transfer speeds of up to 54 Mbps.
-b?
The original wireless networking standard, transmits at 2.4 GHz and supports data transfer speeds of up to 11 Mbps.
-g?
The successor to 802.11a, transmits at 2.4 GHz and supports data transfer speeds of up to 54 Mbps.
-n?
Wi-Fi 4, successor to 802.11g. Transmits in 2.4 and 5 GHz frequency bands. Can transmit at rates up to 600 Mbps. Backwards compatible with earlier standards; this standard also introduced MIMO, multiple-input multiple-output, i.e. many different data streams can be transmitted simultaneously to a single device. Supports channel bonding of adjacent channels, e.g. 20 MHz or 40 MHz wide channels.
-ac?
Wi-Fi 5, transmits mostly in the 5 GHz frequency band. Data rates are up to 1.3 to 3.5 Gbps, depending on the configuration. This standard introduced MU-MIMO, Multiple User MIMO, which means that multiple devices can receive multiple streams of data all at the same time. Uses channel bandwidths of up to 160 MHz, backwards-compatible with all of the above standards, supports beamforming.
-ax?
Wi-Fi 6, transmits at the 2.4 or 5 GHz frequency range. Data rates up to 9.6 Gbps, backwards-compatible with all of the above standards. Supports WPA3, uses OFDMA to divide channels into smaller subchannels.
FREQUENCIES AND RANGE
-2.4 GHz?
Longer wavelength means the signal reaches further and is less susceptible to signal loss, however since so many other wireless devices transmit in this frequency range, that could introduce a lot of interference.
-5 GHz?
Shorter wavelength means higher data transmission rates and shorter range. The advantage is that fewer wireless devices transmit in the 5 GHz frequency range, which means less signal interference.
CHANNELS
-Regulatory impacts?
Governments create and then enforce many regulations re. networking for security, privacy, and public access reasons. Example: governments decide which frequency bands will be used (e.g. 2.4 or 5 GHz) in order to minimize interference. Also standards for networking, e.g. 4G, 5G.
-Channel bonding?
Refers to the practice of combining separate transmission channels on an access point, e.g. channels 1 and 2. This is done in order to increase throughput, improve performance, and improve reliability. A wider channel means higher bandwidth. Channel bonding requires support from both the source and destination devices.
SSID
-Basic service set?
Refers to the assortment of devices for which a single access point is routing network traffic, including the AP.